Ich dachte mit PDF kann es jeder lesen, unabhängig vom eingesetzten System.
Kaspersky Code:
30.03.2012 16:54:40 Desinfiziert trojanisches Programm Trojan.Win32.Chifrax.a C:\$recycle.bin\s-1-5-21-2902991670-3388260924-157514281-1000\$rjoa4vb.part Hoch
13.04.2012 22:16:53 Gelöscht trojanisches Programm Trojan.Win32.Chifrax.a c:\documents and settings\all users\kaspersky lab\sandbox\klsb1\device\harddiskvolume1\$recycle.bin\s-1-5-21-2902991670-3388260924-157514281-1000\$rjoa4vb.part//***.org\***\***.rar Hoch
30.03.2012 16:54:39 Gelöscht trojanisches Programm Trojan.Win32.Chifrax.a C:\$recycle.bin\s-1-5-21-2902991670-3388260924-157514281-1000\$rjoa4vb.part//***.org\***\***.rar//***.exe Hoch
13.04.2012 22:16:53 Gelöscht trojanisches Programm Trojan.Win32.Chifrax.a c:\documents and settings\all users\kaspersky lab\sandbox\klsb1\device\harddiskvolume1\$recycle.bin\s-1-5-21-2902991670-3388260924-157514281-1000\$rjoa4vb.part Hoch
13.04.2012 22:15:50 Gelöscht trojanisches Programm Trojan.Win32.Chifrax.a c:\documents and settings\all users\kaspersky lab\sandbox\klsb1\device\harddiskvolume1\$recycle.bin\s-1-5-21-2902991670-3388260924-157514281-1000\$rjoa4vb.part//***.org\***\***.rar//***.exe Hoch
Attach.txt
DDS Logfile: Code:
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12.11.2011 18:55:52
System Uptime: 14.04.2012 12:03:09 (11 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7345
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | CPU 1 | 1803/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 100 GiB total, 22,93 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 30,161 GiB free.
E: is FIXED (NTFS) - 166 GiB total, 83,433 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP168: 14.04.2012 21:11:33 - Removed pdfforge Toolbar v4.7.
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Apache Tomcat 7.0.22
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
AudibleManager
Battlefield 2(TM)
Bonjour
Broken Sword 2.5
CCleaner
CDBurnerXP
Color Efex Pro 3.0 Standard
DAEMON Tools Lite
DivX-Setup
Dropbox
EVEREST Home Edition v2.20
EVEREST Ultimate Edition v4.00
Fable - The Lost Chapters
Foxit Reader 5.1
Free Download Manager 3.0
Free Video Dub version 2.0.3.1228
GIMPshop 2.6.11
GlassFish Server Open Source Edition 3.1.1
GUILD WARS
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 30
Java(TM) 7 Update 3
Java(TM) SE Development Kit 7 Update 3
JavaFX 2.0.3
JavaFX 2.0.3 SDK
JDownloader 0.9
K-Lite Codec Pack 7.0.0 (Standard)
Kaspersky Security Suite CBE 11
Live Update 5
MAGIX Web Designer 6
MarkAble 2.3.1
Mass Effect 2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 11.0 (x86 de)
Mozilla Thunderbird (8.0)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetBeans IDE 7.1
NetSchafkopf
NVIDIA 3D Vision Controller-Treiber 296.10
NVIDIA 3D Vision Treiber 296.10
NVIDIA Grafiktreiber 296.10
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 296.10
NVIDIA Update 1.7.11
NVIDIA Update Components
OpenAL
OpenOffice.org 3.3
Opera 11.62
PDFCreator
Process Hacker 2.23
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RIFT
Samorost 2
Sandboxie 3.60 (32-bit)
ScummVM 1.4.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
SiSoftware Sandra Lite 2012.SP2
Skype™ 5.8
Steam
SWF to AVI
System Requirements Lab
System Requirements Lab CYRI
TeamSpeak 3 Client
TERA
The Tiny Bang Story - Demo
TOEFL Sample Questions
TrueCrypt
TurboPlot v3.7e
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
URL Snooper v2.30.01
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
WinPcap 4.1.2
WinRAR 4.01 (32-Bit)
WinX Free VOB to AVI Converter 2.0.3
XAMPP 1.7.7
.
==== End Of File ===========================
DDS.txt Code:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.3.1
Run by *** at 23:12:41 on 2012-04-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2047.958 [GMT 2:00]
.
AV: Kaspersky Security Suite CBE 11 *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Security Suite CBE 11 *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Security Suite CBE 11 *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\avmwlanstick\FRITZWLANMini.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\x\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Opera\opera.exe
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky security suite cbe 11\ievkbd.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky security suite cbe 11\klwtbbho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [AVMWlanClient] c:\program files\avmwlanstick\FRITZWLANMini.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky security suite cbe 11\avp.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Alles mit FDM herunterladen - file://c:\program files\free download manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\free download manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\free download manager\dllink.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\kaspersky lab\kaspersky security suite cbe 11\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\free download manager\dlfvideo.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky security suite cbe 11\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky security suite cbe 11\klwtbbho.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{8C4424A6-8B26-4D15-9F91-AC5E0DED726A} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{FADDA36B-DA6C-4B46-B087-0B5BD747CED0} : NameServer = 8.26.56.26,156.154.70.22
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: ,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\x\appdata\roaming\mozilla\firefox\profiles\pqqawtmz.default\
FF - prefs.js: network.proxy.http - www-proxy.t-online.de
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\x\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: d:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\programme\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\programme\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\programme\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\programme\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\programme\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\programme\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\programme\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-20 239168]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R2 AVP;Kaspersky Security Suite CBE 11 Service;c:\program files\kaspersky lab\kaspersky security suite cbe 11\avp.exe [2011-4-13 387696]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-4-13 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\drivers\fwlanusbn.sys [2011-11-12 401920]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-4-13 491112]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-10-12 131344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2011-11-12 4352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\msi\live update 5\NTIOLib.sys [2012-4-13 7680]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2012.sp2\RpcAgentSrv.exe [2012-3-13 95896]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-13 52224]
.
=============== Created Last 30 ================
.
2012-04-14 19:44:28 -------- d-----w- c:\windows\pss
2012-04-14 19:20:53 -------- d-----w- c:\program files\CCleaner
2012-04-13 18:18:03 -------- d-----w- c:\programdata\TERA
2012-04-13 10:12:43 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-13 10:12:43 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-04-13 10:12:43 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-04-13 10:12:43 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-04-13 10:12:43 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-04-13 10:12:43 10819392 ----a-w- c:\windows\system32\drivers\SETC438.tmp
2012-04-13 10:12:40 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-04-13 08:57:20 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-04-13 08:57:06 80488 ----a-w- c:\windows\system32\RtNicProp32.dll
2012-04-13 08:57:06 491112 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2012-04-13 08:57:06 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2012-04-13 08:56:51 -------- d-----w- C:\Intel
2012-04-13 08:56:46 -------- d-----w- c:\program files\Setup Files
2012-04-13 08:49:41 -------- d-----w- c:\program files\MSI
2012-04-12 14:34:31 -------- d-----w- c:\users\x\appdata\roaming\Colibri Games
2012-04-12 14:34:31 -------- d-----w- c:\programdata\Colibri Games
2012-04-12 08:23:25 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:23:25 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:23:25 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:23:25 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 20:19:03 -------- d-----w- c:\users\x\appdata\roaming\RIFT
2012-04-10 17:17:07 -------- d-----w- c:\program files\Broken Sword 2.5
2012-04-10 13:29:23 -------- d-----w- c:\program files\EA Games
2012-04-08 15:02:58 -------- d-----w- c:\program files\CuteSoft
2012-04-05 15:44:00 -------- d-----w- c:\program files\ETS
2012-04-05 15:41:57 -------- d-----w- c:\users\x\appdata\local\Downloaded Installations
2012-03-29 14:18:57 -------- d-----w- c:\program files\SWF to AVI
2012-03-29 13:48:34 -------- d-----w- c:\users\x\appdata\roaming\DonationCoder
2012-03-29 13:48:18 -------- d-----w- c:\program files\WinPcap
2012-03-29 13:47:02 -------- d-----w- c:\programdata\DonationCoder
2012-03-29 13:47:02 -------- d-----w- c:\program files\URLSnooper2
2012-03-29 13:35:06 -------- d-----w- c:\program files\iPod
2012-03-28 19:57:45 -------- d-----w- c:\users\x\.mediathek3
2012-03-24 18:30:42 -------- d-----w- C:\madtv
2012-03-24 18:30:40 -------- d-----w- C:\Theme
2012-03-24 18:27:33 -------- d-----w- c:\users\x\appdata\local\DOSBox
2012-03-24 18:25:27 -------- d-----w- c:\program files\DOSBox-0.74
2012-03-19 18:12:53 -------- d-----w- c:\users\x\appdata\roaming\mathegrafix
2012-03-19 18:02:15 -------- d-----w- c:\program files\TurboPlot
2012-03-19 04:08:57 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f86e713-6bac-4041-acd7-f4dfd7d3a37b}\offreg.dll
2012-03-19 04:07:49 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4f86e713-6bac-4041-acd7-f4dfd7d3a37b}\mpengine.dll
2012-03-18 22:18:13 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 22:18:13 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-04-10 20:01:03 234768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-04-10 14:26:34 138056 ----a-w- c:\users\x\appdata\roaming\PnkBstrK.sys
2012-04-10 14:25:50 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-29 23:59:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59:00 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 23:59:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 20:56:41 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55:16 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53:47 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53:46 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53:46 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:53:45 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 11:26:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 09:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 09:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 23:15:43,88 ===============
--- --- ---
--- --- ---
GMER.txt Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-15 08:18:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 WDC_WD5000AAKS-65A7B0 rev.01.03B01
Running: yeozxwst.exe; Driver: C:\Users\***\AppData\Local\Temp\agryaaod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9482CDAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9482EFE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9482F262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9482F4D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9482D6BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9482E4F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x9482EA3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x9482D99A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x9482E922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x9482C998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9482E7F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9482CB40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9482EB5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x9482D344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x9482D442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x9482F722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9482E88C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9483024A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x9482DE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x94831458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x9482DC2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x9483033C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x94830AA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x9482EAD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x9482D740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x9482E9B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x9482CFE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x9483083E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x9482EBF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x9482CED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9482F7DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x94830DDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x948306D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x9482B652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9482EF56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9482EE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x9482FFE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x9482B9CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x948312FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x9482B5EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9482E238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9482D560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x9482F87E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x948304DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x94830F2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x94831020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x9483115A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x9483016E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9482D18E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x9482D0E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x94830C82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9482D27A]
Code 8F754BFC ZwTraceEvent
Code 8F754BFB NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13CD 82C839A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CA34E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 139F 82CAA75C 4 Bytes [AA, CD, 82, 94] {STOSB ; INT 0x82; XCHG ESP, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 13C7 82CAA784 8 Bytes CALL E55F2A78
.text ntoskrnl.exe!KeRemoveQueueEx + 140B 82CAA7C8 4 Bytes [D8, F4, 82, 94]
.text ntoskrnl.exe!KeRemoveQueueEx + 1437 82CAA7F4 4 Bytes [BE, D6, 82, 94]
.text ntoskrnl.exe!KeRemoveQueueEx + 145B 82CAA818 4 Bytes [F2, E4, 82, 94]
.text ...
.text ntoskrnl.exe!NtTraceEvent 82CC3E8B 5 Bytes JMP 8F754C00
? C:\Users\***\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Spybot Code:
--- Search result list ---
W3i.IQ5.fraud: [SBI $467B1F92] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Freeze.com
W3i.IQ5.fraud: [SBI $678078F9] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\W3i
Benutzer-Abbruch: Überprüfung wurde nicht vollständig durchgeführt! (Status)
Double Click in Zusammenhang mit IE hat er auch gefunden. Obwohl ich diesen Browser nicht benutze.
Einsetzen tue ich die Kaspersky Security Suite CBE 11. Soll ich die weiterbenutzen oder gibt es Alternativen die ihr mir eher empfehlen würdet? Ich werde wohl, danach sieht es für mich aus, formatieren müssen. Gibt es eine Möglichkeit Windows so zu installieren, dass man es jederzeit nach 3 Monaten formatieren kann und dennoch die Daten erhalten bleiben? Sowas wäre gut um dem vorzubeugen. |
