Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Hartnäckiger TR/ATRAPS.Gen und anderer Befall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 16.01.2011, 15:57   #1
Mr.Hankey
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Hallo!
Ich habe mir wohl gestern beim surfen gleich einen ganzen Packen an Viren zugezogen und mich jetzt nach diversen mehr oder weniger erfolglosen Rettungsversuchen doch dazu entschieden hier ein Thema zu erstellen.

Folgendes hat sich bisher getan:
Dass ich mir was böses eingehandelt hatte war mir gestern relativ schnell klar, da sich auf einmal spontan Firefox Fenster mit Werbung öffneten, alle Weiterleitungen von google in einem Fehler endeten und auf einmal ein Systemproxy aktiviert war.
Also hab ich zunächst mit Antivir und Spybot alles durchgescannt und damit scheinbar schon diverses Ungeziefer erwischt doch als ich dann neustarten wollte kam die böse Überraschung und mein PC fuhr immer wieder kurz vor dem Anmeldedialog runter. Zu meiner Verwunderung konnte ich das allerdings relativ schnell mit der Vista boot dvd bzw. der Reparatur option beheben.
Sofort lies ich nochmals einen Scan laufen der dann auch ohne Fund blieb und ich war schon guter Hoffnung dass es sich damit erledigt haben könnte aber zum glück hatte ich es trotzdem weiterhin vermieden mich bei sensiblen Diensten anzumelden.
Heute morgen tauchten dann auf einmal in regelmäßigen Abständen Antivir Guard Warnungen auf welche meldeten, dass die datei C:/Windows/temp/<zufälligerordner>/<zufälligername>.exe eine Signatur des Trojaners TR/ATRAPS.Gen enthält doch sobald ich mir den pfad anschauen wollte löschten sich die dateien immer wieder von selbst.
Als temporäre Maßnahme habe ich jetzt erstmal die Zugriffsrechte auf diesen "temp" ordner für alle benutzergruppen überschrieben und seitdem habe ich auch keine Meldung mehr bekommen.
Während meiner weiteren Recherche habe ich dann auch noch einen Malwarebytes scan gemacht der wiederum ~8 Probleme entdeckt und behoben hat sowie mit dem CCleaner alle daten und die registry bereinigt.

Desweiteren ist es warscheinlich noch erwähnenstwert, dass ich auch den folgenden Guide befolgt habe um jenen sshnas21.dll virus zu entfernen: hxxp://www.administrator.de/Sshnas21.dll_konnt_nicht_gefunden_werden_(Achtung_Trojaner).html

Im Anhang befinden sich die geforderten logs sowie die beiden MBAM logs der Scans die ich zuvor schon gemacht hatte.

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:10, on 16.01.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Treiber\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
F:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.1.251/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8075
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - F:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [EvtMgr6] D:\Treiber\Logitech\SetPointP\SetPoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "F:\Program Files\ICQ7.0\ICQ.exe" silent minimized loginmode=3
O4 - Startup: Dropbox.lnk = C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - F:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - F:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98450460-BAFF-4377-AAF8-9BB1E90C820C}: NameServer = 192.168.1.252,134.91.4.152
O17 - HKLM\System\CS2\Services\Tcpip\..\{98450460-BAFF-4377-AAF8-9BB1E90C820C}: NameServer = 192.168.1.252,134.91.4.152
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lmab_device -   - C:\Windows\system32\LMabcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: SmartSVN Status Cache (statuscached) - Unknown owner - F:\Program Files\SmartSVN 6.5\bin\statuscached.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Windows Service Manager (svchost32) - Unknown owner - C:\Windows\system32\drivers\svchost.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunngleService - Tunngle.net GmbH - F:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 6212 bytes
         
Vielen vielen Dank schonmal im Vorraus!!

Alt 17.01.2011, 09:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Zitat:
Also hab ich zunächst mit Antivir und Spybot alles durchgescannt und damit scheinbar schon diverses Ungeziefer
Poste auch davon alle Logs!!
__________________

__________________

Alt 17.01.2011, 10:23   #3
Mr.Hankey
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Sind die beiden folgenden Pfade die jenigen in denen ich die Logs finden sollte?

C:\ProgramData\Avira\AntiVir Desktop\LOGFILES
C:\ProgramData\Spybot - Search & Destroy\Logs

Falls ja bin ich ziemlich aufgeschmissen, denn darin befinden sich lediglich noch 2 bzw. 3 logs von gestern die allesamt ohne Funde oder einmal nur mit einem false positive verlaufen sind.

Antivir zeigt mir unter "Berichte" zwar noch die ganzen vorherigen Suchläufe an und wie viele Funde es gab etc. aber die zugehörgen Logs scheinen verschwunden.
__________________

Alt 17.01.2011, 10:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
Warum darf dein Rechner nicht auf o.g. Adobe-Server?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.01.2011, 10:59   #5
Mr.Hankey
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Das hatte ich mal vor längerer Zeit eingerichtet nachdem ich in einer c't Ausgabe gelesen hab wie Photoshop CS4 wohl heimlich immer wieder adobe server kontaktieren kann.


Alt 17.01.2011, 12:07   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8075
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b6c9f841-e72c-11de-9c40-001cc0b0155c}\Shell - "" = AutoRun
O33 - MountPoints2\{b6c9f841-e72c-11de-9c40-001cc0b0155c}\Shell\AutoRun\command - "" = E:\AutoRunCD.exe
[2011.01.15 17:18:08 | 000,000,049 | ---- | M] () -- C:\Windows\VYWnuxO
[2011.01.15 17:18:08 | 000,000,049 | ---- | M] () -- C:\Windows\jPToXpud
[2011.01.15 17:18:08 | 000,000,047 | ---- | M] () -- C:\Windows\ja1Fju
[2011.01.15 17:18:08 | 000,000,047 | ---- | M] () -- C:\Windows\F3KhQsegnb
[2011.01.15 17:18:08 | 000,000,047 | ---- | M] () -- C:\Windows\3LaFX
[2011.01.15 17:18:08 | 000,000,046 | ---- | M] () -- C:\Windows\yWtCUTMp5
[2011.01.15 17:18:08 | 000,000,046 | ---- | M] () -- C:\Windows\XfnPNQyC6I
[2011.01.15 17:18:08 | 000,000,046 | ---- | M] () -- C:\Windows\8KJLK
[2011.01.15 17:18:08 | 000,000,045 | ---- | M] () -- C:\Windows\qakTXKXG
[2011.01.15 17:18:08 | 000,000,045 | ---- | M] () -- C:\Windows\LIRWAjbJL
[2011.01.15 17:18:08 | 000,000,045 | ---- | M] () -- C:\Windows\KgkacKvFkr
[2011.01.15 17:18:08 | 000,000,045 | ---- | M] () -- C:\Windows\aO7CsaqTeE
[2011.01.15 17:18:08 | 000,000,044 | ---- | M] () -- C:\Windows\WpfC6U
[2011.01.15 17:18:08 | 000,000,044 | ---- | M] () -- C:\Windows\TvxkqPyhab
[2011.01.15 17:18:08 | 000,000,044 | ---- | M] () -- C:\Windows\LobYqvG8
[2011.01.15 17:18:08 | 000,000,044 | ---- | M] () -- C:\Windows\I6hYicJA3S
[2011.01.15 17:18:08 | 000,000,044 | ---- | M] () -- C:\Windows\Hllw7ED
[2011.01.15 17:18:08 | 000,000,044 | ---- | M] () -- C:\Windows\excf5
[2011.01.15 17:18:08 | 000,000,044 | ---- | M] () -- C:\Windows\2AxueOjfH
[2011.01.15 17:18:08 | 000,000,043 | ---- | M] () -- C:\Windows\Y2gCA3R
[2011.01.15 17:18:08 | 000,000,043 | ---- | M] () -- C:\Windows\XNGUm
[2011.01.15 17:18:08 | 000,000,043 | ---- | M] () -- C:\Windows\ClG7wDcCA6
[2011.01.15 17:18:08 | 000,000,043 | ---- | M] () -- C:\Windows\Bs2m7
[2011.01.15 17:18:08 | 000,000,042 | ---- | M] () -- C:\Windows\Y4aRDeKi
[2011.01.15 17:18:08 | 000,000,042 | ---- | M] () -- C:\Windows\GElIqO
[2011.01.15 17:18:08 | 000,000,042 | ---- | M] () -- C:\Windows\EgtaGlPSn
[2011.01.15 17:18:08 | 000,000,042 | ---- | M] () -- C:\Windows\d6VqmEED
[2011.01.15 17:18:08 | 000,000,042 | ---- | M] () -- C:\Windows\4kLkF
[2011.01.15 17:18:08 | 000,000,041 | ---- | M] () -- C:\Windows\uCKsvH
[2011.01.15 17:18:08 | 000,000,041 | ---- | M] () -- C:\Windows\lF7dA
[2011.01.15 17:18:08 | 000,000,041 | ---- | M] () -- C:\Windows\hdxUaetJ
[2011.01.15 17:18:08 | 000,000,040 | ---- | M] () -- C:\Windows\yFIlMW
[2011.01.15 17:18:08 | 000,000,040 | ---- | M] () -- C:\Windows\sMftko7U5
[2011.01.15 17:18:08 | 000,000,040 | ---- | M] () -- C:\Windows\O14OOtm
[2011.01.15 17:18:08 | 000,000,040 | ---- | M] () -- C:\Windows\nMp6T
[2011.01.15 17:18:08 | 000,000,040 | ---- | M] () -- C:\Windows\kJnPGuxLa
[2011.01.15 17:18:08 | 000,000,040 | ---- | M] () -- C:\Windows\2pvNUHB
[2011.01.15 17:18:08 | 000,000,039 | ---- | M] () -- C:\Windows\y3c6NQ
[2011.01.15 17:18:08 | 000,000,039 | ---- | M] () -- C:\Windows\XguGQgm
[2011.01.15 17:18:08 | 000,000,039 | ---- | M] () -- C:\Windows\nCGp7Inyy8
[2011.01.15 17:18:08 | 000,000,039 | ---- | M] () -- C:\Windows\3PWAT
[2011.01.15 17:18:08 | 000,000,038 | ---- | M] () -- C:\Windows\p4tFS73C8
[2011.01.15 17:18:08 | 000,000,038 | ---- | M] () -- C:\Windows\oFavpHE
[2011.01.15 17:18:08 | 000,000,038 | ---- | M] () -- C:\Windows\MoUb3
[2011.01.15 17:18:08 | 000,000,038 | ---- | M] () -- C:\Windows\k5JNwo
[2011.01.15 17:18:08 | 000,000,037 | ---- | M] () -- C:\Windows\aocJOpGaI
[2011.01.15 17:18:08 | 000,000,037 | ---- | M] () -- C:\Windows\7Ssd7nroKT
[2011.01.15 17:18:08 | 000,000,037 | ---- | M] () -- C:\Windows\4jVbl
[2011.01.15 17:18:08 | 000,000,036 | ---- | M] () -- C:\Windows\w5L3V8d3G4
[2011.01.15 17:18:08 | 000,000,036 | ---- | M] () -- C:\Windows\qTKQjvWAk
[2011.01.15 17:18:08 | 000,000,036 | ---- | M] () -- C:\Windows\nYb8DqV
[2011.01.15 17:18:08 | 000,000,036 | ---- | M] () -- C:\Windows\5Rtlo
[2011.01.15 17:18:08 | 000,000,035 | ---- | M] () -- C:\Windows\pWlrBpNrd
[2011.01.15 17:18:08 | 000,000,035 | ---- | M] () -- C:\Windows\NNJWxceg
[2011.01.15 17:18:08 | 000,000,035 | ---- | M] () -- C:\Windows\iHWYueYjP
[2011.01.15 17:18:08 | 000,000,034 | ---- | M] () -- C:\Windows\Os8NVKnoek
[2011.01.15 17:18:08 | 000,000,034 | ---- | M] () -- C:\Windows\ITSMsSFxG
[2011.01.15 17:18:08 | 000,000,034 | ---- | M] () -- C:\Windows\iPrdtIX
[2011.01.15 17:18:08 | 000,000,033 | ---- | M] () -- C:\Windows\FIYg17O
[2011.01.15 17:18:08 | 000,000,032 | ---- | M] () -- C:\Windows\pSGex4mkEX
[2011.01.15 17:18:08 | 000,000,032 | ---- | M] () -- C:\Windows\ldfkLVWd5
[2011.01.15 17:18:08 | 000,000,032 | ---- | M] () -- C:\Windows\fPpw1wx
[2011.01.15 17:18:08 | 000,000,032 | ---- | M] () -- C:\Windows\ehfGHeMqmH
[2011.01.15 17:18:08 | 000,000,032 | ---- | M] () -- C:\Windows\cqT73Kkrqg
[2011.01.15 17:18:08 | 000,000,032 | ---- | M] () -- C:\Windows\Bvqha
[2011.01.15 17:18:08 | 000,000,031 | ---- | M] () -- C:\Windows\WOi3DI
[2011.01.15 17:18:08 | 000,000,031 | ---- | M] () -- C:\Windows\LH8U36Cr
[2011.01.15 17:18:08 | 000,000,031 | ---- | M] () -- C:\Windows\gFKAKt1qF
[2011.01.15 17:18:08 | 000,000,030 | ---- | M] () -- C:\Windows\RaNokcC
[2011.01.15 17:18:08 | 000,000,030 | ---- | M] () -- C:\Windows\mLx4Q6M
[2011.01.15 17:18:08 | 000,000,030 | ---- | M] () -- C:\Windows\JtvaSiB
[2011.01.15 17:18:08 | 000,000,030 | ---- | M] () -- C:\Windows\h5oDwMa6
[2011.01.15 17:18:08 | 000,000,030 | ---- | M] () -- C:\Windows\5eOexm
[2011.01.15 17:18:08 | 000,000,029 | ---- | M] () -- C:\Windows\uLVAps1Np
[2011.01.15 17:18:08 | 000,000,029 | ---- | M] () -- C:\Windows\CCgPBY1a
[2011.01.15 17:18:08 | 000,000,029 | ---- | M] () -- C:\Windows\7QQlj78i
[2011.01.15 17:18:08 | 000,000,029 | ---- | M] () -- C:\Windows\45e6DK5oRi
[2011.01.15 17:18:08 | 000,000,028 | ---- | M] () -- C:\Windows\V4jNEIf1oJ
[2011.01.15 17:18:08 | 000,000,028 | ---- | M] () -- C:\Windows\GnOJEOW
[2011.01.15 17:18:08 | 000,000,028 | ---- | M] () -- C:\Windows\FLYkS
[2011.01.15 17:18:08 | 000,000,028 | ---- | M] () -- C:\Windows\b31Oi1GRP
[2011.01.15 17:18:08 | 000,000,028 | ---- | M] () -- C:\Windows\3XkypbOv2
[2011.01.15 17:18:08 | 000,000,027 | ---- | M] () -- C:\Windows\calmlS6tS
[2011.01.15 17:18:08 | 000,000,026 | ---- | M] () -- C:\Windows\LBILmrYc
[2011.01.15 17:18:08 | 000,000,026 | ---- | M] () -- C:\Windows\2T8esRwaW
[2011.01.15 17:18:08 | 000,000,025 | ---- | M] () -- C:\Windows\EhPUBO
[2011.01.15 17:18:07 | 000,000,047 | ---- | M] () -- C:\Windows\xia5b
[2011.01.15 17:18:07 | 000,000,043 | ---- | M] () -- C:\Windows\WlMfD4
[2011.01.15 17:18:07 | 000,000,040 | ---- | M] () -- C:\Windows\ignc5nJmi
[2011.01.15 17:18:07 | 000,000,039 | ---- | M] () -- C:\Windows\lHaxOG
[2011.01.15 17:18:07 | 000,000,037 | ---- | M] () -- C:\Windows\Vuktdt
[2011.01.15 17:18:07 | 000,000,036 | ---- | M] () -- C:\Windows\31c7Dn5c
[2011.01.15 17:18:07 | 000,000,033 | ---- | M] () -- C:\Windows\C4ywfGIdA
[2011.01.15 17:18:07 | 000,000,031 | ---- | M] () -- C:\Windows\8biiMRj
[2011.01.15 17:18:07 | 000,000,030 | ---- | M] () -- C:\Windows\4I5WGIT
[2011.01.15 17:18:07 | 000,000,028 | ---- | M] () -- C:\Windows\IgFj75oRh
[2011.01.15 17:18:07 | 000,000,027 | ---- | M] () -- C:\Windows\DQxjxlU
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:6DFF1A8A
:Commands
[purity]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Hartnäckiger TR/ATRAPS.Gen und anderer Befall

Alt 17.01.2011, 12:39   #7
Mr.Hankey
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Alles klar und danke schonmal

Hier der Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6c9f841-e72c-11de-9c40-001cc0b0155c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6c9f841-e72c-11de-9c40-001cc0b0155c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6c9f841-e72c-11de-9c40-001cc0b0155c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6c9f841-e72c-11de-9c40-001cc0b0155c}\ not found.
File E:\AutoRunCD.exe not found.
C:\Windows\VYWnuxO moved successfully.
C:\Windows\jPToXpud moved successfully.
C:\Windows\ja1Fju moved successfully.
C:\Windows\F3KhQsegnb moved successfully.
C:\Windows\3LaFX moved successfully.
C:\Windows\yWtCUTMp5 moved successfully.
C:\Windows\XfnPNQyC6I moved successfully.
C:\Windows\8KJLK moved successfully.
C:\Windows\qakTXKXG moved successfully.
C:\Windows\LIRWAjbJL moved successfully.
C:\Windows\KgkacKvFkr moved successfully.
C:\Windows\aO7CsaqTeE moved successfully.
C:\Windows\WpfC6U moved successfully.
C:\Windows\TvxkqPyhab moved successfully.
C:\Windows\LobYqvG8 moved successfully.
C:\Windows\I6hYicJA3S moved successfully.
C:\Windows\Hllw7ED moved successfully.
C:\Windows\excf5 moved successfully.
C:\Windows\2AxueOjfH moved successfully.
C:\Windows\Y2gCA3R moved successfully.
C:\Windows\XNGUm moved successfully.
C:\Windows\ClG7wDcCA6 moved successfully.
C:\Windows\Bs2m7 moved successfully.
C:\Windows\Y4aRDeKi moved successfully.
C:\Windows\GElIqO moved successfully.
C:\Windows\EgtaGlPSn moved successfully.
C:\Windows\d6VqmEED moved successfully.
C:\Windows\4kLkF moved successfully.
C:\Windows\uCKsvH moved successfully.
C:\Windows\lF7dA moved successfully.
C:\Windows\hdxUaetJ moved successfully.
C:\Windows\yFIlMW moved successfully.
C:\Windows\sMftko7U5 moved successfully.
C:\Windows\O14OOtm moved successfully.
C:\Windows\nMp6T moved successfully.
C:\Windows\kJnPGuxLa moved successfully.
C:\Windows\2pvNUHB moved successfully.
C:\Windows\y3c6NQ moved successfully.
C:\Windows\XguGQgm moved successfully.
C:\Windows\nCGp7Inyy8 moved successfully.
C:\Windows\3PWAT moved successfully.
C:\Windows\p4tFS73C8 moved successfully.
C:\Windows\oFavpHE moved successfully.
C:\Windows\MoUb3 moved successfully.
C:\Windows\k5JNwo moved successfully.
C:\Windows\aocJOpGaI moved successfully.
C:\Windows\7Ssd7nroKT moved successfully.
C:\Windows\4jVbl moved successfully.
C:\Windows\w5L3V8d3G4 moved successfully.
C:\Windows\qTKQjvWAk moved successfully.
C:\Windows\nYb8DqV moved successfully.
C:\Windows\5Rtlo moved successfully.
C:\Windows\pWlrBpNrd moved successfully.
C:\Windows\NNJWxceg moved successfully.
C:\Windows\iHWYueYjP moved successfully.
C:\Windows\Os8NVKnoek moved successfully.
C:\Windows\ITSMsSFxG moved successfully.
C:\Windows\iPrdtIX moved successfully.
C:\Windows\FIYg17O moved successfully.
C:\Windows\pSGex4mkEX moved successfully.
C:\Windows\ldfkLVWd5 moved successfully.
C:\Windows\fPpw1wx moved successfully.
C:\Windows\ehfGHeMqmH moved successfully.
C:\Windows\cqT73Kkrqg moved successfully.
C:\Windows\Bvqha moved successfully.
C:\Windows\WOi3DI moved successfully.
C:\Windows\LH8U36Cr moved successfully.
C:\Windows\gFKAKt1qF moved successfully.
C:\Windows\RaNokcC moved successfully.
C:\Windows\mLx4Q6M moved successfully.
C:\Windows\JtvaSiB moved successfully.
C:\Windows\h5oDwMa6 moved successfully.
C:\Windows\5eOexm moved successfully.
C:\Windows\uLVAps1Np moved successfully.
C:\Windows\CCgPBY1a moved successfully.
C:\Windows\7QQlj78i moved successfully.
C:\Windows\45e6DK5oRi moved successfully.
C:\Windows\V4jNEIf1oJ moved successfully.
C:\Windows\GnOJEOW moved successfully.
C:\Windows\FLYkS moved successfully.
C:\Windows\b31Oi1GRP moved successfully.
C:\Windows\3XkypbOv2 moved successfully.
C:\Windows\calmlS6tS moved successfully.
C:\Windows\LBILmrYc moved successfully.
C:\Windows\2T8esRwaW moved successfully.
C:\Windows\EhPUBO moved successfully.
C:\Windows\xia5b moved successfully.
C:\Windows\WlMfD4 moved successfully.
C:\Windows\ignc5nJmi moved successfully.
C:\Windows\lHaxOG moved successfully.
C:\Windows\Vuktdt moved successfully.
C:\Windows\31c7Dn5c moved successfully.
C:\Windows\C4ywfGIdA moved successfully.
C:\Windows\8biiMRj moved successfully.
C:\Windows\4I5WGIT moved successfully.
C:\Windows\IgFj75oRh moved successfully.
C:\Windows\DQxjxlU moved successfully.
ADS C:\ProgramData\TEMP:6DFF1A8A deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: XXX
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34424 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5507331 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 689 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 5,00 mb
 
 
OTL by OldTimer - Version 3.2.20.2 log created on 01172011_132927

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 17.01.2011, 12:46   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.01.2011, 15:15   #9
Mr.Hankey
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Hm... als ich Combofix gestartet habe hat sich kurz nachdem der Ladebalken das ende erreichte mein PC einfach abgeschaltet.

Ich denke ich habe auch die vorherigen Schritte korrekt ausgeführt: CCleaner hat alles aufgeräumt, in der Registry stand nur noch der alte AntiVir fehler den ich ja ignorieren kann und (Hintergrund)programme hatte ich auch soweit wie möglich auch beendet.

Alt 17.01.2011, 15:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Probiers nochmal aus.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.01.2011, 16:21   #11
Mr.Hankey
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



So jetzt hab ich es noch ein paar mal mit dem gleichen Ergebnis ausprobiert bis ich per Spybot Antivir komplett aus dem systemstart genommen hab und HijackThis mir auch versichert hat, dass Explorer.exe der einzige von meinem Konto aus laufende Prozess ist. Dadurch ist der PC jetzt allerdings an der selben Stelle komplett Eingefroren anstatt sich auszuschalten. Ein letztes mal hab ich es nun jetzt noch einmal probiert und es scheint wieder alles beim alten zu sein.

Alt 17.01.2011, 18:16   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.01.2011, 19:43   #13
Mr.Hankey
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Ok hier die logs:

GMER:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-17 20:29:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort5 STM3500418AS rev.CC37
Running: g2m3e4r.exe; Driver: F:\Temp\awlcrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                               section is writeable [0x8F803000, 0x349D76, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[912] ntdll.dll!NtProtectVirtualMemory                                                                                          77D44D34 5 Bytes  JMP 00A1000A 
.text           C:\Windows\Explorer.EXE[912] ntdll.dll!NtWriteVirtualMemory                                                                                            77D45674 5 Bytes  JMP 00A2000A 
.text           C:\Windows\Explorer.EXE[912] ntdll.dll!KiUserExceptionDispatcher                                                                                       77D45DC8 5 Bytes  JMP 00A0000A 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                                   [74047817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                    [7409A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                                [7404BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                          [7403F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                    [740475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                                 [7403E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                                     [74078395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                                        [7404DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                                [7403FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                                 [7403FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                                  [740371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                                          [740CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                                             [7406C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                                [7403D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                          [74036853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                         [7403687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                            [74042AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Device\Ide\IdeDeviceP5T0L0-5 -> \??\IDE#DiskSTM3500418AS____________________________CC37____#5&f90994&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583380e60                                                                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                    F:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                    0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                    0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                 0x61 0xF6 0x06 0x79 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                        0xCD 0x1B 0x74 0x6F ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                   0x70 0xDF 0x9F 0xE3 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                   0x66 0x24 0x97 0x1F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583380e60 (not active ControlSet)                                                        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                   
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                        F:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                        0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                        0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                     0x61 0xF6 0x06 0x79 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                          
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                            0xCD 0x1B 0x74 0x6F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                     
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                       0x70 0xDF 0x9F 0xE3 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                                     
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                                       0x66 0x24 0x97 0x1F ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77CFC1A6-DCF5-29FA-5AD4-F5E22D8FD642}                                        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77CFC1A6-DCF5-29FA-5AD4-F5E22D8FD642}@galenbpoihgmdd                         0x61 0x63 0x70 0x63 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                  sector 00 (MBR): rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                  sectors 976772912 (+255): rootkit-like behavior; 

---- EOF - GMER 1.0.15 ----
         
OSAM:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:41:38 on 17.01.2011

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: SRWare SRWare Iron 8.0.555.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"RegistryConvoy.job" - ? - F:\Program Files\Registry Convoy 2009\RegistryConvoy.exe  (File not found)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - F:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis Try&Decide and Restore Points filter" (tdrpman) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpman.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"awlcrpob" (awlcrpob) - ? - F:\Temp\awlcrpob.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - F:\Temp\catchme.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IOCBIOS" (IOCBIOS) - ? - C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\32bit\IOCBIOS.SYS
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Nal Service " (NAL) - "Intel Corporation " - C:\Windows\system32\Drivers\iqvw32.sys
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys  (File not found)
"Performance Tools Driver 10.0" (VSPerfDrv100) - "Microsoft Corporation" - F:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"VBoxNetFlt Service" (VBoxNetFlt) - ? - C:\Windows\System32\DRIVERS\VBoxNetFlt.sys  (File not found)
"VirtualBox Host-Only Ethernet Adapter" (VBoxNetAdp) - "Oracle Corporation" - C:\Windows\System32\DRIVERS\VBoxNetAdp.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - F:\Program Files\7-Zip\7-zip.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - C:\Program Files\Acronis\TrueImageHome\tishell.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - F:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - D:\Treiber\Logitech\SetPointP\kbcplext.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseOverlays" - ? -   (File not found | COM-object registry key not found)
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseOverlays" - ? -   (File not found | COM-object registry key not found)
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseOverlays" - ? -   (File not found | COM-object registry key not found)
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseOverlays" - ? -   (File not found | COM-object registry key not found)
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseOverlays" - ? -   (File not found | COM-object registry key not found)
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseOverlays" - ? -   (File not found | COM-object registry key not found)
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseOverlays" - ? -   (File not found | COM-object registry key not found)
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseOverlays" - ? -   (File not found | COM-object registry key not found)
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseOverlays" - ? -   (File not found | COM-object registry key not found)
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - F:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - F:\Program Files\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - F:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - F:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - F:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - F:\Program Files\WinZip\wzshlstb.dll
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10g.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ7" - "ICQ, LLC." - F:\Program Files\ICQ7.0\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"Location" - "InterTrust Technologies Corporation, Inc." - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{DDA57003-0068-4ed2-9D32-4D1EC707D94D} "Microsoft Web Test Recorder 10.0 Helper" - "Microsoft Corporation" - F:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" - ? -   (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - C:\Windows\system32\relog_ap.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Userinit" - "Soluto" - C:\Program Files\Soluto\soluto.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"EvtMgr6" - "Logitech, Inc." - D:\Treiber\Logitech\SetPointP\SetPoint.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Lexmark Enhanced TCP/IP Port" - " " - C:\Windows\system32\lmablmpm.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe  (File is exclusively opened, access blocked)
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"lmab_device" (lmab_device) - " " - C:\Windows\system32\LMabcoms.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SmartSVN Status Cache" (statuscached) - ? - F:\Program Files\SmartSVN 6.5\bin\statuscached.exe  (File found, but it contains no detailed information)
"Soluto PCGenome Core Service" (SolutoService) - "Soluto" - C:\Program Files\Soluto\SolutoService.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TunngleService" (TunngleService) - "Tunngle.net GmbH" - F:\Program Files\Tunngle\TnglCtrl.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Windows Service Manager" (svchost32) - ? - C:\Windows\system32\drivers\svchost.exe /service  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
MBRCheck:
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Business Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Intel Corporation
BIOS Manufacturer:		Intel Corp.
System Manufacturer:		
System Product Name:		
Logical Drives Mask:		0x0200006c

Kernel Drivers (total 148):
  0x82403000 \SystemRoot\system32\ntkrnlpa.exe
  0x827BC000 \SystemRoot\system32\hal.dll
  0x86542000 \SystemRoot\system32\kdcom.dll
  0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80482000 \SystemRoot\system32\PSHED.dll
  0x80493000 \SystemRoot\system32\BOOTVID.dll
  0x8049B000 \SystemRoot\system32\CLFS.SYS
  0x804DC000 \SystemRoot\system32\CI.dll
  0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80695000 \SystemRoot\system32\drivers\acpi.sys
  0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806EC000 \SystemRoot\system32\drivers\pci.sys
  0x80713000 \SystemRoot\System32\drivers\partmgr.sys
  0x80722000 \SystemRoot\system32\drivers\volmgr.sys
  0x80731000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8077B000 \SystemRoot\system32\drivers\pciide.sys
  0x80782000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x80790000 \SystemRoot\System32\drivers\mountmgr.sys
  0x807A0000 \SystemRoot\system32\drivers\atapi.sys
  0x807A8000 \SystemRoot\system32\drivers\ataport.SYS
  0x807C6000 \SystemRoot\system32\drivers\fltmgr.sys
  0x805BC000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82A0C000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82A7D000 \SystemRoot\system32\drivers\ndis.sys
  0x82B88000 \SystemRoot\system32\drivers\msrpc.sys
  0x82BB3000 \SystemRoot\system32\drivers\NETIO.SYS
  0x82C06000 \SystemRoot\System32\drivers\tcpip.sys
  0x82CF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x82D0B000 \SystemRoot\system32\DRIVERS\timntr.sys
  0x82E02000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x82F12000 \SystemRoot\system32\drivers\volsnap.sys
  0x82F4B000 \SystemRoot\system32\DRIVERS\tdrpman.sys
  0x82FA4000 \SystemRoot\System32\Drivers\spldr.sys
  0x82FAC000 \SystemRoot\system32\speedfan.sys
  0x82FAE000 \SystemRoot\system32\DRIVERS\snapman.sys
  0x82FCD000 \SystemRoot\System32\Drivers\mup.sys
  0x82FDC000 \SystemRoot\system32\giveio.sys
  0x82D76000 \SystemRoot\System32\drivers\ecache.sys
  0x82FDD000 \SystemRoot\system32\drivers\disk.sys
  0x82D9D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x82FEE000 \SystemRoot\system32\drivers\crcdisk.sys
  0x82DCB000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x82DD6000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F20B000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x8F802000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8FE7D000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8FF1E000 \SystemRoot\System32\drivers\watchdog.sys
  0x8FF2A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8FFB7000 \SystemRoot\system32\DRIVERS\e1y6032.sys
  0x8FFF2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8F248000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8F286000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8F295000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8F2A5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8F2B3000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F2CB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8F2D1000 \SystemRoot\system32\DRIVERS\intelsmb.sys
  0x8F2DD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8F2E6000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8F315000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F356000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F361000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F378000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8F383000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F3A6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F3B5000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8F3C9000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x9020B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0x90294000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x902A4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x902AF000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x902BA000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x902BC000 \SystemRoot\system32\DRIVERS\ks.sys
  0x902E6000 \SystemRoot\system32\drivers\WmBEnum.sys
  0x902EA000 \SystemRoot\system32\drivers\WmXlCore.sys
  0x902F9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90303000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x90310000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x90345000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90356000 \SystemRoot\system32\drivers\AtihdLH3.sys
  0x90372000 \SystemRoot\system32\drivers\portcls.sys
  0x9039F000 \SystemRoot\system32\drivers\drmk.sys
  0x9060B000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x90819000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x90822000 \SystemRoot\System32\Drivers\Null.SYS
  0x90829000 \SystemRoot\System32\Drivers\Beep.SYS
  0x90839000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x90840000 \SystemRoot\System32\drivers\vga.sys
  0x9084C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x9086D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x90875000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x9087D000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x90888000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x90896000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9089F000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x908B5000 \SystemRoot\system32\DRIVERS\smb.sys
  0x908C9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x908E0000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x908E2000 \SystemRoot\system32\drivers\afd.sys
  0x9092A000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x90933000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x90943000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90975000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x9097E000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x90994000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x909A2000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x909B5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x909BB000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90600000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x90400000 \SystemRoot\system32\drivers\csc.sys
  0x9045B000 \SystemRoot\System32\Drivers\dfsc.sys
  0x90472000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x90498000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x904A0000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x904A8000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x904B0000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x98C60000 \SystemRoot\System32\win32k.sys
  0x904BF000 \SystemRoot\System32\drivers\Dxapi.sys
  0x904C9000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x98E80000 \SystemRoot\System32\TSDDD.dll
  0x98EA0000 \SystemRoot\System32\cdd.dll
  0x98EB0000 \SystemRoot\System32\ATMFD.DLL
  0x904D8000 \SystemRoot\system32\drivers\luafv.sys
  0x904F3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x90508000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
  0x90519000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x90529000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9053C000 \SystemRoot\system32\drivers\spsys.sys
  0xA060B000 \SystemRoot\system32\drivers\HTTP.sys
  0xA0678000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA0695000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA06AE000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA06CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA06EE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA0727000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA073F000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA0766000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA07B2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xA07D3000 \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\32bit\IOCBIOS.SYS
  0xA5A06000 \SystemRoot\system32\drivers\peauth.sys
  0xA5AE4000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA5AEE000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA5AFA000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA5B10000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xA5B1A000 \??\F:\Temp\awlcrpob.sys
  0x77CE0000 \Windows\System32\ntdll.dll

Processes (total 39):
       0 System Idle Process
       4 System
     612 C:\Windows\System32\smss.exe
     680 csrss.exe
     744 csrss.exe
     752 C:\Windows\System32\wininit.exe
     792 C:\Windows\System32\winlogon.exe
     828 C:\Windows\System32\services.exe
     844 C:\Windows\System32\lsass.exe
     852 C:\Windows\System32\lsm.exe
    1004 C:\Windows\System32\svchost.exe
    1100 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    1124 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\svchost.exe
    1252 C:\Windows\System32\svchost.exe
    1368 C:\Windows\System32\audiodg.exe
    1428 C:\Windows\System32\svchost.exe
    1484 C:\Windows\System32\SLsvc.exe
    1548 C:\Windows\System32\svchost.exe
    1644 C:\Windows\System32\svchost.exe
    1896 C:\Windows\System32\spoolsv.exe
    1920 C:\Program Files\Avira\AntiVir Desktop\sched.exe
     996 C:\Windows\System32\dwm.exe
     912 C:\Windows\explorer.exe
    2216 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2300 C:\Program Files\Bonjour\mDNSResponder.exe
    2356 C:\Windows\System32\svchost.exe
    2636 C:\Windows\System32\PnkBstrA.exe
    2868 C:\Windows\System32\svchost.exe
    2960 C:\Windows\System32\svchost.exe
    3032 C:\Windows\System32\SearchIndexer.exe
    3560 D:\Treiber\Logitech\SetPointP\SetPoint.exe
    3556 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    2364 C:\Windows\System32\svchost.exe
    1404 C:\Windows\System32\LMabcoms.exe
    2108 C:\Windows\System32\notepad.exe
    3812 C:\Windows\System32\SearchProtocolHost.exe
    4028 C:\Windows\System32\SearchFilterHost.exe
    2196 C:\Users\XXX\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`53100000  (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000011`17100000  (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x0000006d`dd100000  (NTFS)

PhysicalDrive0 Model Number: STM3500418AS, Rev: CC37    

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
         

Alt 17.01.2011, 20:02   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Hast Du noch andere Betriebssysteme außer Vista installiert?

Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Danach ein neues Log mit GMER machen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.01.2011, 20:51   #15
Mr.Hankey
 
Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Standard

Hartnäckiger TR/ATRAPS.Gen und anderer Befall



Hat alles soweit gut geklappt und ich habe auch keine anderen Systeme installiert.

Neuer GMER log:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-17 21:46:37
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5 STM3500418AS rev.CC37
Running: g2m3e4r.exe; Driver: F:\Temp\awlcrpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                        section is writeable [0x90208000, 0x349D76, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                           [73F97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                            [73FEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                        [73F9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                  [73F8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                            [73F975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                         [73F8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                             [73FC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                [73F9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                        [73F8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                         [73F8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                          [73F871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                  [7401CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                     [73FBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                        [73F8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                  [73F86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                 [73F8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                    [73F92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                          tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                          timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                          tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                          timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                          tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                          timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                          tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                          timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583380e60                                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                             F:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                             0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                             0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                          0x61 0xF6 0x06 0x79 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                    0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                 0xCD 0x1B 0x74 0x6F ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                            0x70 0xDF 0x9F 0xE3 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                            0x66 0x24 0x97 0x1F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583380e60 (not active ControlSet)                                 
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                            
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                 F:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                 0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                              0x61 0xF6 0x06 0x79 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                   
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                     0xCD 0x1B 0x74 0x6F ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)              
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                0x70 0xDF 0x9F 0xE3 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)              
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                0x66 0x24 0x97 0x1F ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77CFC1A6-DCF5-29FA-5AD4-F5E22D8FD642}                 
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{77CFC1A6-DCF5-29FA-5AD4-F5E22D8FD642}@galenbpoihgmdd  0x61 0x63 0x70 0x63 ...

---- EOF - GMER 1.0.15 ----
         

Antwort

Themen zu Hartnäckiger TR/ATRAPS.Gen und anderer Befall
antivir, antivir guard, avg, avira, bho, bonjour, desktop, entfernen, fehler, firefox, google, hijack, hijackthis, internet, internet explorer, logfile, maßnahme, object, registry, software, studio, svchost, svchost.exe, viren, virus, vista, visual studio, werbung



Ähnliche Themen: Hartnäckiger TR/ATRAPS.Gen und anderer Befall


  1. VIREN BEFALL? anderer PC im Netzwerk war befallen...
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (2)
  2. 123Rede.com und anderer Befall
    Alles rund um Windows - 24.05.2015 (123)
  3. hartnäckiger Positive Finds-Befall
    Log-Analyse und Auswertung - 12.02.2015 (9)
  4. Windows Vista Befall mit TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 21.10.2013 (13)
  5. Malwarebytes zeigt Pup.dealio.tb... evtl. auch anderer Befall?
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (9)
  6. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  7. Trojaner-Befall: TR/ATRAPS.GEN und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (7)
  8. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  9. Befall mit TR/Atraps.Gen und TR/Atraps.Gen2
    Log-Analyse und Auswertung - 16.08.2012 (3)
  10. Befall mit TR/ATRAPS.gen und TR/ATRAPS.gen2
    Log-Analyse und Auswertung - 18.07.2012 (1)
  11. Befall von TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 18.07.2012 (7)
  12. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  13. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  14. TR/ATRAPS.Gen2 Befall
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (1)
  15. hartnäckiger Trojaner TR/ATRAPS.Gen
    Log-Analyse und Auswertung - 07.10.2011 (29)
  16. Systemstart rundll-Meldung und hartnäckiger Trojaner/Spyware Befall
    Log-Analyse und Auswertung - 27.01.2009 (4)
  17. HILFE! Hartnäckiger hijacker, hartnäckiger Trojaner!
    Log-Analyse und Auswertung - 07.09.2004 (3)

Zum Thema Hartnäckiger TR/ATRAPS.Gen und anderer Befall - Hallo! Ich habe mir wohl gestern beim surfen gleich einen ganzen Packen an Viren zugezogen und mich jetzt nach diversen mehr oder weniger erfolglosen Rettungsversuchen doch dazu entschieden hier ein - Hartnäckiger TR/ATRAPS.Gen und anderer Befall...
Archiv
Du betrachtest: Hartnäckiger TR/ATRAPS.Gen und anderer Befall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.