| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus BackdoorWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.12.2010, 20:55
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Virus Backdoor Starte den PC neu und probier es nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.12.2010, 13:15
| #17 |
| Gesperrt | Virus Backdoor Habe jetzt 5 mal versucht combofix zu starten und jedes mal stürtzt mein Computer ab und es kommt der Blaue Bildschirm der hat bestimmt auch ihrgendwas mit dem Virus zutun
__________________ |
|
25.12.2010, 00:48
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus Backdoor Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ |
|
25.12.2010, 02:33
| #19 |
| Gesperrt | Virus Backdoor GMER SCAN: GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit scan 2010-12-25 02:32:15 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 WDC_WD32 rev.01.0 Running: 2i7u4xjx.exe; Driver: C:\Users\hannes\AppData\Local\Temp\ugrcipow.sys ---- System - GMER 1.0.15 ---- INT 0x52 ? 874AFF00 INT 0x82 ? 85FE2BF8 INT 0x92 ? 85FE3BF8 INT 0xA2 ? 85FE3BF8 INT 0xB3 ? 874AFF00 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spqr.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 8B78341B 5 Bytes JMP 874AF4E0 .text abl8ojoj.SYS 90B03000 22 Bytes [82, 03, 62, 82, 6C, 02, 62, ...] .text abl8ojoj.SYS 90B03017 181 Bytes [00, 32, 87, D9, 82, 3D, 85, ...] .text abl8ojoj.SYS 90B030CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...] .text abl8ojoj.SYS 90B030DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...] .text abl8ojoj.SYS 90B030E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...] .text ... .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA2AC7300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA2B0A300, 0x1BEE, 0xE8000020] pnidata C:\Windows\System32\Drivers\secdrv.SYS unknown last section [0xA4A12F00, 0x24000, 0x48000000] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 776C4D34 5 Bytes JMP 009C000A .text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 776C5674 5 Bytes JMP 009D000A .text C:\Windows\system32\svchost.exe[1124] ntdll.dll!KiUserExceptionDispatcher 776C5DC8 5 Bytes JMP 0097000A .text C:\Windows\system32\svchost.exe[1124] ole32.dll!CoCreateInstance 76749F3E 5 Bytes JMP 00DB000A .text C:\Windows\system32\svchost.exe[1124] USER32.dll!GetCursorPos 762D0B88 5 Bytes JMP 0095000A .text C:\Windows\Explorer.EXE[3136] ntdll.dll!NtProtectVirtualMemory 776C4D34 5 Bytes JMP 008A000A .text C:\Windows\Explorer.EXE[3136] ntdll.dll!NtWriteVirtualMemory 776C5674 5 Bytes JMP 0099000A .text C:\Windows\Explorer.EXE[3136] ntdll.dll!KiUserExceptionDispatcher 776C5DC8 5 Bytes JMP 0086000A ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82C8E6D6] \SystemRoot\System32\Drivers\spqr.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82C8E042] \SystemRoot\System32\Drivers\spqr.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82C8E800] \SystemRoot\System32\Drivers\spqr.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82C8E0C0] \SystemRoot\System32\Drivers\spqr.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82C8E13E] \SystemRoot\System32\Drivers\spqr.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82C9DE9C] \SystemRoot\System32\Drivers\spqr.sys IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortNotification] CC358B04 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortWritePortUchar] 8390B28F IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F90B260 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortStallExecution] 54771129 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortRequestCallback] [8B55CC00] \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortInitialize] B18D0502 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8 IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7444A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74428395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7447CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7441C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 85FE91F8 Device \Driver\sptd \Device\2320267322 spqr.sys Device \Driver\volmgr \Device\VolMgrControl 85FE51F8 Device \Driver\usbohci \Device\USBPDO-0 87527500 Device \Driver\usbehci \Device\USBPDO-1 87497500 Device \Driver\volmgr \Device\HarddiskVolume1 85FE51F8 Device \Driver\volmgr \Device\HarddiskVolume2 85FE51F8 Device \Driver\cdrom \Device\CdRom0 876201F8 Device \Driver\nvstor32 \Device\00000059 85FE81F8 Device \Driver\USBSTOR \Device\00000065 8876E1F8 Device \Driver\volmgr \Device\HarddiskVolume3 85FE51F8 Device \Driver\cdrom \Device\CdRom1 876201F8 Device \Driver\atapi \Device\Ide\IdePort0 85FE71F8 Device \Driver\atapi \Device\Ide\IdePort1 85FE71F8 Device \Driver\volmgr \Device\HarddiskVolume4 85FE51F8 Device \Driver\netbt \Device\NetBT_Tcpip_{D59A61CF-2D8B-4DE7-B383-8AD9D9114525} 886621F8 Device \Driver\volmgr \Device\HarddiskVolume5 85FE51F8 Device \Driver\USBSTOR \Device\00000068 8876E1F8 Device \Driver\volmgr \Device\HarddiskVolume6 85FE51F8 Device \Driver\USBSTOR \Device\00000069 8876E1F8 Device \Driver\volmgr \Device\HarddiskVolume7 85FE51F8 Device \Driver\netbt \Device\NetBt_Wins_Export 886621F8 Device \Driver\PCI_PNP1316 \Device\0000004b spqr.sys Device \Driver\Smb \Device\NetbiosSmb 880471F8 Device \Driver\nvstor32 \Device\RaidPort0 85FE81F8 Device \Driver\iScsiPrt \Device\RaidPort1 874B11F8 Device \Driver\USBSTOR \Device\0000006a 8876E1F8 Device \Driver\USBSTOR \Device\0000006b 8876E1F8 Device \Driver\USBSTOR \Device\0000006c 8876E1F8 Device \Driver\usbohci \Device\USBFDO-0 87527500 Device \Driver\USBSTOR \Device\0000006d 8876E1F8 Device \Driver\usbehci \Device\USBFDO-1 87497500 Device \Driver\abl8ojoj \Device\Scsi\abl8ojoj1Port4Path0Target0Lun0 876231F8 Device \Driver\abl8ojoj \Device\Scsi\abl8ojoj1 876231F8 Device \FileSystem\cdfs \Cdfs 88E6F1F8 Device \Device\00000058 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22B4A#4&119ff274&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x8D 0x38 0xE0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xFE 0x9B 0xCF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x81 0x67 0x55 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x8D 0x38 0xE0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xFE 0x9B 0xCF ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x81 0x67 0x55 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x8D 0x38 0xE0 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xFE 0x9B 0xCF ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x81 0x67 0x55 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ |
|
25.12.2010, 02:38
| #20 |
| Gesperrt | Virus Backdoor Hier Der OSAM Scan : OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 02:37:27 on 25.12.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.13 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Norton Internet Security - Systemprüfung ausführen - *****.job" - ? - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe (File not found) "DMEPeriodicTask.job" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "abl8ojoj" (abl8ojoj) - "Microsoft Corporation" - C:\Windows\system32\drivers\abl8ojoj.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "bdfsfltr" (bdfsfltr) - "SOFTWIN S.R.L." - C:\Windows\System32\DRIVERS\bdfsfltr.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "hwinterface" (hwinterface) - "Logix4u" - C:\Windows\System32\Drivers\hwinterface.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\1E89.tmp (File not found) "NetworkX" (NetworkX) - ? - C:\Windows\system32\ckldrv.sys (File found, but it contains no detailed information) "PnkBstrK" (PnkBstrK) - ? - C:\Windows\system32\drivers\PnkBstrK.sys (File found, but it contains no detailed information) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "Security Driver" (secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\Windows\system32\drivers\secdrv.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "ugrcipow" (ugrcipow) - ? - C:\Users\*****\AppData\Local\Temp\ugrcipow.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "linkscanner" - ? - (File not found | COM-object registry key not found) {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll (File found, but it contains no detailed information) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? - (File not found | COM-object registry key not found) <binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? - (File not found | COM-object registry key not found) <binary data> "{D4027C7F-154A-4066-A1AD-4243D8127440}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {00000000-6E41-4FD3-8538-502F5495E5FC} "{00000000-6E41-4FD3-8538-502F5495E5FC}" - ? - (File not found | COM-object registry key not found) {E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {1E54D648-B804-468d-BC78-4AFFED8E262E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_srl.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll "PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? - (File not found | COM-object registry key not found) <binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "STOPzilla" - "iS3, Inc" - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll SITEguard "{98828DED-A591-462F-83BA-D2F62A68B8B8}" - ? - (File not found | COM-object registry key not found) <binary data> "{D4027C7F-154A-4066-A1AD-4243D8127440}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Logon] -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\StCenter.exe (Shortcut exists | File exists) "Logitech Desktop Messenger.lnk" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Shortcut exists | File exists) "Logitech SetPoint.lnk" - "Logitech Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) -----( %SystemDrive%\_OTL\MovedFiles\12222010_225623\C_Users\*****\AppData\Local\Windows )----- "desktop.ini" - ? - C:\_OTL\MovedFiles\12222010_225623\C_Users\*****\AppData\Local\Windows\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe "LifeChat" - "Microsoft Corporation" - "C:\Program Files\Microsoft LifeChat\LifeChat.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll "hpf3l70w.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70w.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira Upgrade Service" (AntiVirUpgradeService) - ? - "C:\Users\*****\AppData\Local\Temp\AVSETUP_4b2a73af\basic\avupgsvc.exe" /TEMPSTART:""C:\Users\*****\AppData\Local\Temp\AVSETUP_4b2a73af\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" (File not found) "AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE "Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe (File found, but it contains no detailed information) "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
25.12.2010, 02:41
| #21 |
| Gesperrt | Virus Backdoor Und der MBRCHECK: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Packard Bell BV BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: PACKARD BELL BV System Product Name: IMEDIA X1009 Logical Drives Mask: 0x000003fc Kernel Drivers (total 157): 0x8264C000 \SystemRoot\system32\ntkrnlpa.exe 0x82619000 \SystemRoot\system32\hal.dll 0x874DC000 \SystemRoot\system32\kdcom.dll 0x80604000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80674000 \SystemRoot\system32\PSHED.dll 0x80685000 \SystemRoot\system32\BOOTVID.dll 0x8068D000 \SystemRoot\system32\CLFS.SYS 0x806CE000 \SystemRoot\system32\CI.dll 0x82C03000 \SystemRoot\system32\drivers\Wdf01000.sys 0x82C7F000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x82C8C000 \SystemRoot\System32\Drivers\spqr.sys 0x82D8D000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x82D96000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x82DBC000 \SystemRoot\system32\drivers\pci.sys 0x807AE000 \SystemRoot\system32\drivers\acpi.sys 0x82DE3000 \SystemRoot\system32\drivers\msisadrv.sys 0x82DEB000 \SystemRoot\System32\drivers\partmgr.sys 0x82E0D000 \SystemRoot\system32\drivers\volmgr.sys 0x82E1C000 \SystemRoot\System32\drivers\volmgrx.sys 0x82E66000 \SystemRoot\system32\drivers\pciide.sys 0x82E6D000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x82E7B000 \SystemRoot\System32\drivers\mountmgr.sys 0x82E8B000 \SystemRoot\system32\drivers\atapi.sys 0x82E93000 \SystemRoot\system32\drivers\ataport.SYS 0x82EB1000 \SystemRoot\system32\drivers\nvstor32.sys 0x82ECF000 \SystemRoot\system32\drivers\storport.sys 0x82F10000 \SystemRoot\system32\drivers\fltmgr.sys 0x82F42000 \SystemRoot\system32\drivers\fileinfo.sys 0x82F52000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B403000 \SystemRoot\system32\drivers\ndis.sys 0x8B50E000 \SystemRoot\system32\drivers\msrpc.sys 0x8B539000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B603000 \SystemRoot\System32\drivers\tcpip.sys 0x8B6ED000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B805000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B915000 \SystemRoot\system32\drivers\volsnap.sys 0x8B94E000 \SystemRoot\System32\Drivers\spldr.sys 0x8B956000 \SystemRoot\System32\Drivers\mup.sys 0x8B965000 \SystemRoot\System32\drivers\ecache.sys 0x8B98C000 \SystemRoot\system32\drivers\disk.sys 0x8B99D000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8B9BE000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B708000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8B713000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8B71C000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8B72B000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8B9FC000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys 0x8B73E000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8B749000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8B753000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8B791000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8FC0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8FC9C000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8FCAC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8FE04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x907A1000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x8FCBA000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x907A3000 \SystemRoot\System32\drivers\watchdog.sys 0x907AF000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x90A05000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys 0x90B02000 \SystemRoot\System32\Drivers\abl8ojoj.SYS 0x90B3A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x90B43000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x90B72000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x90B7D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x90B94000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x90B9F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x90BC2000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x90BD1000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x90BE5000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x907C7000 \SystemRoot\system32\DRIVERS\termdd.sys 0x907D7000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x90BFA000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8FD59000 \SystemRoot\system32\DRIVERS\ks.sys 0x907E2000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x907EC000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8FD83000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8FDB8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x90E0C000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x91012000 \SystemRoot\system32\drivers\portcls.sys 0x9103F000 \SystemRoot\system32\drivers\drmk.sys 0x91064000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x9106D000 \SystemRoot\System32\Drivers\Null.SYS 0x91074000 \SystemRoot\System32\Drivers\Beep.SYS 0x91084000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x9108B000 \SystemRoot\System32\drivers\vga.sys 0x91097000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x910B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x910C0000 \SystemRoot\system32\drivers\rdpencdd.sys 0x910C8000 \SystemRoot\System32\Drivers\Msfs.SYS 0x910D3000 \SystemRoot\System32\Drivers\Npfs.SYS 0x910E1000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x910EA000 \SystemRoot\system32\DRIVERS\tdx.sys 0x91100000 \SystemRoot\system32\DRIVERS\smb.sys 0x91114000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91146000 \SystemRoot\system32\drivers\afd.sys 0x9118E000 \SystemRoot\system32\DRIVERS\pacer.sys 0x911A4000 \SystemRoot\system32\DRIVERS\netbios.sys 0x911B2000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x911C5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x911CB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0x911ED000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0x8B7A0000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x911F3000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90E00000 \SystemRoot\system32\ckldrv.sys 0x90E05000 \SystemRoot\System32\Drivers\hwinterface.sys 0x8FDC9000 \SystemRoot\System32\Drivers\dfsc.sys 0x8B574000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8FDE0000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x90E06000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8FC00000 \SystemRoot\system32\DRIVERS\usbscan.sys 0x8B7DC000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x8B7E6000 \SystemRoot\system32\DRIVERS\dot4usb.sys 0x8B59A000 \SystemRoot\system32\DRIVERS\Dot4.sys 0x8B5BF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x9107B000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys 0x911FD000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8B9C7000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8B9D4000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x8B9DE000 \SystemRoot\System32\Drivers\dump_nvstor32.sys 0x8FDF7000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8B5D4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x907F9000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys 0x8B7F3000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8B5E4000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys 0x8B5EC000 \SystemRoot\system32\drivers\usbaudio.sys 0x9A280000 \SystemRoot\System32\win32k.sys 0x82FC3000 \SystemRoot\System32\drivers\Dxapi.sys 0x82FCD000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9A4A0000 \SystemRoot\System32\TSDDD.dll 0x9A4C0000 \SystemRoot\System32\cdd.dll 0x82FDC000 \SystemRoot\system32\drivers\luafv.sys 0x80C07000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x80C1C000 \SystemRoot\system32\drivers\spsys.sys 0x80CCC000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x80CDC000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x80CEF000 \SystemRoot\system32\drivers\HTTP.sys 0x80D5C000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x80D65000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x80D82000 \SystemRoot\system32\DRIVERS\bowser.sys 0x80D9B000 \SystemRoot\System32\drivers\mpsdrv.sys 0x80DB0000 \SystemRoot\system32\drivers\mrxdav.sys 0x80DD1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA2A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA2A39000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA2A51000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA2A79000 \SystemRoot\System32\DRIVERS\srv.sys 0xA2AC7000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xA2B0A000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xA2B0F000 \SystemRoot\system32\drivers\peauth.sys 0xA4A0F000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA4A37000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA4A43000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA4A58000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA4A6A000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA4A80000 \??\C:\Users\****\AppData\Local\Temp\ugrcipow.sys 0x77660000 \Windows\System32\ntdll.dll Processes (total 74): 0 System Idle Process 4 System 428 C:\Windows\System32\smss.exe 496 csrss.exe 556 C:\Windows\System32\wininit.exe 564 csrss.exe 600 C:\Windows\System32\services.exe 624 C:\Windows\System32\lsass.exe 636 C:\Windows\System32\lsm.exe 660 C:\Windows\System32\winlogon.exe 832 C:\Windows\System32\svchost.exe 912 C:\Windows\System32\nvvsvc.exe 944 C:\Windows\System32\svchost.exe 1004 C:\Windows\System32\svchost.exe 1064 C:\Windows\System32\svchost.exe 1104 C:\Windows\System32\svchost.exe 1124 C:\Windows\System32\svchost.exe 1256 C:\Windows\System32\audiodg.exe 1324 C:\Windows\System32\SLsvc.exe 1404 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1416 C:\Windows\System32\nvvsvc.exe 1448 C:\Windows\System32\svchost.exe 1616 C:\Windows\System32\svchost.exe 1848 C:\Windows\System32\spoolsv.exe 1900 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1924 C:\Windows\System32\svchost.exe 476 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 684 C:\Program Files\Application Updater\ApplicationUpdater.exe 928 C:\Windows\System32\svchost.exe 1728 C:\Program Files\FRITZ!DSL\IGDCTRL.EXE 1864 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1908 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2064 C:\Windows\System32\svchost.exe 2160 C:\Windows\System32\IoctlSvc.exe 2208 C:\Windows\System32\svchost.exe 2260 C:\Windows\System32\PnkBstrA.exe 2284 C:\Windows\System32\PnkBstrB.exe 2296 C:\Windows\System32\svchost.exe 2308 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2352 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 2380 C:\Windows\System32\svchost.exe 2428 C:\Windows\System32\svchost.exe 2480 C:\Windows\System32\SearchIndexer.exe 2624 C:\Windows\System32\taskeng.exe 2696 WUDFHost.exe 3072 C:\Windows\System32\dwm.exe 3112 C:\Windows\System32\taskeng.exe 3136 C:\Windows\explorer.exe 3692 C:\Windows\RtHDVCpl.exe 3700 C:\Program Files\Microsoft LifeChat\LifeChat.exe 3716 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe 3748 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3792 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 3872 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2728 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2756 C:\Program Files\FRITZ!DSL\StCenter.exe 2784 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 2792 C:\Program Files\Logitech\SetPoint\SetPoint.exe 2272 C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe 4640 C:\Program Files\Mozilla Firefox\firefox.exe 1504 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe 472 C:\Program Files\Mozilla Firefox\plugin-container.exe 4452 C:\Windows\System32\SearchProtocolHost.exe 4808 C:\Windows\System32\SearchFilterHost.exe 604 C:\Windows\explorer.exe 2220 C:\Windows\explorer.exe 5856 C:\Windows\explorer.exe 5028 C:\Windows\explorer.exe 3856 C:\Windows\explorer.exe 4664 C:\Windows\System32\dllhost.exe 4148 dllhost.exe 3596 dllhost.exe 4180 C:\Users\****\Desktop\MBRCheck.exe 5988 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`003ebe00 (NTFS) PhysicalDrive0 Model Number: WDC WD3200AAJS-22B4A, Rev: 01.0 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
25.12.2010, 17:16
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus Backdoor Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virus Backdoor |
| antivir, antivir guard, avira, backdoor, bho, desktop, downloader, dsl, enigma, firefox, google, hijack, hijack this, hijackthis, hkus\s-1-5-18, internet, limewire, locker, mozilla, object, plug-in, problem, senden, software, spigot, svchost.exe, system, virus, vista, windows, youtube downloader |
Linear-Darstellung
