| |
| |||||||
Log-Analyse und Auswertung: Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.10.2010, 11:53
| #1 |
 |  Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Hallo, ich hatte den im Titel beschriebenen Trojaner auf meinem PC und laut den Anleitungen hier im Forum wieder entfernt. Trotzdem bin ich jetzt natürlich ein wenig verunsichert und poste mal die logs die so angefallen sind. Hoffentlich ist alles so wie ihr das gern haben wollt. Vielen Dank schon mal für den Service hier Grüße, jackie |
|
15.10.2010, 21:00
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Hallo und
__________________ Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Gibt es noch weitere Logs von Malwarebytes? Wäre sehr sinnfrei, wenn Du das ohne Funde gepostet hättest!
__________________ |
|
15.10.2010, 21:36
| #3 |
| | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Achso, ich dachte ihr könnt das aus den letzten log Dateien schon erkennen. Ich hatte zuerst einen Vollscan gemacht, musste dann aber meinen Rechner ausschalten. Danach machte ich noch mal einen kompletten Vollscan. Letztendlich den schon geposteten Quickscan. Beim ersten Vollscan wurden schon 19 infizierte Dateien gefunden beim 2. zwei. Hoffe das hilft weiter.
__________________Hier die erste Log-File: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4821
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14.10.2010 15:37:54
mbam-log-2010-10-14 (15-37-54).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 41959
Laufzeit: 23 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 19
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1QXJQBO2\qhlwelge[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45F13276\eidksa[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45F13276\hypkidkjd[1].htm (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AQRB79SU\hypkidkjd[1].htm (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\88E9.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\gipeetyv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\4F54.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\65CA.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\838A.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\857E.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\wioje.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\F201.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\FB77.tmp (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\89D3.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\9954.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\B9BE.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\BAC8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\hotfix.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Program Files\SWiSH Max3\swishzone.all.product-patch.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4821
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
14.10.2010 23:56:07
mbam-log-2010-10-14 (23-56-07).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 302144
Laufzeit: 1 Stunde(n), 13 Minute(n), 22 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
|
|
15.10.2010, 21:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Mach bitte einen neuen Vollscan mit aktuellen Signaturen. Ich möchte das so aktuell wie möglich haben.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.10.2010, 15:47
| #5 |
| | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Ok hier mein aktuellster Scan, eben fertig geworden: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4849
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
16.10.2010 16:45:15
mbam-log-2010-10-16 (16-45-15).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 295554
Laufzeit: 1 Stunde(n), 7 Minute(n), 13 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Roaming\jsfhjjsd.bat (Malware.Trace) -> Quarantined and deleted successfully.
jackie |
|
16.10.2010, 21:24
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Dann brauch ich jetzt neue Logs: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? |
|
17.10.2010, 17:20
| #7 |
| | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Ok, hier die beiden Logs. OTL.txt: Code:
ATTFilter OTL logfile created on: 17.10.2010 18:03:15 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\***\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): c:\pagefile.sys 2302 2302 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 30,02 Gb Total Space | 10,25 Gb Free Space | 34,14% Space Free | Partition Type: NTFS Drive D: | 10,02 Gb Total Space | 2,93 Gb Free Space | 29,20% Space Free | Partition Type: NTFS Drive E: | 149,80 Gb Total Space | 62,53 Gb Free Space | 41,74% Space Free | Partition Type: NTFS Drive F: | 75,90 Gb Total Space | 6,90 Gb Free Space | 9,09% Space Free | Partition Type: NTFS Drive G: | 200,01 Gb Total Space | 18,94 Gb Free Space | 9,47% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Programme\SRWare Iron\iron.exe (SRWare) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation) PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.) PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) PRC - D:\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) SRV - (Hamachi2Svc) -- C:\Program Files\Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (O&O Defrag) -- C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe () SRV - (wampapache) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (Apache Software Foundation) SRV - (msvsmon90) -- D:\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMAuthdService) -- D:\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (ufad-ws60) -- D:\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (vmount2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) SRV - (AcronisOSSReinstallSvc) -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe () ========== Driver Services (SafeList) ========== DRV - (GGSAFERDriver) -- C:\Program Files\Garena\plugins\UI\safedrv.sys File not found DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc. ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ha10kx2k) -- C:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctgame) -- C:\Windows\System32\drivers\ctgame.sys (Creative Technology Ltd.) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (CTSBLFX.SYS) -- C:\Windows\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd) DRV - (CTSBLFX) -- C:\Windows\System32\drivers\CTSBLFX.sys (Creative Technology Ltd) DRV - (CTAUDFX.SYS) -- C:\Windows\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd) DRV - (CTAUDFX) -- C:\Windows\System32\drivers\CTAUDFX.sys (Creative Technology Ltd) DRV - (COMMONFX.SYS) -- C:\Windows\System32\drivers\COMMONFX.SYS (Creative Technology Ltd) DRV - (COMMONFX) -- C:\Windows\System32\drivers\COMMONFX.sys (Creative Technology Ltd) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. ) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.) DRV - (VMparport) -- C:\Windows\System32\drivers\vmparport.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (vstor2-ws60) -- D:\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (vstor2) -- C:\Programme\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 3E C1 BC 60 6A CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2010.09.24 15:12:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.11 16:54:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.15 19:34:23 | 000,000,000 | ---D | M] [2010.06.13 18:36:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.06.11 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p52x51wf.default\extensions [2010.06.11 16:54:07 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.04 11:14:03 | 000,000,893 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AsioReg] C:\Windows\System32\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CmiRemoveDir] C:\Windows\CmiRmRedundDir.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Infium] C:\Programme\QIP 2010\qip.exe File not found O4 - HKCU..\Run: [QIP2005] C:\Program Files\QIP\qip.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.17 18:01:13 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.10.16 18:51:47 | 000,000,000 | ---D | C] -- C:\Programme\winMd5Sum [2010.10.15 19:33:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.10.15 00:35:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.10.15 00:31:14 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.10.15 00:11:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2010.10.14 15:13:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.10.14 15:12:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.14 15:12:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.14 15:12:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.14 15:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.14 14:00:55 | 000,000,000 | -H-D | C] -- C:\$AVG [2010.10.14 13:59:38 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.10.14 12:45:52 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2010.10.14 12:26:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.14 12:26:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.14 12:26:45 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.14 12:26:45 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.10.14 12:26:44 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.14 12:26:44 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.14 12:26:44 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.14 12:26:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.10.14 12:26:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.10.14 12:26:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.14 12:26:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.10.14 12:26:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.14 12:26:30 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.14 12:26:30 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.14 12:26:19 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.14 12:26:14 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll [2010.10.13 17:41:13 | 000,000,000 | ---D | C] -- C:\Programme\AVIcodec [2010.10.13 01:07:30 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.10.12 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Miranda [2010.10.12 23:57:03 | 000,000,000 | ---D | C] -- C:\Programme\Miranda IM [2010.10.04 19:54:11 | 000,761,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll [2010.10.04 19:54:10 | 000,761,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr100.dll [2010.10.03 23:03:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.10.03 22:57:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2010.10.03 22:57:11 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE [2010.10.03 18:38:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\assembly [2010.09.28 22:35:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.07.19 18:47:07 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll ========== Files - Modified Within 30 Days ========== [2010.10.17 18:02:47 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.17 18:02:47 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.17 18:01:21 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.10.17 18:00:12 | 066,493,787 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010.10.17 17:55:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.17 17:55:06 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys [2010.10.17 17:55:06 | 000,382,800 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2010.10.16 21:51:38 | 000,030,168 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx [2010.10.16 21:51:38 | 000,030,168 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx [2010.10.16 21:51:38 | 000,017,528 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx [2010.10.16 21:51:38 | 000,017,528 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx [2010.10.16 21:51:38 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000003-00001102-00000002-80611102}.rfx [2010.10.15 20:53:48 | 000,698,816 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.15 20:53:48 | 000,654,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.15 20:53:48 | 000,148,638 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.15 20:53:48 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.15 19:34:24 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.15 19:24:55 | 002,330,655 | ---- | M] () -- C:\Users\***\Desktop\dsds_test07_solveed_by_superaxel.pdf [2010.10.15 12:50:18 | 000,029,507 | ---- | M] () -- C:\Users\***\Desktop\logs.zip [2010.10.15 00:54:47 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2010.10.15 00:31:17 | 000,000,901 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.10.15 00:31:17 | 000,000,882 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.10.15 00:12:44 | 000,285,168 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip [2010.10.15 00:12:44 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\defogger.exe [2010.10.14 15:12:08 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.14 14:25:20 | 000,341,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.13 13:50:14 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\gmer.exe [2010.09.17 20:14:08 | 000,000,294 | ---- | M] () -- C:\Windows\game.ini ========== Files Created - No Company Name ========== [2010.10.15 19:34:24 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.15 19:24:30 | 002,330,655 | ---- | C] () -- C:\Users\***\Desktop\dsds_test07_solveed_by_superaxel.pdf [2010.10.15 11:17:01 | 000,029,507 | ---- | C] () -- C:\Users\***\Desktop\logs.zip [2010.10.15 01:00:27 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe [2010.10.15 00:54:10 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2010.10.15 00:31:17 | 000,000,901 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.10.15 00:31:17 | 000,000,882 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.10.15 00:12:00 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\defogger.exe [2010.10.15 00:11:59 | 000,285,168 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip [2010.10.14 15:12:08 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.03 16:31:15 | 000,000,294 | ---- | C] () -- C:\Windows\game.ini [2010.08.30 00:10:13 | 000,000,709 | ---- | C] () -- C:\Windows\CoD.INI [2010.07.19 18:55:44 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI [2010.07.19 18:54:30 | 000,166,912 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2010.07.19 18:54:30 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2010.07.19 18:47:03 | 000,021,196 | ---- | C] () -- C:\Windows\System32\instwdm.ini [2010.07.19 18:47:03 | 000,000,321 | ---- | C] () -- C:\Windows\System32\kill.ini [2010.07.19 18:47:03 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini [2010.07.02 01:15:27 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2010.06.28 01:40:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.06.03 21:01:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.05.18 23:01:17 | 000,000,027 | ---- | C] () -- C:\Windows\System32\settings.ini [2010.05.12 11:03:50 | 000,001,428 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010.04.30 15:08:24 | 000,007,615 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2010.04.30 15:04:13 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll [2010.04.30 15:04:03 | 000,000,092 | ---- | C] () -- C:\Windows\CMISETUP.INI [2010.04.30 15:04:03 | 000,000,026 | ---- | C] () -- C:\Windows\CMCDPLAY.INI [2010.04.30 15:04:00 | 000,000,283 | ---- | C] () -- C:\Windows\CmiRmRedund.ini [2010.04.30 15:04:00 | 000,000,000 | ---- | C] () -- C:\Windows\Wininit.ini [2010.04.30 15:03:54 | 000,028,672 | ---- | C] () -- C:\Windows\CMIRmDriver.dll [2010.04.30 14:50:55 | 000,000,011 | ---- | C] () -- C:\Windows\SBWIN.INI [2010.02.11 07:30:38 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2006.10.27 08:26:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2005.12.21 12:36:46 | 000,009,728 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.10.2010 18:03:16 - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\***\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): c:\pagefile.sys 2302 2302 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30,02 Gb Total Space | 10,25 Gb Free Space | 34,14% Space Free | Partition Type: NTFS
Drive D: | 10,02 Gb Total Space | 2,93 Gb Free Space | 29,20% Space Free | Partition Type: NTFS
Drive E: | 149,80 Gb Total Space | 62,53 Gb Free Space | 41,74% Space Free | Partition Type: NTFS
Drive F: | 75,90 Gb Total Space | 6,90 Gb Free Space | 9,09% Space Free | Partition Type: NTFS
Drive G: | 200,01 Gb Total Space | 18,94 Gb Free Space | 9,47% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Programme\SRWare Iron\iron.exe (SRWare)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU
"{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59996900-0E6C-45B7-8C39-C64CB98462E4}" = Microsoft Web Platform Installer 2.0
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B219133-CA46-47EF-98E1-AB12E32D53F9}" = MyMicroBalance
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BA12FD6C-169A-11D7-A6A9-00C026281E5A}" = USB Vibration Joystick
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 4.0.280
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2 - Directors Cut
"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"686C8894C4A74C54EDA40E74ED1AFDB17CF9C474" = Windows-Treiberpaket - Hewlett-Packard Image (05/15/2008 11.5.0.116)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AudioConSole" = Creative-Audiokonsole
"AVG9Uninstall" = AVG Free 9.0
"AVIcodec" = AVIcodec (remove only)
"Biet-O-Matic v2.14.3" = Biet-O-Matic v2.14.3
"Call of Duty" = Call of Duty
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Dead Rising 2_is1" = Dead Rising 2
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"ffdshow" = ffdshow
"foobar2000" = foobar2000 v1.0.3
"Garena" = Garena 2010
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JDownloader" = JDownloader
"LameACM" = LameACM
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack
"Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU
"Miranda IM" = Miranda IM 0.9.6
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero8Lite_is1" = Nero 8 Lite
"OpenAL" = OpenAL
"Sandboxie" = Sandboxie 3.442
"SFBM" = SoundFont-Bank-Manager
"StarCraft II" = StarCraft II
"Steam App 220" = Half-Life 2
"SWI-Prolog" = SWI-Prolog (remove only)
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"WampServer 2_is1" = WampServer 2.0
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.0.6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.10.2010 19:28:46 | Computer Name = *** | Source = EventSystem | ID = 4621
Description =
Error - 13.10.2010 16:50:36 | Computer Name = *** | Source = EventSystem | ID = 4621
Description =
Error - 14.10.2010 08:10:58 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x75015e25 ID des fehlerhaften
Prozesses: 0x10c4 Startzeit der fehlerhaften Anwendung: 0x01cb6b98d46c7bbc Pfad der
fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 19aa0815-d78c-11df-8293-005056c00008
Error - 14.10.2010 08:11:27 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x75015e25 ID des fehlerhaften
Prozesses: 0x96c Startzeit der fehlerhaften Anwendung: 0x01cb6b98ed7b48c3 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 2b4dadf1-d78c-11df-8293-005056c00008
Error - 14.10.2010 08:11:29 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.6425.1000,
Zeitstempel: 0x49d64d22 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdac7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f2c2 ID des fehlerhaften
Prozesses: 0x1130 Startzeit der fehlerhaften Anwendung: 0x01cb6b979d4273ae Pfad der
fehlerhaften Anwendung: D:\Microsoft Office\Office12\WINWORD.EXE Pfad des fehlerhaften
Moduls: C:\Windows\system32\ole32.dll Berichtskennung: 2c49a879-d78c-11df-8293-005056c00008
Error - 14.10.2010 08:17:38 | Computer Name = *** | Source = EventSystem | ID = 4621
Description =
Error - 14.10.2010 18:17:05 | Computer Name = *** | Source = EventSystem | ID = 4621
Description =
Error - 14.10.2010 18:55:26 | Computer Name = *** | Source = EventSystem | ID = 4621
Description =
Error - 15.10.2010 22:00:24 | Computer Name = *** | Source = EventSystem | ID = 4621
Description =
Error - 16.10.2010 15:51:25 | Computer Name = *** | Source = EventSystem | ID = 4621
Description =
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
jackie |
|
17.10.2010, 18:50
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Infium] C:\Programme\QIP 2010\qip.exe File not found
O4 - HKCU..\Run: [QIP2005] C:\Program Files\QIP\qip.exe File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.10.2010, 19:57
| #9 |
| | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Ok, hat so weit geklappt. Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Infium deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP2005 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 588834 bytes
->Temporary Internet Files folder emptied: 655233 bytes
->Java cache emptied: 125825 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 6246 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5879 bytes
RecycleBin emptied: 51529745 bytes
Total Files Cleaned = 50,00 mb
OTL by OldTimer - Version 3.2.15.2 log created on 10172010_205300
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\vmware-vmount.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
21.10.2010, 22:16
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Sry hab Deinen Strang übersehen  Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.10.2010, 01:22
| #11 |
| | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Jo kein Ding, ist ja gut organisiert hier. So, hier die log von ComboFix: Code:
ATTFilter ComboFix 10-10-22.03 - Matthias 23.10.2010 2:00.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2048.1341 [GMT 2:00]
ausgeführt von:: c:\users\Matthias\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\settings.ini
Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert
Kopie von - c:\cofi\HarddiskVolumeShadowCopy1_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691!explorer.exe wurde wiederhergestellt
Infizierte Kopie von c:\windows\System32\wininit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe wurde wiederhergestellt
Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert
Kopie von - c:\cofi\HarddiskVolumeShadowCopy1_!Windows!winsxs!x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691!explorer.exe wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-23 bis 2010-10-23 ))))))))))))))))))))))))))))))
.
2010-10-23 00:09 . 2010-10-23 00:11 -------- d-----w- c:\users\Matthias\AppData\Local\temp
2010-10-23 00:09 . 2010-10-23 00:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-22 10:25 . 2010-10-22 10:25 -------- d-----w- c:\program files\CCleaner
2010-10-18 13:34 . 2010-10-18 13:44 -------- d-----w- c:\programdata\webcamXP 5
2010-10-18 13:34 . 2010-10-18 13:34 -------- d-----w- c:\program files\wLite
2010-10-17 18:53 . 2010-10-17 18:53 -------- d-----w- C:\_OTL
2010-10-16 16:51 . 2010-10-16 16:51 -------- d-----w- c:\program files\winMd5Sum
2010-10-14 22:31 . 2010-10-14 22:31 -------- d-----w- c:\program files\ERUNT
2010-10-14 13:13 . 2010-10-14 13:13 -------- d-----w- c:\users\Matthias\AppData\Roaming\Malwarebytes
2010-10-14 13:12 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-14 13:12 . 2010-10-14 13:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-14 13:12 . 2010-10-14 13:12 -------- d-----w- c:\programdata\Malwarebytes
2010-10-14 13:12 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-14 12:00 . 2010-10-14 12:00 -------- d-----w- C:\$AVG
2010-10-14 10:45 . 2010-10-14 10:45 -------- d-----w- c:\program files\Microsoft
2010-10-13 15:41 . 2010-10-13 15:41 -------- d-----w- c:\program files\AVIcodec
2010-10-12 23:07 . 2010-10-12 23:07 -------- d-----w- c:\program files\QuickTime
2010-10-12 21:57 . 2010-10-12 21:57 -------- d-----w- c:\users\Matthias\AppData\Roaming\Miranda
2010-10-12 21:57 . 2010-10-12 21:57 -------- d-----w- c:\program files\Miranda IM
2010-10-04 17:54 . 2009-08-24 08:15 761152 ----a-w- c:\windows\system32\msvcr100.dll
2010-10-04 17:54 . 2009-08-24 08:15 761152 ----a-w- c:\windows\msvcr100.dll
2010-10-03 20:57 . 2010-10-03 20:57 -------- d-----w- c:\windows\system32\xlive
2010-10-03 20:57 . 2010-10-03 20:57 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-10-03 16:38 . 2010-10-03 16:38 -------- d-----w- c:\users\Matthias\AppData\Local\assembly
2010-09-28 20:35 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 05:32 . 2010-09-15 09:16 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30 . 2010-08-12 17:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 17:30 82944 ----a-w- c:\windows\system32\iccvid.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"="CTASIO.DLL" [2009-06-23 46592]
"AVG9_TRAY"="c:\progra~3\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
c:\users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matthias\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^foobar2000.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\foobar2000.lnk
backup=c:\windows\pss\foobar2000.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-03-30 09:16 1820040 ----a-w- c:\program files\Hamachi\hamachi-2-ui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 22:34 2524416 ----a-w- c:\programme\OO Software\Defrag\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-04-17 10:56 394984 ----a-w- c:\program files\Sandboxie\SbieCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 21:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2007-10-08 07:26 55856 ----a-w- d:\vmware\VMware Workstation\hqtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2007-10-08 07:27 72240 ----a-w- d:\vmware\VMware Workstation\vmware-tray.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-06-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-06-23 555032]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-06-23 555032]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-06-23 566296]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\plugins\UI\safedrv.sys [2010-10-20 22112]
R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [2010-05-02 5027328]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-01 691696]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024]
S2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\Hamachi\hamachi-2.exe [2010-03-30 1107336]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-06-23 99352]
S3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2009-06-23 18840]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-06-23 566296]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\p52x51wf.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-Cmaudio - cmicnfg.cpl
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(2200)
c:\users\Matthias\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\programme\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\OO Software\Defrag\oodag.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
d:\vmware\VMware Workstation\vmware-authd.exe
c:\programme\AVG\AVG9\avgnsx.exe
c:\programme\AVG\AVG9\avgrsx.exe
c:\programme\AVG\AVG9\avgchsvx.exe
c:\windows\system32\vmnetdhcp.exe
c:\programme\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-23 02:14:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-10-23 00:14
Vor Suchlauf: 9 Verzeichnis(se), 10.903.375.872 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 10.772.631.552 Bytes frei
- - End Of File - - 5EF4E410AC8B3E4430535F340D8D7E5B
jackie |
|
23.10.2010, 19:14
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2010, 14:22
| #13 |
| | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Ok, hier die gmer.log: Code:
ATTFilter GMER 1.0.15.15315 - hxxp://www.gmer.net
Rootkit scan 2010-10-24 14:39:38
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\fglyqkow.sys
---- System - GMER 1.0.15 ----
Code 85D71C4C ZwTraceEvent
Code 85D71C4B NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C458E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C653D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!NtTraceEvent 82C85A80 5 Bytes JMP 85D71C50
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91426000, 0x267978, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\usbhub \Device\00000077 hcmon.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\usbhub \Device\00000078 hcmon.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\usbhub \Device\00000079 hcmon.sys
Device \Driver\ACPI_HAL \Device\0000005c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbhub \Device\0000007a hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys
---- Threads - GMER 1.0.15 ----
Thread System [4:5144] A5846F2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x94 0xEC 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xF9 0x73 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5E 0xDE 0xF9 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x94 0xEC 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xF9 0x73 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5E 0xDE 0xF9 0x6E ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 49BF3103E51E64D25B491BF7B54FD4BB9A9913A8F1F680A9F90399A338D1F32F9D988644D752A668937E85B7B582E3535954609A7AECF72FB8A9A2259021BA6EEC09FDDD7C3E60BC9F860AEDF212A00D2AEC51F553C929BF36712E79602E60D01DFC75D8567102A12CFCF3DEC6917843A04FBB55CCC09ADD88B7BE370C6B2BA1E963BD6380C0AD4B3803026F20D20D339FEFEA77CAC60EF11BDFCC140B109591E1311BCD27C33BD4183E632880723080DF411E3F4316F1472A4F45EDEA98CD35665EC88C0D573739F356C1B97E4AEC306E3E8733432EEC8C48728743CA423605FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC79335E3A597C058C6AB599F193C6DBFE768BB4A460E4E74770E04A905EEB9B829CFD37782DB89F0048E7B4DACDDA8FF7898EC3B74B10155D59985FE6BA4FB83EF02B897D82DE24AE055224C77C8692CA46F494CBDE412BC138514262FA111F76D4955C5DC54F17AEFCFE703B3AA1FACEC60C56F2816A782B86C3E747EFDBEC64BC0006ABD48D8F5843D6783C11A7F49E580B8CC60A9EDE956E8D16DEE07DDB855190B50282BE394C9D2B6CD402B8431900890DE1C69853C150B06A758768B51BEF526A0117AFD26A03AD5494811A3762F18
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:17:34 on 24.10.2010 OS: Windows 7 (Build 7600), 32-bit Default Browser: SRWare SRWare Iron 4.0.280.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\avgrsstx.dll [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\Windows\system32\OODBS.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys "AVG Free AVI Loader Driver x86" (AvgLdx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgldx86.sys "AVG Free Network Redirector" (AvgTdiX) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgtdix.sys "AVG Free On-access Scanner Minifilter Driver x86" (AvgMfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgmfx86.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "GGSAFER Driver" (GGSAFERDriver) - ? - C:\Program Files\Garena\plugins\UI\safedrv.sys (File found, but it contains no detailed information) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "SbieDrv" (SbieDrv) - "tzuk" - C:\Program Files\Sandboxie\SbieDrv.sys "VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\Drivers\hcmon.sys "VMware kbd" (vmkbd) - "VMware, Inc." - C:\Windows\system32\drivers\VMkbd.sys "VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys "VMware VMparport" (VMparport) - "VMware, Inc." - C:\Windows\system32\Drivers\VMparport.sys "VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\Drivers\vmx86.sys "Vstor2 Virtual Storage Driver" (vstor2) - "VMware, Inc." - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys "Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - D:\VMware\VMware Workstation\vstor2-ws60.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgpp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgse.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgssie.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - ? - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AVG9_TRAY" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~3\AVG\AVG9\avgtray.exe "CmiRemoveDir" - ? - C:\Windows\CMIRMR~1.EXE " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis OS Selector Reinstall Service" (AcronisOSSReinstallSvc) - ? - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (File found, but it contains no detailed information) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "AVG Free WatchDog" (avg9wd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgwdsvc.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\Hamachi\hamachi-2.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\Programme\OO Software\Defrag\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Sandboxie Service" (SbieSvc) - "tzuk" - C:\Program Files\Sandboxie\SbieSvc.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "VMware Agent Service" (ufad-ws60) - "VMware, Inc." - D:\VMware\VMware Workstation\vmware-ufad.exe "VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - D:\VMware\VMware Workstation\vmware-authd.exe "VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\Windows\system32\vmnetdhcp.exe "VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\Windows\system32\vmnat.exe "VMware Virtual Mount Manager Extended" (vmount2) - "VMware, Inc." - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe "wampapache" (wampapache) - "Apache Software Foundation" - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe "wampmysqld" (wampmysqld) - ? - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (File found, but it contains no detailed information) "webcamXP Service" (wxpSvc) - "Moonware Studios" - C:\Program Files\wLite\wService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Logical Drives Mask: 0x00000ffc
Kernel Drivers (total 170):
0x82C3A000 \SystemRoot\system32\ntoskrnl.exe
0x82C03000 \SystemRoot\system32\halmacpi.dll
0x80BB7000 \SystemRoot\system32\kdcom.dll
0x89432000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x894AA000 \SystemRoot\system32\PSHED.dll
0x894BB000 \SystemRoot\system32\BOOTVID.dll
0x894C3000 \SystemRoot\system32\CLFS.SYS
0x89505000 \SystemRoot\system32\CI.dll
0x895B0000 \SystemRoot\system32\drivers\Wdf01000.sys
0x89621000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8962F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x89677000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x89680000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x89688000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x89693000 \SystemRoot\system32\DRIVERS\pci.sys
0x896BD000 \SystemRoot\System32\drivers\partmgr.sys
0x896CE000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x896DE000 \SystemRoot\System32\drivers\volmgrx.sys
0x89729000 \SystemRoot\system32\DRIVERS\intelide.sys
0x89730000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8973E000 \SystemRoot\System32\drivers\mountmgr.sys
0x89754000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8975D000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x89780000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x89789000 \SystemRoot\system32\drivers\fltmgr.sys
0x897BD000 \SystemRoot\system32\drivers\fileinfo.sys
0x8981E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8994D000 \SystemRoot\System32\Drivers\msrpc.sys
0x89978000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8998B000 \SystemRoot\System32\Drivers\cng.sys
0x899E8000 \SystemRoot\System32\drivers\pcw.sys
0x899F6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x899FF000 \SystemRoot\system32\drivers\ndis.sys
0x89AB6000 \SystemRoot\system32\drivers\NETIO.SYS
0x89AF4000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89C02000 \SystemRoot\System32\drivers\tcpip.sys
0x89D4B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89D7C000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x89D85000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x89DC4000 \SystemRoot\System32\Drivers\spldr.sys
0x89DCC000 \SystemRoot\system32\DRIVERS\snapman.sys
0x89DE7000 \SystemRoot\System32\drivers\rdyboost.sys
0x89E14000 \SystemRoot\System32\Drivers\mup.sys
0x89E24000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89E2C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89E5E000 \SystemRoot\system32\DRIVERS\disk.sys
0x89E6F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89E94000 \SystemRoot\system32\DRIVERS\agp440.sys
0x89ED6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89EF5000 \SystemRoot\System32\Drivers\Null.SYS
0x89EFC000 \SystemRoot\System32\Drivers\Beep.SYS
0x89F03000 \SystemRoot\System32\drivers\vga.sys
0x89F0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89F30000 \SystemRoot\System32\drivers\watchdog.sys
0x89F3D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89F45000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89F4D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x89F55000 \SystemRoot\System32\Drivers\Msfs.SYS
0x89F60000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89F6E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89F85000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89F90000 \SystemRoot\System32\Drivers\avgtdix.sys
0x89FCA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89B19000 \SystemRoot\system32\drivers\afd.sys
0x89B73000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x89B7A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89B99000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89BA7000 \SystemRoot\system32\DRIVERS\serial.sys
0x89BC1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89BD4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90419000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9045A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90464000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9046E000 \SystemRoot\System32\drivers\discache.sys
0x9047A000 \SystemRoot\system32\drivers\csc.sys
0x904DE000 \SystemRoot\System32\Drivers\dfsc.sys
0x904F6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90504000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9050A000 \SystemRoot\System32\Drivers\avgldx86.sys
0x9053E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9055F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9141D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x918AE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91965000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9199E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x919A9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x919F4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91A03000 \SystemRoot\system32\drivers\ctaud2k.sys
0x91A83000 \SystemRoot\system32\drivers\portcls.sys
0x91AB2000 \SystemRoot\system32\drivers\drmk.sys
0x91ACB000 \SystemRoot\system32\drivers\ks.sys
0x91AFF000 \SystemRoot\system32\drivers\ctoss2k.sys
0x91B33000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x91B3B000 \SystemRoot\system32\DRIVERS\ctgame.sys
0x91B3E000 \SystemRoot\system32\DRIVERS\fetnd6v.sys
0x91B49000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91B75000 \SystemRoot\system32\DRIVERS\fdc.sys
0x91B80000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91B8A000 \SystemRoot\system32\DRIVERS\parport.sys
0x91BA2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91BBA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91BC7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91BD4000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x90571000 \SystemRoot\system32\drivers\cmuda.sys
0x91BD8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91BE5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x906B7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x906C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x906E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x906FC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90713000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91418000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x9072A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91BF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90734000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91BF9000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x91BFC000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x90742000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90C3F000 \SystemRoot\system32\drivers\ha10kx2k.sys
0x90D49000 \SystemRoot\system32\drivers\emupia2k.sys
0x90D78000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x90DA1000 \SystemRoot\system32\drivers\ctac32k.sys
0x90E3D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E4E000 \SystemRoot\System32\drivers\COMMONFX.SYS
0x90E69000 \SystemRoot\System32\drivers\CTSBLFX.SYS
0x90EF7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90F02000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90F15000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90F1C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90F1E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x90F35000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90F42000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90F4D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x90F56000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93CC0000 \SystemRoot\System32\win32k.sys
0x90F67000 \SystemRoot\System32\drivers\Dxapi.sys
0x90F71000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93F20000 \SystemRoot\System32\TSDDD.dll
0x93F50000 \SystemRoot\System32\cdd.dll
0x90F7C000 \SystemRoot\system32\drivers\luafv.sys
0x90F97000 \SystemRoot\system32\drivers\WudfPf.sys
0x90FB1000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x90FB7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90FC7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x94434000 \SystemRoot\system32\drivers\HTTP.sys
0x944B9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x944D2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x944E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x94507000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x94542000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9455D000 \??\C:\Windows\system32\Drivers\hcmon.sys
0x94568000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9456F000 \??\C:\Windows\system32\Drivers\VMparport.sys
0x94576000 \??\C:\Windows\system32\Drivers\vmx86.sys
0x94657000 \SystemRoot\system32\drivers\peauth.sys
0x946EE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x946F8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x94719000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0x94737000 \SystemRoot\System32\drivers\tcpipreg.sys
0x94744000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x94749000 \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
0x9474C000 \??\D:\VMware\VMware Workstation\vstor2-ws60.sys
0x94750000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9479F000 \SystemRoot\System32\DRIVERS\srv.sys
0x94400000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x94421000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77150000 \Windows\System32\ntdll.dll
0x47810000 \Windows\System32\smss.exe
0x77390000 \Windows\System32\apisetschema.dll
Processes (total 54):
0 System Idle Process
4 System
340 C:\Windows\System32\smss.exe
532 csrss.exe
604 C:\Windows\System32\wininit.exe
616 csrss.exe
660 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\winlogon.exe
860 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\Ati2evxx.exe
1048 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1544 C:\Windows\System32\spoolsv.exe
1572 C:\Windows\System32\svchost.exe
1716 C:\Windows\System32\Ati2evxx.exe
1784 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1876 C:\Windows\System32\svchost.exe
1920 C:\Program Files\Hamachi\hamachi-2.exe
2020 C:\Program Files\OO Software\Defrag\oodag.exe
2028 C:\Windows\System32\dwm.exe
392 C:\Windows\explorer.exe
528 C:\Program Files\Sandboxie\SbieSvc.exe
1512 C:\Windows\System32\svchost.exe
1940 C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
312 C:\Windows\System32\taskhost.exe
2068 C:\Windows\System32\vmnat.exe
2184 C:\Windows\System32\vmnetdhcp.exe
2228 D:\VMware\VMware Workstation\vmware-authd.exe
2464 C:\Program Files\AVG\AVG9\avgnsx.exe
2812 C:\Program Files\AVG\AVG9\avgrsx.exe
2824 C:\Program Files\AVG\AVG9\avgchsvx.exe
2920 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3600 WUDFHost.exe
3704 C:\Program Files\AVG\AVG9\avgtray.exe
3736 C:\Program Files\Skype\Phone\Skype.exe
3808 C:\Windows\System32\svchost.exe
2652 C:\Program Files\SRWare Iron\iron.exe
2688 C:\Windows\System32\SearchIndexer.exe
2160 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2224 C:\Program Files\SRWare Iron\iron.exe
4072 C:\Windows\System32\svchost.exe
4768 C:\Program Files\SRWare Iron\iron.exe
1472 C:\Windows\System32\SearchProtocolHost.exe
4872 C:\Windows\System32\SearchFilterHost.exe
3672 C:\Users\***\Desktop\MBRCheck.exe
5472 C:\Windows\System32\conhost.exe
5436 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`8160fe00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000a`02c2be00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000002f`763c9c00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000042`6fc80400 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-12
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
Grüße jackie |
|
24.10.2010, 14:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2010, 22:33
| #15 |
| | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Ok hier die nächsten logs: Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4936
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
24.10.2010 20:15:18
mbam-log-2010-10-24 (20-15-18).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 297147
Laufzeit: 1 Stunde(n), 2 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/25/2010 at 11:08 PM
Application Version : 4.44.1000
Core Rules Database Version : 5750
Trace Rules Database Version: 3562
Scan type : Quick Scan
Total Scan Time : 00:28:58
Memory items scanned : 329
Memory threats detected : 0
Registry items scanned : 1807
Registry threats detected : 0
File items scanned : 19357
File threats detected : 5
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt
Trojan.Agent/CDesc[Generic]
G:\EMU\EPSXE152\PLUGINS\SPUIORI.DLL
G:\EMU\EPSXE152\PLUGINS\SPUIORIL.DLL
G:\EMU\EPSXE160\PLUGINS\SPUIORI.DLL
G:\EMU\EPSXE160\PLUGINS\SPUIORIL.DLL
jackie |
|
| Themen zu Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? |
| anleitungen, entfern, entfernt, essen, essentials, forum, gen, hoffe, natürlich, poste, security, security essentials, security essentials 2010, service, sichert, titel, troja, trojaner, wenig |
Linear-Darstellung
