Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.07.2010, 18:26   #1
welleonda
 
rootkit entdeckt - lösung möglich oder gleich neu aufsetzen? - Standard

rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?



Hi @all,

habe alle Anleitungen und Threads zum Thema gelesen und deswegen nur eine kurze Frage:

Ich habe mir ein rootkit eingefangen und das bei einem Scan mit Avira bemerkt. Avira meldet:

>>Die Datei 'C:\WINDOWS\system32\drivers\thkwdgds.sys'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004.
Die Quelldatei konnte nicht gefunden werden.
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '453d760d.qua' verschoben!

Würde es helfen, diesen "Treiber" einfach zu löschen?

Ein Scan mit GMER ergibt:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit quick scan 2010-07-30 18:49:12
Windows 5.1.2600 Service Pack 2
Running: gbivi19y.exe; Driver: C:\DOKUME~1\Windows\LOKALE~1\Temp\kwgdapow.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat 84F5C080

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mausklassentreiber/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] thkwdgds <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----



(Scan hier abgebrochen, wie in den Anleitungen empfohlen!) Nach allem, was ich hier gelesen habe, scheint eine Neuaufsetzung des Systems das Beste zu sein - korrekt? Oder gibt es eine andere Lösung?

Großes Board mit toller Hilfe übrigens.

Gruß und Dank,
welle

Alt 30.07.2010, 19:26   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
rootkit entdeckt - lösung möglich oder gleich neu aufsetzen? - Standard

rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?



Zitat:
scheint eine Neuaufsetzung des Systems das Beste zu sein - korrekt? Oder gibt es eine andere Lösung?
Eine Neuinstallation ist bei Befall immer das sicherste.
Man kann aber auch bereinigen wenn Du das wirklich willst.
__________________

__________________

Alt 30.07.2010, 19:30   #3
welleonda
 
rootkit entdeckt - lösung möglich oder gleich neu aufsetzen? - Standard

rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?



Hi,

bereinigen würde mich schon interessieren - hängt ein bisschen vom Aufwand ab. Was wäre da zu tun?

mfg welle
__________________

Alt 30.07.2010, 19:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
rootkit entdeckt - lösung möglich oder gleich neu aufsetzen? - Standard

rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?



Mach mal ein Logfile mit OSAM und poste es
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.07.2010, 20:01   #5
welleonda
 
rootkit entdeckt - lösung möglich oder gleich neu aufsetzen? - Standard

rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?



Hi Arne,

ich gehe mal davon aus, dass mich die Domain-Endung .ru nicht beunruhigen muss.... ;-)

Hier das Logfile:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:05:33 on 30.07.2010

OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Control Panel Objects
%SystemRoot%\system32
|||||| "FINDFAST.CPL" "Microsoft Corporation" C:\WINDOWS\system32\FINDFAST.CPL File exists
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "ISUSPM.CPL" "Macrovision Corporation" C:\WINDOWS\system32\ISUSPM.CPL File exists
|||||| "JAVACPL.CPL" "Sun Microsystems, Inc." C:\WINDOWS\system32\JAVACPL.CPL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
"AntiVir PersonalEdition Classic Konfiguration" C:\PROGRA~1\ANTIVI~1\avconfig.cpl File not found
|||||| "Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
|||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AEGIS Protocol (IEEE 802.1x) v3.1.0.1" (AegisP) "Meetinghouse Data Communications" C:\WINDOWS\System32\DRIVERS\AegisP.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
"Csintnt" (Csintnt) "COM One" C:\PROGRA~1\PCCARD~1\loader\Csintnt.sys File exists
|||||| "DNINDIS5 NDIS Protocol Driver" (DNINDIS5) "Printing Communications Assoc., Inc. (PCAUSA)" C:\WINDOWS\System32\DNINDIS5.SYS File exists
|||||| "Dritek HotKey Keyboard Filter Driver" (DKbFltr) "Dritek System Inc." C:\WINDOWS\System32\Drivers\DKbFltr.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
|||||| "NTSIM" (NTSIM) "VIA Technologies, Inc. " C:\WINDOWS\System32\ntsim.sys File exists
|||||| "Padus ASPI Shell" (pfc) "Padus, Inc." C:\WINDOWS\System32\drivers\pfc.sys File exists
"PC Card 4in1 Ethernet Network Driver" (SX456ETH) "SX456" C:\WINDOWS\System32\DRIVERS\sxethern.sys File exists
"PC Card 4in1 ISDN Controller" (Sx2api) "COM One" C:\WINDOWS\System32\DRIVERS\SX2API.sys File exists
"PC Card 4in1 Port driver" (Sx2ser) "Microsoft Corporation" C:\WINDOWS\System32\Drivers\sx2ser.sys File exists
"PC Card 4in1 WAN TAPI" (SX2TAPI) "COM One" C:\WINDOWS\System32\DRIVERS\SX2TAPI.sys File exists
|||||| "PCANDIS5 NDIS Protocol Driver" (PCANDIS5) "Printing Communications Assoc., Inc. (PCAUSA)" C:\WINDOWS\System32\PCANDIS5.SYS File exists
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
|||||| "Secdrv" (Secdrv) C:\WINDOWS\System32\DRIVERS\secdrv.sys File signed by Microsoft | File found, but it contains no detailed information
|||||| "SMC SMC WirelessUSB(SMC2662W)(R) Service for SMC EZ Connect Wireless USB Adapter(SMC2662W)" (SMCSMC WirelessUSB(SMC2662W)(R)) "ATMEL" C:\WINDOWS\System32\DRIVERS\Net62151.sys File exists
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
"SX128 X75" (Sx2prot) "Atlantic Network Systems" C:\WINDOWS\System32\DRIVERS\sx2prot.sys File exists
"thkwdgds" (thkwdgds) C:\WINDOWS\system32\drivers\thkwdgds.sys Hidden registry entry, rootkit activity | File not found
|||||| "Upper Class Filter Driver" (NTIDrvr) "NewTech Infosystems, Inc." C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys File exists
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
|||||| "WIDCOMM USB Bluetooth Driver" (BTWUSB) C:\WINDOWS\System32\Drivers\btwusb.sys File exists
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Programme\Windows Live\Mail\mailcomm.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Carpetas Web" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Programme\Windows Live\Mail\mailcomm.dll File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" C:\Programme\Illustrate\dBpowerAMP\dBShell.dll File exists
|||||| {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" C:\Programme\Illustrate\dBpowerAMP\dMCShell.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Extensión de iconos de archivo de Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL File exists
|||||| {B28C18DB-6816-4F31-9630-397683E3C2C3} "Filzip Shell Extension" C:\Programme\Filzip\fzshext.dll File exists
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Programme\iTunes\iTunesMiniPlayer.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" File not found | COM-object registry key not found
|||||| {BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office\soa800.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL File exists
|||||| {59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Sammelmappen-Teiler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office\UNBIND.DLL File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists
|||||| {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." C:\Programme\Real\RealOne Player\rpshell.dll File exists
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" "Microsoft Corporation" C:\WINDOWS\System32\XPSSHHDR.DLL File exists
|||||| {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" "Microsoft Corporation" C:\WINDOWS\System32\XPSSHHDR.DLL File exists
Internet Explorer
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|| {3BFFE033-BF43-11D5-A271-00A024A51325} "iNotes6 Class"
https://web-mail.dw-world.de/iNotes6W.cab "IBM Corporation" C:\WINDOWS\Downloaded Program Files\inotes6W.dll File exists
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
|||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
Microsoft XML Parser for Java "Microsoft XML Parser for Java"
file://C:\WINDOWS\Java\classes\xmldso.cab File not found | COM-object registry key not found
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx File exists
{33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}"
hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB File not found | COM-object registry key not found
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} "ClsidExtension" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Referencia" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" "Adobe Systems Incorporated" C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists
|||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists
|||| {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\ssv.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" File not found | COM-object registry key not found
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||| "Adobe Reader - Schnellstart.lnk" "Adobe Systems Incorporated" C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe Shortcut exists | File exists
|||||| "DESKTOP.INI" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI File exists
"Escritorio movistar.lnk" "TID" C:\Programme\Telefónica Móviles\Escritorio movistar\EMS.exe Shortcut exists | File exists
"NETGEAR WAG511 Smart Wizard.lnk" "NETGEAR" C:\Programme\NETGEAR\WAG511 Configuration Utility\wlancfg3.exe Shortcut exists | File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "DESKTOP.INI" C:\Dokumente und Einstellungen\Windows\Startmenü\Programme\Autostart\DESKTOP.INI File exists
"EZ Connect Wireless USB Utility.lnk" "ATMEL" C:\Programme\SMC\EZ Connect Wireless USB\WlanMonitor.exe Shortcut exists | File exists
|||| "HotSync Manager.lnk" "Palm, Inc." C:\Programme\palmOne\HOTSYNC.EXE Shortcut exists | File exists
"Microsoft-Indexerstellung.lnk" "Microsoft Corporation" C:\Programme\Microsoft Office\Office\FINDFAST.EXE Shortcut exists | File exists
|||| "Office-Start.lnk" C:\Programme\Microsoft Office\Office\OSA.EXE Shortcut exists | File exists
|| "PowerReg Scheduler.exe" C:\Dokumente und Einstellungen\Windows\Startmenü\Programme\Autostart\PowerReg Scheduler.exe File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "PC Suite Tray" "Nokia" "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File exists
|||||| "SpybotSD TeaTimer" "Safer-Networking Ltd." C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "AppleSyncNotifier" "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File exists
|||||| "avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
"Camera Detector" "ACD Systems, Ltd." C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun File exists
|||| "iTunesHelper" "Apple Inc." "C:\Programme\iTunes\iTunesHelper.exe" File exists
|||| "LaunchApp" "Acer Inc." Alaunch File exists
|||| "LManager" "Dritek System Inc." C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE File exists
|||| "NeroFilterCheck" "Ahead Software Gmbh" C:\WINDOWS\system32\NeroCheck.exe File exists
|||| "OpwareSE4" "Nuance Communications, Inc." "C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe" File exists
|||| "QuickTime Task" "Apple Inc." "C:\Programme\QuickTime\QTTask.exe" -atboottime File exists
|||| "RoxWatchTray" "Sonic Solutions" "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" File exists
|||| "SSBkgdUpdate" "Nuance Communications, Inc." "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot File exists
"SunJavaUpdateSched" "C:\Programme\Java\jre6\bin\jusched.exe" File not found
"SXCPL" "COM One" SXCPL.EXE File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Canon BJ Language Monitor S330" "CANON INC." C:\WINDOWS\system32\CNMLM45.DLL File exists
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
"Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Programme\Bonjour\mDNSResponder.exe File exists
"Bytemobile Web Configurator" (bmwebcfg) "Bytemobile, Inc." C:\WINDOWS\System32\bmwebcfg.exe File exists
|||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Programme\iPod\bin\iPodService.exe File exists
|||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists
|||||| "LiveShare P2P Server 9" (RoxLiveShare9) "Sonic Solutions" C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Roxio Hard Drive Watcher 9" (RoxWatch9) "Sonic Solutions" C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe File exists
|||||| "Roxio UPnP Renderer 9" (Roxio UPnP Renderer 9) "Sonic Solutions" C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe File exists
|||||| "Roxio Upnp Server 9" (Roxio Upnp Server 9) "Sonic Solutions" C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe File exists
|||||| "RoxMediaDB9" (RoxMediaDB9) "Sonic Solutions" C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Programme\PC Connectivity Solution\ServiceLayer.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Programme\Bonjour\mdnsNSP.dll File exists
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
"BMI over [MSAFD Tcpip [RAW/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists
"BMI over [MSAFD Tcpip [TCP/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists
"BMI over [MSAFD Tcpip [UDP/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Alt 30.07.2010, 20:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
rootkit entdeckt - lösung möglich oder gleich neu aufsetzen? - Standard

rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?



Zitat:
"thkwdgds" (thkwdgds) C:\WINDOWS\system32\drivers\thkwdgds.sys Hidden registry entry, rootkit activity | File not found
Da isser. Bitte mit OSAM deaktivieren und löschen
__________________
--> rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?

Alt 30.07.2010, 22:17   #7
welleonda
 
rootkit entdeckt - lösung möglich oder gleich neu aufsetzen? - Standard

rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?



Hi Arne,

das sieht gut aus jetzt, glaube ich - danke für die geniale Hilfe. Hier kommt jetzt das frische OSAM-Logfile nach Abarbeiten aller Anleitungen:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:24:16 on 30.07.2010

OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Control Panel Objects
%SystemRoot%\system32
|||||| "FINDFAST.CPL" "Microsoft Corporation" C:\WINDOWS\system32\FINDFAST.CPL File exists
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "ISUSPM.CPL" "Macrovision Corporation" C:\WINDOWS\system32\ISUSPM.CPL File exists
|||||| "JAVACPL.CPL" "Sun Microsystems, Inc." C:\WINDOWS\system32\JAVACPL.CPL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
"AntiVir PersonalEdition Classic Konfiguration" C:\PROGRA~1\ANTIVI~1\avconfig.cpl File not found
|||||| "Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "NokiaConnectionManager" "Nokia" C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL File exists
|||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AEGIS Protocol (IEEE 802.1x) v3.1.0.1" (AegisP) "Meetinghouse Data Communications" C:\WINDOWS\System32\DRIVERS\AegisP.sys File exists
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
"Csintnt" (Csintnt) "COM One" C:\PROGRA~1\PCCARD~1\loader\Csintnt.sys File exists
|||||| "DNINDIS5 NDIS Protocol Driver" (DNINDIS5) "Printing Communications Assoc., Inc. (PCAUSA)" C:\WINDOWS\System32\DNINDIS5.SYS File exists
|||||| "Dritek HotKey Keyboard Filter Driver" (DKbFltr) "Dritek System Inc." C:\WINDOWS\System32\Drivers\DKbFltr.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
|||||| "NTSIM" (NTSIM) "VIA Technologies, Inc. " C:\WINDOWS\System32\ntsim.sys File exists
|||||| "Padus ASPI Shell" (pfc) "Padus, Inc." C:\WINDOWS\System32\drivers\pfc.sys File exists
"PC Card 4in1 Ethernet Network Driver" (SX456ETH) "SX456" C:\WINDOWS\System32\DRIVERS\sxethern.sys File exists
"PC Card 4in1 ISDN Controller" (Sx2api) "COM One" C:\WINDOWS\System32\DRIVERS\SX2API.sys File exists
"PC Card 4in1 Port driver" (Sx2ser) "Microsoft Corporation" C:\WINDOWS\System32\Drivers\sx2ser.sys File exists
"PC Card 4in1 WAN TAPI" (SX2TAPI) "COM One" C:\WINDOWS\System32\DRIVERS\SX2TAPI.sys File exists
|||||| "PCANDIS5 NDIS Protocol Driver" (PCANDIS5) "Printing Communications Assoc., Inc. (PCAUSA)" C:\WINDOWS\System32\PCANDIS5.SYS File exists
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
|||||| "Secdrv" (Secdrv) C:\WINDOWS\System32\DRIVERS\secdrv.sys File signed by Microsoft | File found, but it contains no detailed information
|||||| "SMC SMC WirelessUSB(SMC2662W)(R) Service for SMC EZ Connect Wireless USB Adapter(SMC2662W)" (SMCSMC WirelessUSB(SMC2662W)(R)) "ATMEL" C:\WINDOWS\System32\DRIVERS\Net62151.sys File exists
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
"SX128 X75" (Sx2prot) "Atlantic Network Systems" C:\WINDOWS\System32\DRIVERS\sx2prot.sys File exists
|||||| "Upper Class Filter Driver" (NTIDrvr) "NewTech Infosystems, Inc." C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys File exists
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
|||||| "WIDCOMM USB Bluetooth Driver" (BTWUSB) C:\WINDOWS\System32\Drivers\btwusb.sys File exists
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "livecall" "Microsoft Corporation" C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File exists
|||| {828030A1-22C1-4009-854F-8E305202313F} "msnim" "Microsoft Corporation" C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL File exists
|||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Programme\Windows Live\Mail\mailcomm.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Carpetas Web" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists
|||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Programme\Windows Live\Mail\mailcomm.dll File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" C:\Programme\Illustrate\dBpowerAMP\dBShell.dll File exists
|||||| {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" C:\Programme\Illustrate\dBpowerAMP\dMCShell.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Extensión de iconos de archivo de Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL File exists
|||||| {B28C18DB-6816-4F31-9630-397683E3C2C3} "Filzip Shell Extension" C:\Programme\Filzip\fzshext.dll File exists
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Programme\iTunes\iTunesMiniPlayer.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" File not found | COM-object registry key not found
|||||| {BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office\soa800.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL File exists
|||||| {59850401-6664-101B-B21C-00AA004BA90B} "Microsoft Office Sammelmappen-Teiler" "Microsoft Corporation" C:\Programme\Microsoft Office\Office\UNBIND.DLL File exists
|||||| {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" "Nokia" C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll File exists
|||||| {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." C:\Programme\Real\RealOne Player\rpshell.dll File exists
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" "Microsoft Corporation" C:\WINDOWS\System32\XPSSHHDR.DLL File exists
|||||| {44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" "Microsoft Corporation" C:\WINDOWS\System32\XPSSHHDR.DLL File exists
Internet Explorer
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|| {3BFFE033-BF43-11D5-A271-00A024A51325} "iNotes6 Class"
https://web-mail.dw-world.de/iNotes6W.cab "IBM Corporation" C:\WINDOWS\Downloaded Program Files\inotes6W.dll File exists
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
|||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
Microsoft XML Parser for Java "Microsoft XML Parser for Java"
file://C:\WINDOWS\Java\classes\xmldso.cab File not found | COM-object registry key not found
|||||| {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"
hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab "Adobe Systems, Inc." C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx File exists
{33564D57-0000-0010-8000-00AA00389B71} "{33564D57-0000-0010-8000-00AA00389B71}"
hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB File not found | COM-object registry key not found
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} "ClsidExtension" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Referencia" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" "Adobe Systems Incorporated" C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists
|||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists
|||| {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\ssv.dll File exists
|||||| {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File exists
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" File not found | COM-object registry key not found
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||| "Adobe Reader - Schnellstart.lnk" "Adobe Systems Incorporated" C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe Shortcut exists | File exists
|||||| "DESKTOP.INI" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI File exists
"Escritorio movistar.lnk" "TID" C:\Programme\Telefónica Móviles\Escritorio movistar\EMS.exe Shortcut exists | File exists
"NETGEAR WAG511 Smart Wizard.lnk" "NETGEAR" C:\Programme\NETGEAR\WAG511 Configuration Utility\wlancfg3.exe Shortcut exists | File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "DESKTOP.INI" C:\Dokumente und Einstellungen\Windows\Startmenü\Programme\Autostart\DESKTOP.INI File exists
"EZ Connect Wireless USB Utility.lnk" "ATMEL" C:\Programme\SMC\EZ Connect Wireless USB\WlanMonitor.exe Shortcut exists | File exists
|||| "HotSync Manager.lnk" "Palm, Inc." C:\Programme\palmOne\HOTSYNC.EXE Shortcut exists | File exists
"Microsoft-Indexerstellung.lnk" "Microsoft Corporation" C:\Programme\Microsoft Office\Office\FINDFAST.EXE Shortcut exists | File exists
|||| "Office-Start.lnk" C:\Programme\Microsoft Office\Office\OSA.EXE Shortcut exists | File exists
|| "PowerReg Scheduler.exe" C:\Dokumente und Einstellungen\Windows\Startmenü\Programme\Autostart\PowerReg Scheduler.exe File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "PC Suite Tray" "Nokia" "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File exists
|||||| "SpybotSD TeaTimer" "Safer-Networking Ltd." C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "AppleSyncNotifier" "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File exists
|||||| "avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
"Camera Detector" "ACD Systems, Ltd." C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun File exists
|||| "iTunesHelper" "Apple Inc." "C:\Programme\iTunes\iTunesHelper.exe" File exists
|||| "LaunchApp" "Acer Inc." Alaunch File exists
|||| "LManager" "Dritek System Inc." C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE File exists
|||| "NeroFilterCheck" "Ahead Software Gmbh" C:\WINDOWS\system32\NeroCheck.exe File exists
|||| "OpwareSE4" "Nuance Communications, Inc." "C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe" File exists
|||| "QuickTime Task" "Apple Inc." "C:\Programme\QuickTime\QTTask.exe" -atboottime File exists
|||| "RoxWatchTray" "Sonic Solutions" "C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" File exists
|||| "SSBkgdUpdate" "Nuance Communications, Inc." "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot File exists
"SunJavaUpdateSched" "C:\Programme\Java\jre6\bin\jusched.exe" File not found
"SXCPL" "COM One" SXCPL.EXE File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Canon BJ Language Monitor S330" "CANON INC." C:\WINDOWS\system32\CNMLM45.DLL File exists
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
"Anwendungsverwaltung" (AppMgmt) C:\WINDOWS\System32\appmgmts.dll File not found
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Programme\Bonjour\mDNSResponder.exe File exists
"Bytemobile Web Configurator" (bmwebcfg) "Bytemobile, Inc." C:\WINDOWS\System32\bmwebcfg.exe File exists
|||| "InstallDriver Table Manager" (IDriverT) "Macrovision Corporation" C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Programme\iPod\bin\iPodService.exe File exists
|||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists
|||||| "LiveShare P2P Server 9" (RoxLiveShare9) "Sonic Solutions" C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Roxio Hard Drive Watcher 9" (RoxWatch9) "Sonic Solutions" C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe File exists
|||||| "Roxio UPnP Renderer 9" (Roxio UPnP Renderer 9) "Sonic Solutions" C:\Programme\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe File exists
|||||| "Roxio Upnp Server 9" (Roxio Upnp Server 9) "Sonic Solutions" C:\Programme\Roxio\Digital Home 9\RoxioUpnpService9.exe File exists
|||||| "RoxMediaDB9" (RoxMediaDB9) "Sonic Solutions" C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe File exists
|||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Programme\PC Connectivity Solution\ServiceLayer.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Programme\Bonjour\mdnsNSP.dll File exists
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
"BMI over [MSAFD Tcpip [RAW/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists
"BMI over [MSAFD Tcpip [TCP/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists
"BMI over [MSAFD Tcpip [UDP/IP]]" "Bytemobile, Inc." C:\WINDOWS\system32\bmnet.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Antwort

Themen zu rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?
aufsetzen, avira, boot, datei, fehler, frage, gmer, ics, löschen, lösung, microsoft, namen, neu, neu aufsetzen, neuaufsetzung, nicht gefunden, programm, quelldatei, rootkit, rootkit gmer, scan, system, system32, temp, treiber, trojan, virus, windows



Ähnliche Themen: rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?


  1. Keylogger. PC neu aufsetzen, oder Virenprogramme?
    Diskussionsforum - 09.09.2015 (3)
  2. Rootkit.Boot.Sinowal.b entdeckt!
    Plagegeister aller Art und deren Bekämpfung - 22.06.2015 (26)
  3. Win7 auf neuer Festplatte neu aufsetzen - Parallelbetrieb mit altem System möglich?
    Alles rund um Windows - 08.11.2014 (1)
  4. WIN 8.1 vorinstallierte Apps und McAfee löschen oder gleich WIN 7?
    Überwachung, Datenschutz und Spam - 25.09.2014 (5)
  5. - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (13)
  6. E:(usbstick)\Recycler\6dc09d8d.exe | Entfernen oder Lösung?
    Plagegeister aller Art und deren Bekämpfung - 15.11.2012 (1)
  7. Nach Programminstallation Neu Aufsetzen nicht problemlos möglich
    Alles rund um Windows - 01.04.2012 (4)
  8. EXP\JAVA.NIABIL.GEN Exploit oder Trojaner oder beides - Lösung ?
    Log-Analyse und Auswertung - 29.02.2012 (1)
  9. rootkit.mbr durch HJT entdeckt, was nun?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (2)
  10. Hilfe...Rootkit entdeckt...bitte nachschauen
    Log-Analyse und Auswertung - 16.08.2009 (12)
  11. Windows neu aufsetzen nicht möglich.
    Alles rund um Windows - 21.04.2009 (8)
  12. XP - Neu aufsetzen nicht möglich
    Alles rund um Windows - 15.04.2008 (1)
  13. Systembereinigung oder gleich formatieren? - Eine Grundsatzdiskussion...
    Diskussionsforum - 24.07.2007 (190)
  14. Reparieren oder neu aufsetzen???
    Log-Analyse und Auswertung - 02.04.2006 (2)
  15. Geplänkel zum Thread: Systembereinigung oder gleich formatieren? - Eine Grundsatzdiskussion...
    Mülltonne - 10.10.2005 (7)
  16. Geplänkel zu Systembereinigung oder gleich formatieren?
    Mülltonne - 22.08.2005 (8)
  17. fixen oder gleich plattmachen?
    Log-Analyse und Auswertung - 01.12.2004 (2)

Zum Thema rootkit entdeckt - lösung möglich oder gleich neu aufsetzen? - Hi @all, habe alle Anleitungen und Threads zum Thema gelesen und deswegen nur eine kurze Frage: Ich habe mir ein rootkit eingefangen und das bei einem Scan mit Avira bemerkt. - rootkit entdeckt - lösung möglich oder gleich neu aufsetzen?...
Archiv
Du betrachtest: rootkit entdeckt - lösung möglich oder gleich neu aufsetzen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.