Trojaner TR/Agent.843776.22 als treiber dnjfrx.sys getarnt...wie löschen?

michaelberli · 03.11.2010, 20:10

GMER LOGFILE:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-11-03 19:53:51
Windows 6.0.6002 Service Pack 2
Running: h4cle87x.exe; Driver: C:\Users\MICHAE~1\AppData\Local\Temp\fglyiaow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                             section is writeable [0x8FA02000, 0x24DE54, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74287817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [742DA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [7428BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [7427F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [742875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7427E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [742B8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [7428DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [7427FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [7427FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [742771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7430CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [742AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [7427D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74276853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [7427687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2400] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [74282AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fb4849e                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214fbed5a9                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433e86761                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433e86761@001b635e192d             0xB8 0x5A 0x14 0x70 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002433e86761@0017e3add5ee             0xA0 0xC2 0x2C 0x98 ...
Reg             HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\00214fb4849e (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\00214fbed5a9 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\002433e86761 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\002433e86761@001b635e192d                 0xB8 0x5A 0x14 0x70 ...
Reg             HKLM\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\002433e86761@0017e3add5ee                 0xA0 0xC2 0x2C 0x98 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM LOGFILE:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:01:47 on 03.11.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\CoFi2489C\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"Conexant Setup API" (UIUSys) - ? - C:\Windows\System32\DRIVERS\UIUSYS.SYS  (File not found)
"fglyiaow" (fglyiaow) - ? - C:\Users\MICHAE~1\AppData\Local\Temp\fglyiaow.sys  (Hidden registry entry, rootkit activity | File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"regi" (regi) - "InterVideo" - C:\Windows\system32\drivers\regi.sys
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJ Language Monitor iP4300" - "CANON INC." - C:\Windows\system32\CNMLM86.DLL
"Z700-P700 Series Port" - " " - C:\Windows\system32\lxbllmpm.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Active File Monitor V7" (AdobeActiveFileMonitor7.0) - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"CamMonitor" (uCamMonitor) - "ArcSoft, Inc." - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"lxbl_device" (lxbl_device) - " " - C:\Windows\system32\lxblcoms.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\sony\Network Utility\NSUService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
"VAIO Content Folder Watcher" (VCFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
"VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
"VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
"VAIO Media plus Content Importer" (SOHCImp) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
"VAIO Media plus Database Manager" (SOHDBSvr) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
"VAIO Media plus Device Searcher" (SOHDs) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
"VAIO Media plus Digital Media Server" (SOHDms) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
"VAIO Media plus Playlist Manager" (SOHPlMgr) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
"VUAgent" (VUAgent) - ? - "C:\Program Files\sony\VAIO Update 5\VUAgent.exe"  (File not found)

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBERCHECKLOGFILE:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-FW41M_H
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 156):
0x8323A000 \SystemRoot\system32\ntkrnlpa.exe
0x83207000 \SystemRoot\system32\hal.dll
0x8040C000 \SystemRoot\system32\kdcom.dll
0x80413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80483000 \SystemRoot\system32\PSHED.dll
0x80494000 \SystemRoot\system32\BOOTVID.dll
0x8049C000 \SystemRoot\system32\CLFS.SYS
0x804DD000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\acpi.sys
0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
0x8071E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80721000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072B000 \SystemRoot\system32\drivers\volmgr.sys
0x8073A000 \SystemRoot\System32\drivers\volmgrx.sys
0x80784000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B204000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B2D2000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B304000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B314000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B31E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B407000 \SystemRoot\system32\drivers\ndis.sys
0x8B512000 \SystemRoot\system32\drivers\msrpc.sys
0x8B53D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B607000 \SystemRoot\System32\drivers\tcpip.sys
0x8B6F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B80A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B91A000 \SystemRoot\system32\drivers\volsnap.sys
0x8B953000 \SystemRoot\System32\Drivers\spldr.sys
0x8B95B000 \SystemRoot\System32\Drivers\mup.sys
0x8B96A000 \SystemRoot\System32\drivers\ecache.sys
0x8B991000 \SystemRoot\system32\drivers\disk.sys
0x8B9A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B9C3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B9D9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B9E4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8FA01000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8FE6E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FF0F000 \SystemRoot\System32\drivers\watchdog.sys
0x8FF1B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FFA8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FFB3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FFF1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90008000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x90390000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x903DC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x903EC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B9ED000 \SystemRoot\system32\DRIVERS\risdptsk.sys
0x8B7DA000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8B578000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B7F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B58B000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8B5B7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x903FA000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8B5C2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8B5DA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B800000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B38F000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8B3AE000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x80794000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B5E9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B3DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B5F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x805BD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805CC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90405000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90415000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90417000 \SystemRoot\system32\DRIVERS\ks.sys
0x90441000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9044B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90458000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9048D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9049E000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x904C2000 \SystemRoot\system32\drivers\portcls.sys
0x904EF000 \SystemRoot\system32\drivers\drmk.sys
0x91009000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9122F000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x9126C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x90514000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x9136F000 \SystemRoot\system32\drivers\modem.sys
0x9137C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91385000 \SystemRoot\System32\Drivers\Null.SYS
0x9138C000 \SystemRoot\System32\Drivers\Beep.SYS
0x91393000 \SystemRoot\System32\drivers\vga.sys
0x9139F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x913C0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x913C8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x913D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x913DB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x913E9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x905C8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x905DE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x913F2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91603000 \SystemRoot\system32\DRIVERS\smb.sys
0x91617000 \SystemRoot\System32\Drivers\usbvideo.sys
0x91638000 \SystemRoot\system32\drivers\afd.sys
0x91680000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x91689000 \SystemRoot\System32\DRIVERS\netbt.sys
0x916BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x916D1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x916DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x916F2000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x916F8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91734000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9173E000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x9173F000 \SystemRoot\System32\Drivers\dfsc.sys
0x91756000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91778000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B70C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x91785000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9178E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9179E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x99CF0000 \SystemRoot\System32\win32k.sys
0x917A5000 \SystemRoot\System32\drivers\Dxapi.sys
0x917AF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x917B7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99F10000 \SystemRoot\System32\TSDDD.dll
0x99F30000 \SystemRoot\System32\cdd.dll
0x917C6000 \SystemRoot\system32\drivers\luafv.sys
0x917E1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x81005000 \SystemRoot\system32\drivers\spsys.sys
0x810B5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x810C5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x810EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x810F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8110C000 \SystemRoot\system32\drivers\HTTP.sys
0x81179000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81196000 \SystemRoot\system32\DRIVERS\bowser.sys
0x811AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x811C4000 \SystemRoot\system32\drivers\mrxdav.sys
0x82206000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x82225000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8225E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x82276000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8229E000 \SystemRoot\System32\DRIVERS\srv.sys
0x82304000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0x82394000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9CA05000 \SystemRoot\system32\drivers\peauth.sys
0x9CAE3000 \??\C:\Windows\system32\drivers\regi.sys
0x9CAE5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CAEF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CAFB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9CB10000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9CB22000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9CB2A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9CB48000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9CB5D000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9CB85000 \??\C:\Users\MICHAE~1\AppData\Local\Temp\fglyiaow.sys
0x773C0000 \Windows\System32\ntdll.dll

Processes (total 86):
0 System Idle Process
4 System
580 C:\Windows\System32\smss.exe
648 csrss.exe
712 C:\Windows\System32\wininit.exe
720 csrss.exe
756 C:\Windows\System32\services.exe
776 C:\Windows\System32\lsass.exe
784 C:\Windows\System32\lsm.exe
936 C:\Windows\System32\winlogon.exe
964 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\Ati2evxx.exe
1196 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\audiodg.exe
1392 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\SLsvc.exe
1444 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\svchost.exe
1848 C:\Windows\System32\spoolsv.exe
1876 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1884 C:\Windows\System32\wlanext.exe
1896 C:\Windows\System32\svchost.exe
436 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
524 C:\Windows\System32\Ati2evxx.exe
748 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
780 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1172 C:\Program Files\Bonjour\mDNSResponder.exe
1400 C:\Windows\System32\svchost.exe
1564 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1588 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1660 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
520 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2176 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2364 C:\Windows\System32\dwm.exe
2400 C:\Windows\explorer.exe
2504 C:\Windows\System32\taskeng.exe
2768 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2784 C:\Windows\System32\lxblcoms.exe
2936 C:\Program Files\Apoint\Apoint.exe
2956 C:\Program Files\sony\ISB Utility\ISBMgr.exe
2968 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3064 C:\Program Files\iTunes\iTunesHelper.exe
3084 C:\Program Files\sony\Network Utility\LANUtil.exe
3220 C:\Program Files\sony\Network Utility\NSUService.exe
3360 C:\Windows\System32\svchost.exe
3376 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3392 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
3432 C:\Windows\System32\svchost.exe
3480 C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
3492 C:\Program Files\sony\VAIO Event Service\VESMgr.exe
3556 C:\Program Files\sony\VAIO Power Management\SPMService.exe
3612 dllhost.exe
3716 C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
3824 dllhost.exe
4012 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
4024 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
4048 C:\Windows\System32\svchost.exe
4076 C:\Windows\System32\SearchIndexer.exe
2440 C:\Windows\System32\drivers\XAudio.exe
1736 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
2980 WUDFHost.exe
3056 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
2648 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
1484 C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
4584 WmiPrvSE.exe
4984 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
5024 C:\Program Files\sony\VAIO Power Management\SPMgr.exe
5204 C:\Program Files\iPod\bin\iPodService.exe
5508 C:\Program Files\Apoint\ApMsgFwd.exe
5664 C:\Program Files\Apoint\ApntEx.exe
4832 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
328 C:\Program Files\Windows Media Player\wmpnscfg.exe
4000 C:\Program Files\Windows Media Player\wmpnetwk.exe
5368 C:\Windows\System32\wuauclt.exe
5172 C:\Windows\servicing\TrustedInstaller.exe
2104 C:\Windows\System32\svchost.exe
5964 C:\Windows\System32\SearchProtocolHost.exe
5324 C:\Windows\System32\SearchFilterHost.exe
3588 dllhost.exe
4156 dllhost.exe
3692 G:\MBRCheck.exe
1500 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`39800000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001A

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Trojaner TR/Agent.843776.22 als treiber dnjfrx.sys getarnt...wie löschen?

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Agent.843776.22 als treiber dnjfrx.sys getarnt...wie löschen?

Trojaner TR/Agent.843776.22 als treiber dnjfrx.sys getarnt...wie löschen?

Ähnliche Themen: Trojaner TR/Agent.843776.22 als treiber dnjfrx.sys getarnt...wie löschen?