Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chin09.Win


  • This topic is locked This topic is locked
6 replies to this topic

#1 alegri.g

alegri.g

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 28 December 2009 - 12:54 PM

I've read in another Thread, what i have to do, so i'll just paste the Files and hope you can help me.

DDS.txt :


DDS (Ver_09-12-01.01) - NTFSx86
Run by Alexander Grimm at 13:33:18,46 on 28.12.2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.143 [GMT 1:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
svchost.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\dokumente und einstellungen\alexander grimm\lokale einstellungen\anwendungsdaten\wwhggppy.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\settdebugx.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Nikon\PictureProject\NkbMonitor.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\wscsvc32.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Alexander Grimm\Eigene Dateien\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uWindow Title = Arcor AG & Co. KG
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Arcor AG & Co. KG
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\programme\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\programme\dvdvideosoft\tbDVDV.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\programme\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programme\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programme\windows live\toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\programme\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\programme\dvdvideosoft\tbDVDV.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\programme\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\programme\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programme\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\programme\dvdvideosoft\tbDVDV.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AVKBar] "c:\programme\g data antivirenkit präsentiert von aol\AVKBar.exe"
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
uRun: [wwhggppy] "c:\dokumente und einstellungen\alexander grimm\lokale einstellungen\anwendungsdaten\wwhggppy.exe" wwhggppy
uRun: [WMPNSCFG] c:\programme\windows media player\WMPNSCFG.exe
uRun: [settdebugx.exe] c:\dokume~1\alexan~1\lokale~1\temp\settdebugx.exe
uRun: [Malware Defense] "c:\programme\malware defense\mdefense.exe" -noscan
mRun: [Dit] Dit.exe
mRun: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Keyboard Status] c:\progra~1\medion\keystat\KeyStat.exe
mRun: [AOLDialer] c:\programme\gemeinsame dateien\aol\acs\AOLDial.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RemoteControl] "c:\programme\home cinema\powerdvd\PDVDServ.exe"
mRun: [PCMService] "c:\programme\home cinema\powercinema\PCMService.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NWEReboot]
mRun: [ISUSPM Startup] c:\progra~1\gemein~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\programme\gemeinsame dateien\installshield\updateservice\issch.exe" -start
mRun: [RealTray] c:\programme\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [wlconfig] "c:\programme\wlan monitor\wlconfig.exe" -autostart
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SweetIM] c:\programme\sweetim\messenger\SweetIM.exe
mRun: [AVP] "c:\programme\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\blueto~1.lnk - c:\programme\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\nkbmon~1.lnk - c:\programme\nikon\pictureproject\NkbMonitor.exe
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\programme\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\programme\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programme\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\programme\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\programme\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119522480859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.255.255.255 195.137.236.101

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\alexan~1\anwend~1\mozilla\firefox\profiles\3kf9stx4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spickmich.de/home
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\dokumente und einstellungen\alexander grimm\anwendungsdaten\mozilla\firefox\profiles\3kf9stx4.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\programme\microsoft\office live\npOLW.dll
FF - plugin: c:\programme\mozilla firefox 3.1 beta 3\plugins\np_gp.dll
FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programme\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-12-28 315408]
R2 accsvc;AccSys WiFi Component;c:\programme\gemeinsame dateien\accsys\accsvc.exe [2007-2-7 147456]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-13 54752]
R2 ICQ Service;ICQ Service;c:\programme\icq6toolbar\ICQ Service.exe [2009-7-15 222968]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-2-7 32512]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-6-23 799744]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-6-23 1287296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
S2 AVP;Kaspersky Anti-Virus;c:\programme\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-6-23 17408]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\programme\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\pfc027.sys [2005-5-27 162304]

=============== Created Last 30 ================

2009-12-28 12:26:16 0 d-----w- c:\programme\Malware Defense
2009-12-28 12:21:23 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-28 12:21:23 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-28 12:20:15 0 d-----w- c:\programme\Kaspersky Lab
2009-12-28 12:20:15 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Kaspersky Lab
2009-12-28 12:18:23 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Kaspersky Lab Setup Files
2009-12-27 21:49:13 665 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-27 21:48:10 200 ----a-w- c:\windows\system32\srcr.dat
2009-12-27 15:11:00 0 d-----w- c:\programme\Conduit
2009-12-27 15:10:36 0 d-----w- c:\programme\DVDVideoSoft
2009-12-26 15:20:27 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-26 15:20:27 1409 ----a-w- c:\windows\QTFont.for

==================== Find3M ====================

2009-12-28 12:12:58 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2009-12-19 20:36:01 20 ---h--w- c:\dokume~1\alluse~1\anwend~1\PKP_DLec.DAT
2009-12-19 20:36:01 20 ---h--w- c:\dokume~1\alluse~1\anwend~1\PKP_DLds.DAT
2009-12-10 15:08:11 83062 ----a-w- c:\windows\system32\perfc007.dat
2009-12-10 15:08:11 453882 ----a-w- c:\windows\system32\perfh007.dat
2009-11-28 23:42:45 80008 ----a-w- c:\dokume~1\alexan~1\anwend~1\GDIPFONTCACHEV1.DAT
2009-11-25 10:19:02 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-29 07:40:25 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 18:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-13 10:32:34 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 150528 ----a-w- c:\windows\system32\rastls.dll
2005-06-23 17:13:52 8 --sh--r- c:\windows\system32\ED17786B2C.sys
2005-06-23 17:13:52 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-07 19:11:41 32768 --sha-w- c:\windows\system32\config\systemprofile\lokale einstellungen\verlauf\history.ie5\mshist012008100720081008\index.dat

============= FINISH: 13:35:13,60 ===============


Attach.txt :


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 31.07.2005 10:06:55
System Uptime: 28.12.2009 13:12:06 (0 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7046
Processor: Intel® Pentium® 4 CPU 3.06GHz | Socket 478 | 3059/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 116 GiB total, 90,197 GiB free.
D: is FIXED (NTFS) - 107 GiB total, 105,369 GiB free.
E: is FIXED (FAT32) - 10 GiB total, 7,216 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP860: 30.09.2009 19:39:15 - Systemprüfpunkt
RP861: 02.10.2009 16:01:24 - Systemprüfpunkt
RP862: 03.10.2009 16:01:43 - Systemprüfpunkt
RP863: 04.10.2009 16:30:59 - Systemprüfpunkt
RP864: 05.10.2009 18:13:25 - Systemprüfpunkt
RP865: 08.10.2009 16:55:11 - Systemprüfpunkt
RP866: 09.10.2009 17:08:14 - Systemprüfpunkt
RP867: 11.10.2009 14:39:39 - Systemprüfpunkt
RP868: 12.10.2009 21:25:06 - Software Distribution Service 3.0
RP869: 14.10.2009 17:11:26 - Systemprüfpunkt
RP870: 15.10.2009 21:34:12 - Software Distribution Service 3.0
RP871: 17.10.2009 15:38:37 - Systemprüfpunkt
RP872: 18.10.2009 15:45:04 - Systemprüfpunkt
RP873: 19.10.2009 18:11:46 - Systemprüfpunkt
RP874: 21.10.2009 17:25:12 - Systemprüfpunkt
RP875: 22.10.2009 18:12:24 - Systemprüfpunkt
RP876: 24.10.2009 12:58:04 - Systemprüfpunkt
RP877: 26.10.2009 18:05:58 - Systemprüfpunkt
RP878: 28.10.2009 16:08:28 - Systemprüfpunkt
RP879: 29.10.2009 16:40:46 - Systemprüfpunkt
RP880: 30.10.2009 18:05:23 - Systemprüfpunkt
RP881: 31.10.2009 18:24:16 - Systemprüfpunkt
RP882: 01.11.2009 20:09:37 - Systemprüfpunkt
RP883: 07.11.2009 11:02:04 - Software Distribution Service 3.0
RP884: 08.11.2009 14:01:25 - Systemprüfpunkt
RP885: 09.11.2009 18:15:25 - Systemprüfpunkt
RP886: 10.11.2009 18:56:16 - Systemprüfpunkt
RP887: 12.11.2009 20:49:02 - Installed SweetIM for Messenger 2.7
RP888: 13.11.2009 17:54:02 - DirectX wurde installiert
RP889: 13.11.2009 22:31:59 - Software Distribution Service 3.0
RP890: 14.11.2009 22:51:00 - Software Distribution Service 3.0
RP891: 15.11.2009 12:27:35 - Software Distribution Service 3.0
RP892: 15.11.2009 13:39:47 - Druckertreiber Microsoft XPS Document Writer installiert
RP893: 16.11.2009 16:25:36 - Systemprüfpunkt
RP894: 16.11.2009 17:58:05 - Software Distribution Service 3.0
RP895: 17.11.2009 20:17:33 - Systemprüfpunkt
RP896: 19.11.2009 17:36:18 - Systemprüfpunkt
RP897: 20.11.2009 15:55:24 - Software Distribution Service 3.0
RP898: 21.11.2009 18:07:18 - Systemprüfpunkt
RP899: 21.11.2009 19:01:19 - Software Distribution Service 3.0
RP900: 23.11.2009 14:02:56 - Systemprüfpunkt
RP901: 24.11.2009 16:30:50 - Systemprüfpunkt
RP902: 25.11.2009 21:03:37 - Software Distribution Service 3.0
RP903: 27.11.2009 16:10:11 - Systemprüfpunkt
RP904: 28.11.2009 16:15:20 - Systemprüfpunkt
RP905: 29.11.2009 18:35:58 - Systemprüfpunkt
RP906: 30.11.2009 19:06:17 - Systemprüfpunkt
RP907: 01.12.2009 19:29:43 - Systemprüfpunkt
RP908: 04.12.2009 16:12:12 - Systemprüfpunkt
RP909: 05.12.2009 17:05:08 - Systemprüfpunkt
RP910: 06.12.2009 17:47:38 - Systemprüfpunkt
RP911: 07.12.2009 17:54:16 - Systemprüfpunkt
RP912: 08.12.2009 18:30:22 - Systemprüfpunkt
RP913: 09.12.2009 21:16:55 - Software Distribution Service 3.0
RP914: 12.12.2009 19:24:46 - Systemprüfpunkt
RP915: 14.12.2009 14:04:42 - Systemprüfpunkt
RP916: 14.12.2009 18:02:05 - Software Distribution Service 3.0
RP917: 18.12.2009 16:08:42 - Systemprüfpunkt
RP918: 19.12.2009 18:54:49 - Systemprüfpunkt
RP919: 20.12.2009 20:34:10 - Systemprüfpunkt
RP920: 22.12.2009 15:24:43 - Systemprüfpunkt
RP921: 23.12.2009 17:15:57 - Systemprüfpunkt
RP922: 24.12.2009 17:31:45 - Systemprüfpunkt
RP923: 25.12.2009 15:37:39 - WinZip 14.0 wird installiert
RP924: 27.12.2009 14:46:43 - Systemprüfpunkt
RP925: 27.12.2009 23:08:03 - Avira AntiVir Personal - 27.12.2009 23:05
RP926: 27.12.2009 23:12:41 - Avira AntiVir Personal - 27.12.2009 23:12
RP927: 27.12.2009 23:29:05 - Avira AntiVir Personal - 27.12.2009 23:28
RP928: 27.12.2009 23:32:50 - Avira AntiVir Personal - 27.12.2009 23:32
RP929: 28.12.2009 13:19:55 - Installierte(s) Kaspersky Anti-Virus 2010.

==== Installed Programs ======================


Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0 - Deutsch
Adobe Shockwave Player 11.5
AOL Deinstallation
AOL Meine Fotos Bildschirmschoner
AutoUpdate
Bluetooth Stack for Windows by Toshiba
C-Media High Definition Audio Driver
Championsheep Rally
ConvertHelper 2.2
Crazy Machines
Creatix V.92 Data Fax Modem
Das große Wissensquiz 1.21.TA
Das Latein-Wörterbuch 2.1
Disneys Auf galaktischer Rettungsmission
DivX Player
DivX Pro
DVDVideoSoft Toolbar
Favorit
Flexa 3D
Free Audio CD Burner version 1.2
Free YouTube to MP3 Converter version 3.2
G DATA Logox4 Speechengine
Generic USB CardReader 2.0
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
ICQ Toolbar
ICQ6.5
J2SE Runtime Environment 5.0 Update 2
Juiced
Junk Mail filter update
Kaspersky Anti-Virus 2010
KeyStat
Kids entdecken den menschlichen Körper
Learn2 Player (Uninstall Only)
Lernwerkstatt
Logitech Gaming Software
MediaShow 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional mit FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.6)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero Suite
Nikon Message Center
NVIDIA Drivers
PC Camer@N
PhotoNow! 1.0
PictureProject
PowerCinema 4.0
PowerDirector
PowerDVD
PowerProducer
QuickTime
RealPlayer Basic
Redcat Das Lebende Malbuch
screensaver 03-2007
SeaMonkey (1.1.9)
Segoe UI
Sicherheitsupdate für Step by Step Interactive Training (KB898458)
Sicherheitsupdate für Step by Step Interactive Training (KB923723)
Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Media Encoder (KB954156)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923689)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Ski-Doo X-Team Racing
Skypeâ„¢ 4.0
SonicR
SpongeBob Schwammkopf - Schlacht um Bikini Bottom
Stronghold Crusader
SweetIM for Messenger 2.7
SweetIM Toolbar for Internet Explorer 3.4
Ulead VideoStudio 7 SE DVD
Uninstall 1.0.0.1
Update für Windows Internet Explorer 8 (KB971180)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Waldmeister Sause XXL - Winteredition
WebFldrs XP
Wichtiges Update für Windows Media Player 11 (KB959772)
Windows-Sicherungsprogramm
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Encoder 9-Reihe
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Series Power Toy - Ratings Migration
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinZip 14.0
WLAN Monitor
WLAN Quick-Starter
World Racing

==== End Of File ===========================


gmer.log :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-28 17:33:43
Windows 5.1.2600 Service Pack 3
Running: j8vn3llz.exe; Driver: C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\kwnoiaog.sys


---- System - GMER 1.0.15 ----

Code 82C7DB70 ZwEnumerateKey
Code 82C7DC48 ZwFlushInstructionCache
Code 82C7D916 IofCallDriver
Code 82C7C6BE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 82C7D91B
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 82C7C6C3
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC6 5 Bytes JMP 82C7DC4C
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB72 5 Bytes JMP 82C7DB74

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Mozilla Firefox\firefox.exe[4032] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 01B92C96
.text C:\Programme\Mozilla Firefox\firefox.exe[4032] WS2_32.dll!send 71A14C27 5 Bytes JMP 01B9212F
.text C:\Programme\Mozilla Firefox\firefox.exe[4032] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01B92812

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1360] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTyxecnefrmo.sys (*** hidden *** ) F3D53000-F3D6F000 (114688 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [688] 0x00B90000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [780] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [852] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [888] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1024] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1084] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1308] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1388] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1548] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1932] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2208] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\H8SRTyxecnefrmo.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd503560
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTyxecnefrmo.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTyxecnefrmo.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeacdvjilrm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTxdowmwreot.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0009dd503560 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTyxecnefrmo.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTyxecnefrmo.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeacdvjilrm.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTxdowmwreot.dat
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\Alexander Grimm\Lokale Einstellungen\Temp\H8SRT56df.tmp 343040 bytes executable
File C:\WINDOWS\Temp\H8SRTce8b.tmp 200 bytes
File C:\WINDOWS\system32\drivers\H8SRTyxecnefrmo.sys 39936 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\H8SRTeacdvjilrm.dll 23040 bytes executable
File C:\WINDOWS\system32\H8SRTxdowmwreot.dat 205 bytes
File C:\WINDOWS\system32\H8SRTytasjospxs.dll 36864 bytes executable

---- EOF - GMER 1.0.15 ----


I don't really know if it's right, but I understood it like this. I hope you can help me.

Edited by Amazing Andrew, 28 December 2009 - 02:21 PM.
Mod Edit: Moved From Business Apps - AA


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:36 AM

Posted 07 January 2010 - 03:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 alegri.g

alegri.g
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 09 January 2010 - 06:40 AM

So here is the DDS again. Hope you can help me now.
Ok, I'll try to describe my problem, but forgive me if it's not so clear, I'm from Germany. So, all minute there is opening a popup that sais that there are some viruses on my Computer. But they don't really look like Windows-popups because often they're in CAPITAL ALL THE TIME or so. Apart from that: At beginning the Virus simply deleted my Antivirus software. (Avira-Antivir). I downloaded another one (Kaspersky) but I can't open it. And at last I think it damages my Main Memory (is it main memory? In german it's Arbeitsspeicher) because often when I'm in the internet there is a popup that sais: "One part of the Website can not be showed because the Main memory is to low" (or like this). Thats all I've relized so far, of course my computer is much slower than normal. I hope thats enaugh explaining.

So here the DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Alexander Grimm at 12:27:30,43 on 09.01.2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.511.62 [GMT 1:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Medion\KeyStat\KeyStat.exe
C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\SweetIM\Messenger\SweetIM.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Malware Defense\mdefense.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programme\Nikon\PictureProject\NkbMonitor.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
svchost.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\ICQ6Toolbar\ICQ Service.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\dokumente und einstellungen\alexander grimm\lokale einstellungen\anwendungsdaten\habcdcg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Alexander Grimm\Eigene Dateien\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uWindow Title = Arcor AG & Co. KG
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Arcor AG & Co. KG
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\programme\sweetim\toolbars\internet explorer\mgHelper.dll
uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\programme\dvdvideosoft\tbDVDV.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\programme\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programme\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programme\windows live\toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\programme\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\programme\dvdvideosoft\tbDVDV.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\programme\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\programme\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programme\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\programme\dvdvideosoft\tbDVDV.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\programme\icq6toolbar\ICQToolBar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [AVKBar] "c:\programme\g data antivirenkit präsentiert von aol\AVKBar.exe"
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\programme\windows media player\WMPNSCFG.exe
uRun: [settdebugx.exe] c:\dokume~1\alexan~1\lokale~1\temp\settdebugx.exe
uRun: [Malware Defense] "c:\programme\malware defense\mdefense.exe" -noscan
uRun: [habcdcg] "c:\dokumente und einstellungen\alexander grimm\lokale einstellungen\anwendungsdaten\habcdcg.exe" habcdcg
mRun: [Dit] Dit.exe
mRun: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Keyboard Status] c:\progra~1\medion\keystat\KeyStat.exe
mRun: [AOLDialer] c:\programme\gemeinsame dateien\aol\acs\AOLDial.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [RemoteControl] "c:\programme\home cinema\powerdvd\PDVDServ.exe"
mRun: [PCMService] "c:\programme\home cinema\powercinema\PCMService.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [NWEReboot]
mRun: [ISUSPM Startup] c:\progra~1\gemein~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\programme\gemeinsame dateien\installshield\updateservice\issch.exe" -start
mRun: [RealTray] c:\programme\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [wlconfig] "c:\programme\wlan monitor\wlconfig.exe" -autostart
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SweetIM] c:\programme\sweetim\messenger\SweetIM.exe
mRun: [AVP] "c:\programme\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [tsnpstd3] c:\windows\tsnpstd3.exe
mRun: [UCam_Menu] "c:\programme\\homecinema\youcam\muitransfer\muistartmenu.exe" "c:\programme\\homecinema\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [snpstd3] c:\windows\vsnpstd3.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\blueto~1.lnk - c:\programme\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\nkbmon~1.lnk - c:\programme\nikon\pictureproject\NkbMonitor.exe
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\programme\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\programme\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programme\windows live\writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\programme\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\programme\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1119522480859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.255.255.255 195.137.236.101

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\alexan~1\anwend~1\mozilla\firefox\profiles\3kf9stx4.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.spickmich.de/home
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\dokumente und einstellungen\alexander grimm\anwendungsdaten\mozilla\firefox\profiles\3kf9stx4.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\alexander grimm\anwendungsdaten\mozilla\firefox\profiles\3kf9stx4.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\programme\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\programme\java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\programme\microsoft\office live\npOLW.dll
FF - plugin: c:\programme\mozilla firefox 3.1 beta 3\plugins\np_gp.dll
FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\programme\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-12-28 315408]
R2 accsvc;AccSys WiFi Component;c:\programme\gemeinsame dateien\accsys\accsvc.exe [2007-2-7 147456]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-13 54752]
R2 ICQ Service;ICQ Service;c:\programme\icq6toolbar\ICQ Service.exe [2009-7-15 222968]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-2-7 32512]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-6-23 799744]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-6-23 1287296]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S2 AVP;Kaspersky Anti-Virus;c:\programme\kaspersky lab\kaspersky anti-virus 2010\avp.exe [2009-10-20 340456]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-6-23 17408]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\programme\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\pfc027.sys [2005-5-27 162304]

=============== Created Last 30 ================

2010-01-08 18:54:00 0 d-----w- c:\programme\HomeCinema
2010-01-08 18:43:50 94208 ----a-w- c:\windows\amcap.exe
2010-01-08 18:43:46 843776 ----a-w- c:\windows\vsnpstd3.exe
2010-01-08 18:43:46 262144 ----a-w- c:\windows\tsnpstd3.exe
2010-01-08 18:43:46 15498 ----a-w- c:\windows\snpstd3.ini
2010-01-08 18:43:46 13023 ----a-w- c:\windows\snpstd3.src
2010-01-08 18:43:44 10246144 ----a-w- c:\windows\system32\drivers\snpstd3.sys
2010-01-08 18:43:43 61440 ----a-w- c:\windows\system32\vsnpstd3.dll
2010-01-08 18:43:43 172032 ----a-w- c:\windows\system32\rsnpstd3.dll
2010-01-08 18:43:42 53248 ----a-w- c:\windows\system32\csnpstd3.dll
2010-01-08 18:43:42 53248 ----a-w- c:\windows\csnpstd3.dll
2010-01-08 18:43:42 0 d-----w- c:\programme\gemeinsame dateien\snpstd3
2009-12-29 11:12:33 0 d-----w- c:\programme\Malware Defense
2009-12-28 12:21:23 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-28 12:21:23 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-28 12:20:15 0 d-----w- c:\programme\Kaspersky Lab
2009-12-28 12:20:15 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Kaspersky Lab
2009-12-28 12:18:23 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Kaspersky Lab Setup Files
2009-12-27 21:49:13 853 ----a-w- c:\windows\system32\krl32mainweq.dll
2009-12-27 21:48:10 175 ----a-w- c:\windows\system32\srcr.dat
2009-12-27 15:11:00 0 d-----w- c:\programme\Conduit
2009-12-27 15:10:36 0 d-----w- c:\programme\DVDVideoSoft

==================== Find3M ====================

2010-01-09 11:23:44 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-01-07 21:27:42 20 ---h--w- c:\dokume~1\alluse~1\anwend~1\PKP_DLec.DAT
2010-01-07 21:27:42 20 ---h--w- c:\dokume~1\alluse~1\anwend~1\PKP_DLds.DAT
2009-12-10 15:08:11 83062 ----a-w- c:\windows\system32\perfc007.dat
2009-12-10 15:08:11 453882 ----a-w- c:\windows\system32\perfh007.dat
2009-11-28 23:42:45 80008 ----a-w- c:\dokume~1\alexan~1\anwend~1\GDIPFONTCACHEV1.DAT
2009-11-25 10:19:02 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-29 07:40:25 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 18:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-13 10:32:34 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 150528 ----a-w- c:\windows\system32\rastls.dll
2005-06-23 17:13:52 8 --sh--r- c:\windows\system32\ED17786B2C.sys
2005-06-23 17:13:52 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-07 19:11:41 32768 --sha-w- c:\windows\system32\config\systemprofile\lokale einstellungen\verlauf\history.ie5\mshist012008100720081008\index.dat

============= FINISH: 12:30:57,53 ===============

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:36 AM

Posted 10 January 2010 - 07:10 PM

Hi alegri.g,

I'm from Germany as well! :( So if you have any trouble understanding with the instructions just let me know and I'll be happy to help out.

Please provide a log from gmer to check for rootkits:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

Edited by myrti, 10 January 2010 - 07:11 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 alegri.g

alegri.g
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 12 January 2010 - 07:54 AM

So here it is:





GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-11 22:52:14
Windows 5.1.2600 Service Pack 3
Running: ufgzvr55.exe; Driver: C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\kwnoiaog.sys


---- System - GMER 1.0.15 ----

Code 82CBE9A0 ZwEnumerateKey
Code 82CBEC80 ZwFlushInstructionCache
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
Code 82CBE0E6 IofCallDriver
Code 82CBDF36 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9FA0 5 Bytes JMP F3E254DC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 82CBE0EB
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 82CBDF3B
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EE87E 5 Bytes JMP F3E258B6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC6 5 Bytes JMP 82CBEC84
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB72 5 Bytes JMP 82CBE9A4

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F38EF820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F38EF820] \??\C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe[1788] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Programme\Gemeinsame Dateien\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTyxecnefrmo.sys (*** hidden *** ) F3DD4000-F3DF0000 (114688 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [132] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [984] 0x008D0000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1080] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1180] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1224] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1368] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1488] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1728] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2636] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [2792] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [3252] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\H8SRTyxecnefrmo.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd503560
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTyxecnefrmo.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTyxecnefrmo.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeacdvjilrm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTxdowmwreot.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTlteppjxtli.dll
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0009dd503560 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTyxecnefrmo.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTyxecnefrmo.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeacdvjilrm.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTxdowmwreot.dat
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTytasjospxs.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTlteppjxtli.dll

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\Alexander Grimm\Lokale Einstellungen\Temp\H8SRT56df.tmp 343040 bytes executable
File C:\Dokumente und Einstellungen\Alexander Grimm\Lokale Einstellungen\Temp\h8srtmainqt.dll 16651 bytes
File C:\Dokumente und Einstellungen\Jürgen Grimm\Lokale Einstellungen\Temp\h8srtmainqt.dll 16451 bytes
File C:\Dokumente und Einstellungen\Petra Grimm\Lokale Einstellungen\Temp\h8srtmainqt.dll 16530 bytes
File C:\WINDOWS\Temp\H8SRTe28b.tmp 246 bytes
File C:\WINDOWS\system32\drivers\H8SRTyxecnefrmo.sys 39936 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\H8SRTeacdvjilrm.dll 23040 bytes executable
File C:\WINDOWS\system32\H8SRTlteppjxtli.dll 40960 bytes executable
File C:\WINDOWS\system32\H8SRTxdowmwreot.dat 246 bytes
File C:\WINDOWS\system32\H8SRTytasjospxs.dll 36864 bytes executable

---- EOF - GMER 1.0.15 ----

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:36 AM

Posted 12 January 2010 - 08:22 AM

Hi,

you've been infected by a rater nasty rootkit, please run ComboFix:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:36 AM

Posted 17 January 2010 - 02:10 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users