| |
| |||||||
Log-Analyse und Auswertung: Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon MicrosoftWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.06.2011, 21:41
| #16 |
 |  Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft Arne, hier das Resultat: ========== OTL ========== Folder move failed. C:\7060f2ea2812502ce0\setup\system scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90\en scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90\de scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft.net scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\install scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\data scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res\1033 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res\1031 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\de scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources\1033 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources\1031 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\z8ww3aes.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\y8ww3aes.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\67wtistq.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2kfkwlwq.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2ggml9qs.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\hwfvlhtq.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\77wtistq.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kfkwlwq.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3ggml9qs.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\system32\ansi scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\system32 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\sqltypes scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqltransaction scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlrowcount scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlresultstream scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlparameter scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlmessage scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\options scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\bulkload\format scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\bulkload scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\showplan scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\queryprocessor scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\dta scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources\1033 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources\1031 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources\1033 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources\1031 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\de scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies\en scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies\de scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\gac\de scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\gac scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\eula scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources\1033 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources\1031 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\en scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\de scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources\1033 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources\1031 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\microsoft sql server scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\common files\microsoft shared\sql debugging scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\common files\microsoft shared scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files\common files scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\program files scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\images scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\help\1033 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\help\1031 scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup\help scheduled to be moved on reboot. Folder move failed. C:\7060f2ea2812502ce0\setup scheduled to be moved on reboot. C:\7060f2ea2812502ce0\1031 folder moved successfully. C:\7060f2ea2812502ce0 folder moved successfully. Folder move failed. C:\8218266a1cc31ae583832e\hotfixexpress\files scheduled to be moved on reboot. C:\8218266a1cc31ae583832e\hotfixexpress folder moved successfully. C:\8218266a1cc31ae583832e\1031 folder moved successfully. C:\8218266a1cc31ae583832e folder moved successfully. C:\found.000 folder moved successfully. C:\bd_logs folder moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16637732r moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~16637732 moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\16637732 moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.23.0 log created on 06102011_222415 Files\Folders moved on Reboot... File\Folder C:\7060f2ea2812502ce0\setup\system not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90\en not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90\de not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net\90 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft.net\adomd.net not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft.net not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\install not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\data not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res\1033 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res\1031 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\res not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn\de not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86\binn not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\x86 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources\1033 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources\1031 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication\resources not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared\database replication not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files\microsoft shared not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\common files not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\z8ww3aes.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\r6hpravq.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\y8ww3aes.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\67wtistq.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2kfkwlwq.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies\2ggml9qs.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\policies not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\p6hpravq.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\manifests not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\jwfvlhtq.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\hwfvlhtq.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\bql1q2cs.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\9ql1q2cs.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\77wtistq.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kn09qps.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3kfkwlwq.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\3ggml9qs.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs\1kn09qps.lm8 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\winsxs not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\system32\ansi not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows\system32 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\windows not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\sqltypes not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqltransaction not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlrowcount not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlresultstream not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlparameter not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types\sqlmessage not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\types not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap\options not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\soap not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\bulkload\format not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\bulkload not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\showplan not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\queryprocessor not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07\dta not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004\07 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver\2004 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas\sqlserver not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\schemas not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources\1033 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources\1031 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn\resources not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools\binn not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\tools not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources\1033 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources\1031 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\resources not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared\de not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\shared not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies\en not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies\de not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk\assemblies not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\sdk not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\gac\de not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\gac not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\eula not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources\1033 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources\1031 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\resources not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\en not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com\de not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90\com not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\90 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources\1033 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources\1031 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn\resources not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools\binn not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80\tools not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server\80 not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\microsoft sql server not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\common files\microsoft shared\sql debugging not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\common files\microsoft shared not found! File\Folder C:\7060f2ea2812502ce0\setup\program files\common files not found! File\Folder C:\7060f2ea2812502ce0\setup\program files not found! File\Folder C:\7060f2ea2812502ce0\setup\images not found! File\Folder C:\7060f2ea2812502ce0\setup\help\1033 not found! File\Folder C:\7060f2ea2812502ce0\setup\help\1031 not found! File\Folder C:\7060f2ea2812502ce0\setup\help not found! File\Folder C:\7060f2ea2812502ce0\setup not found! File\Folder C:\8218266a1cc31ae583832e\hotfixexpress\files not found! Registry entries deleted on Reboot... Inzwischen kann ich die für mich wichtigen Daten wieder sehen. Ich bin also hoch zufrieden und habe eine Menge gelernt! Gruß Detlef |
|
10.06.2011, 22:32
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
11.06.2011, 16:16
| #18 |
| | Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft Das sieht dann so aus:
__________________2011/06/11 17:14:01.0531 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40 2011/06/11 17:14:01.0531 ================================================================================ 2011/06/11 17:14:01.0531 SystemInfo: 2011/06/11 17:14:01.0531 2011/06/11 17:14:01.0531 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/11 17:14:01.0531 Product type: Workstation 2011/06/11 17:14:01.0531 ComputerName: DETLEF 2011/06/11 17:14:01.0531 UserName: ichallein 2011/06/11 17:14:01.0531 Windows directory: C:\WINDOWS 2011/06/11 17:14:01.0531 System windows directory: C:\WINDOWS 2011/06/11 17:14:01.0531 Processor architecture: Intel x86 2011/06/11 17:14:01.0531 Number of processors: 2 2011/06/11 17:14:01.0531 Page size: 0x1000 2011/06/11 17:14:01.0531 Boot type: Normal boot 2011/06/11 17:14:01.0531 ================================================================================ 2011/06/11 17:14:02.0281 Initialize success 2011/06/11 17:14:19.0625 ================================================================================ 2011/06/11 17:14:19.0625 Scan started 2011/06/11 17:14:19.0625 Mode: Manual; 2011/06/11 17:14:19.0625 ================================================================================ 2011/06/11 17:14:20.0125 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/06/11 17:14:20.0343 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/11 17:14:20.0515 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/06/11 17:14:20.0718 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/06/11 17:14:20.0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/11 17:14:20.0906 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/06/11 17:14:20.0968 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/06/11 17:14:21.0015 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/06/11 17:14:21.0046 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/06/11 17:14:21.0062 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/06/11 17:14:21.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/06/11 17:14:21.0171 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/06/11 17:14:21.0218 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/06/11 17:14:21.0296 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/06/11 17:14:21.0328 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/06/11 17:14:21.0390 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/06/11 17:14:21.0468 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 2011/06/11 17:14:21.0515 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/06/11 17:14:21.0578 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/06/11 17:14:21.0609 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/06/11 17:14:21.0640 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/06/11 17:14:21.0718 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/11 17:14:21.0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/11 17:14:21.0843 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/11 17:14:21.0921 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/11 17:14:22.0031 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2011/06/11 17:14:22.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/11 17:14:22.0203 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/06/11 17:14:22.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/11 17:14:22.0265 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/06/11 17:14:22.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/11 17:14:22.0406 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/11 17:14:22.0468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/11 17:14:22.0562 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/06/11 17:14:22.0593 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/06/11 17:14:22.0609 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/06/11 17:14:22.0687 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/06/11 17:14:22.0750 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/06/11 17:14:22.0781 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/06/11 17:14:22.0828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/11 17:14:22.0875 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS 2011/06/11 17:14:22.0906 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS 2011/06/11 17:14:22.0921 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/06/11 17:14:22.0937 DLADResM (f8b70d38845c4694b28adc4768676fd0) C:\WINDOWS\system32\Drivers\DLADResM.SYS 2011/06/11 17:14:22.0968 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS 2011/06/11 17:14:23.0015 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS 2011/06/11 17:14:23.0031 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS 2011/06/11 17:14:23.0046 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2011/06/11 17:14:23.0109 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS 2011/06/11 17:14:23.0125 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS 2011/06/11 17:14:23.0265 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/11 17:14:23.0312 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/11 17:14:23.0359 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/11 17:14:23.0421 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/11 17:14:23.0500 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/06/11 17:14:23.0515 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/11 17:14:23.0546 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/06/11 17:14:23.0578 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/06/11 17:14:23.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/11 17:14:23.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/06/11 17:14:23.0703 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/11 17:14:23.0734 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/06/11 17:14:23.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/06/11 17:14:23.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/11 17:14:23.0828 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/11 17:14:23.0875 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/11 17:14:23.0921 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/11 17:14:23.0968 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/11 17:14:24.0046 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/06/11 17:14:24.0109 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/11 17:14:24.0125 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/06/11 17:14:24.0187 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/06/11 17:14:24.0250 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/11 17:14:24.0343 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys 2011/06/11 17:14:24.0359 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/11 17:14:24.0406 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/06/11 17:14:24.0609 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/06/11 17:14:24.0687 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/06/11 17:14:24.0718 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/11 17:14:24.0750 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/06/11 17:14:24.0796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/11 17:14:24.0843 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/11 17:14:24.0875 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/11 17:14:24.0921 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/11 17:14:25.0000 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/11 17:14:25.0031 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/11 17:14:25.0062 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/11 17:14:25.0156 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/11 17:14:25.0187 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/11 17:14:25.0265 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/11 17:14:25.0312 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/11 17:14:25.0375 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/11 17:14:25.0406 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/11 17:14:25.0421 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/11 17:14:25.0484 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 2011/06/11 17:14:25.0687 MpKslb7609bc3 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKslb7609bc3.sys 2011/06/11 17:14:25.0734 MpKsld2281442 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys 2011/06/11 17:14:25.0796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/06/11 17:14:25.0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/11 17:14:25.0906 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/11 17:14:25.0953 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/11 17:14:26.0031 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/11 17:14:26.0062 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/11 17:14:26.0093 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/11 17:14:26.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/11 17:14:26.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/11 17:14:26.0234 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/11 17:14:26.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/11 17:14:26.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/11 17:14:26.0375 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/11 17:14:26.0437 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/11 17:14:26.0468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/11 17:14:26.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/11 17:14:26.0578 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/06/11 17:14:26.0593 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/11 17:14:26.0687 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/11 17:14:26.0765 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/11 17:14:27.0015 nv (c116d2b008a1640c4484a1dcd1abe12c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/06/11 17:14:27.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/11 17:14:27.0328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/11 17:14:27.0390 O2MDRDR (948aefc4db1e6cc5a8d9fc5740aee392) C:\WINDOWS\system32\DRIVERS\o2media.sys 2011/06/11 17:14:27.0406 O2SDRDR (5472c48f44b49f07b16b421899e550f8) C:\WINDOWS\system32\DRIVERS\o2sd.sys 2011/06/11 17:14:27.0484 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/06/11 17:14:27.0531 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys 2011/06/11 17:14:27.0578 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/11 17:14:27.0609 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/11 17:14:27.0625 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/11 17:14:27.0718 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/11 17:14:27.0750 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/11 17:14:27.0875 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/06/11 17:14:27.0906 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/06/11 17:14:27.0968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/11 17:14:28.0015 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/11 17:14:28.0046 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/11 17:14:28.0109 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/11 17:14:28.0140 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/06/11 17:14:28.0171 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/06/11 17:14:28.0203 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/06/11 17:14:28.0234 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/06/11 17:14:28.0265 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/06/11 17:14:28.0312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/11 17:14:28.0390 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/11 17:14:28.0421 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/11 17:14:28.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/11 17:14:28.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/11 17:14:28.0578 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/11 17:14:28.0593 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/11 17:14:28.0656 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/11 17:14:28.0703 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/11 17:14:28.0812 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 2011/06/11 17:14:28.0859 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/06/11 17:14:28.0921 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/11 17:14:28.0984 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys 2011/06/11 17:14:29.0015 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/11 17:14:29.0046 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/06/11 17:14:29.0140 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/06/11 17:14:29.0203 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/11 17:14:29.0250 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/11 17:14:29.0328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/11 17:14:29.0375 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/11 17:14:29.0406 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/11 17:14:29.0468 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/06/11 17:14:29.0500 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/06/11 17:14:29.0531 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/06/11 17:14:29.0562 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/06/11 17:14:29.0609 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/11 17:14:29.0703 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/11 17:14:29.0765 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/11 17:14:29.0781 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/11 17:14:29.0828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/11 17:14:29.0875 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/06/11 17:14:29.0921 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys 2011/06/11 17:14:29.0984 tosrfbd (435ac6cc2abed508ac5a495658cbaf0f) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 2011/06/11 17:14:30.0031 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys 2011/06/11 17:14:30.0125 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys 2011/06/11 17:14:30.0203 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 2011/06/11 17:14:30.0265 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 2011/06/11 17:14:30.0343 Tosrfusb (6bc529c5eca0c7654943fd6fab21c5fa) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 2011/06/11 17:14:30.0500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/11 17:14:30.0562 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/06/11 17:14:30.0640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/11 17:14:30.0734 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/06/11 17:14:30.0765 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/06/11 17:14:30.0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/11 17:14:30.0875 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/11 17:14:30.0968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/06/11 17:14:31.0031 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/06/11 17:14:31.0109 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/11 17:14:31.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/11 17:14:31.0250 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/11 17:14:31.0359 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/06/11 17:14:31.0421 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/06/11 17:14:31.0468 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/11 17:14:31.0531 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/11 17:14:31.0625 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/06/11 17:14:31.0671 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/11 17:14:31.0781 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/06/11 17:14:31.0859 ================================================================================ 2011/06/11 17:14:31.0859 Scan finished 2011/06/11 17:14:31.0859 ================================================================================ Gruß Detlef |
|
11.06.2011, 17:39
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.06.2011, 18:16
| #20 |
| | Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft Hier das Ergebnis: Combofix Logfile: Code:
ATTFilter ComboFix 11-06-11.01 - ichallein 11.06.2011 19:00:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3070.2165 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\ichallein\Eigene Dateien\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\Adobe\plugs
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\Adobe\shed
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\ichallein\Anwendungsdaten\PriceGong\Data\z.xml
c:\windows\inf\pok.pnf
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-11 bis 2011-06-11 ))))))))))))))))))))))))))))))
.
.
2011-06-11 15:04 . 2011-06-11 15:04 -------- d-----w- c:\dokumente und einstellungen\ichallein\Anwendungsdaten\BabylonToolbar
2011-06-11 15:04 . 2011-06-11 15:04 28752 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys
2011-06-11 14:52 . 2011-06-11 14:52 -------- d-----w- c:\programme\BabylonToolbar
2011-06-11 09:38 . 2011-05-09 11:46 6962000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\mpengine.dll
2011-06-10 20:24 . 2011-06-10 20:24 -------- d-----w- C:\_OTL
2011-06-10 07:16 . 2011-06-10 07:16 -------- d-----w- c:\programme\Recuva
2011-06-10 07:16 . 2011-06-10 07:16 -------- d-----w- c:\programme\Ask.com
2011-06-08 20:27 . 2011-06-08 20:27 -------- d-----w- C:\Malwarebytes' Anti-Malware
2011-06-06 08:46 . 2011-06-06 08:46 -------- d-sh--w- c:\dokumente und einstellungen\Default User\IETldCache
2011-05-31 20:58 . 2011-05-31 20:58 -------- d-----w- c:\windows\PIF
2011-05-31 18:40 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-31 18:40 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-05-31 07:10 . 2011-05-31 07:11 -------- d-----w- c:\windows\Temp2BE581E5-FD62-4356-D6CA-F8CAD7FCEBC0-Signatures
2011-05-31 07:10 . 2011-05-31 07:13 -------- d-----w- c:\programme\Microsoft Security Client
2011-05-31 07:01 . 2011-05-09 11:46 6962000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-31 06:59 . 2011-05-31 06:59 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
2011-05-31 03:12 . 2011-05-09 11:46 6962000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-05-30 21:10 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-30 20:59 . 2011-05-30 20:59 -------- d-----w- c:\dokumente und einstellungen\ichallein\Anwendungsdaten\Malwarebytes
2011-05-30 19:03 . 2011-05-30 19:03 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Ordner HP Share-to-Web
2011-05-30 17:35 . 2011-05-30 17:35 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2011-05-30 17:35 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-30 17:35 . 2011-05-30 17:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-05-30 17:35 . 2011-06-08 11:54 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-05-30 17:32 . 2011-05-30 17:32 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache
2011-05-26 15:29 . 2011-05-26 15:30 -------- d-----w- c:\dokumente und einstellungen\ichallein\Anwendungsdaten\Halyi
2011-05-23 07:59 . 2011-05-23 07:59 781272 ----a-w- c:\programme\Mozilla Firefox\mozsqlite3.dll
2011-05-23 07:59 . 2011-05-23 07:59 1874904 ----a-w- c:\programme\Mozilla Firefox\mozjs.dll
2011-05-23 07:59 . 2011-05-23 07:59 89048 ----a-w- c:\programme\Mozilla Firefox\libEGL.dll
2011-05-23 07:59 . 2011-05-23 07:59 465880 ----a-w- c:\programme\Mozilla Firefox\libGLESv2.dll
2011-05-23 07:59 . 2011-05-23 07:59 15832 ----a-w- c:\programme\Mozilla Firefox\mozalloc.dll
2011-05-23 07:59 . 2011-05-23 07:59 1892184 ----a-w- c:\programme\Mozilla Firefox\d3dx9_42.dll
2011-05-23 07:59 . 2011-05-23 07:59 142296 ----a-w- c:\programme\Mozilla Firefox\components\browsercomps.dll
2011-05-23 07:59 . 2011-05-23 07:59 1974616 ----a-w- c:\programme\Mozilla Firefox\D3DCompiler_42.dll
2011-05-22 14:49 . 2011-05-22 14:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-11 15:03 . 2008-04-25 09:46 53760 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-23 07:59 . 2011-05-23 07:59 142296 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
2010-08-19 14:18 . 2009-06-11 03:57 119808 ----a-w- c:\programme\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\programme\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{937f343c-c9c2-4235-b544-7fc4da2f2594}"= "c:\programme\Suche_Deutschland\prxtbSuc0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\programme\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
2011-01-17 14:54 175912 ----a-w- c:\programme\Suche_Deutschland\prxtbSuc0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2010-12-09 11:51 3911776 ----a-w- c:\programme\uTorrentBar_DE\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:12 1435112 ----a-w- c:\programme\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\programme\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{937f343c-c9c2-4235-b544-7fc4da2f2594}"= "c:\programme\Suche_Deutschland\prxtbSuc0.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-09-28 1435112]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}"= "c:\programme\uTorrentBar_DE\tbuTor.dll" [2010-12-09 3911776]
"{937F343C-C9C2-4235-B544-7FC4DA2F2594}"= "c:\programme\Suche_Deutschland\prxtbSuc0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CLASSES_ROOT\clsid\{937f343c-c9c2-4235-b544-7fc4da2f2594}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programme\DellTPad\Apoint.exe" [2008-02-21 159744]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-30 86016]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 2289664]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-14 149280]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Share-to-Web Namespace Daemon"="c:\programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2010-12-14 274608]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-19 30192]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"BabylonToolbar"="c:\programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\dokumente und einstellungen\ichallein\Startmen\Programme\Autostart\
OpenOffice.org 3.1.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\IncrediMail\\Bin\\IncMail.exe"=
"c:\\Programme\\IncrediMail\\Bin\\ImApp.exe"=
"c:\\Programme\\IncrediMail\\Bin\\ImpCnt.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R1 MpKsld2281442;MpKsld2281442;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys [11.06.2011 17:04 28752]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [16.06.2009 17:51 222456]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [22.04.2011 14:21 92592]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [26.03.2009 22:51 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [26.03.2009 22:51 43608]
S1 MpKsl033aadec;MpKsl033aadec;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl033aadec.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl033aadec.sys [?]
S1 MpKsl3aa8aa8f;MpKsl3aa8aa8f;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl3aa8aa8f.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl3aa8aa8f.sys [?]
S1 MpKsl55230e96;MpKsl55230e96;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl55230e96.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl55230e96.sys [?]
S1 MpKsl76db2902;MpKsl76db2902;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl76db2902.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl76db2902.sys [?]
S1 MpKsl8fe2470b;MpKsl8fe2470b;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl8fe2470b.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl8fe2470b.sys [?]
S1 MpKsl988aa76d;MpKsl988aa76d;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl988aa76d.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl988aa76d.sys [?]
S1 MpKslb7609bc3;MpKslb7609bc3;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKslb7609bc3.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKslb7609bc3.sys [?]
S2 gupdate1c9bf4a266e0780;Google Update Service (gupdate1c9bf4a266e0780);c:\programme\Google\Update\GoogleUpdate.exe [17.04.2009 12:49 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\programme\Google\Google Desktop Search\GoogleDesktop.exe [11.06.2009 05:56 30192]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [17.04.2009 12:49 133104]
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-17 10:49]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-04-17 10:49]
.
2011-06-11 c:\windows\Tasks\Internet Explorer (ohne Add-Ons).job
- c:\progra~1\INTERN~1\iexplore.exe [2008-04-25 12:09]
.
2011-06-11 c:\windows\Tasks\Internet Explorer.job
- c:\progra~1\INTERN~1\iexplore.exe [2008-04-25 12:09]
.
2011-06-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
2011-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-542718681-3178781138-3301103432-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-06-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-542718681-3178781138-3301103432-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-11-05 10:33]
.
2011-06-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2010-09-28 21:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=0862f7a800000000000000242ba5dc93&tlver=1.4.19.19&affID=19405
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\ichallein\Anwendungsdaten\Mozilla\Firefox\Profiles\xgoljvut.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.ferienwohnung-bad-pyrmont.net/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-DellSupportCenter - c:\programme\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-DellSupportCenter - c:\programme\Dell Support Center\bin\sprtcmd.exe
SafeBoot-01551253.sys
AddRemove-Dell Support Center - c:\progra~1\DELLSU~1\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-11 19:08
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1236)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3284)
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\brss01a.exe
c:\programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\RTHDCPL.EXE
c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\rundll32.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\SearchIndexer.exe
c:\progra~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
c:\programme\DellTPad\ApMsgFwd.exe
c:\programme\DellTPad\HidFind.exe
c:\programme\DellTPad\Apntex.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-11 19:11:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-06-11 17:10
.
Vor Suchlauf: 15 Verzeichnis(se), 207.898.578.944 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 209.839.984.640 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9669DD6006B95399D738120442407851
Gruß Detlef |
|
11.06.2011, 19:14
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ --> Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft |
|
11.06.2011, 20:45
| #22 |
| | Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft Oh, Mann, GMER lief zwar stabil, aber dauerte endlos! Hier nun das Resultat: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-11 21:42:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.11.0
Running: dcej0ztm.exe; Driver: C:\DOKUME~1\ICHALL~1\LOKALE~1\Temp\uxtdapod.sys
---- Kernel code sections - GMER 1.0.15 ----
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7A26380, 0x37DE8D, 0xE8000020]
? c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys Das System kann die angegebene Datei nicht finden. !
? C:\ComboFix\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\plugin-container.exe[512] USER32.dll!SetWindowLongA 7E37C29D 5 Bytes JMP 10698DD9 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\plugin-container.exe[512] USER32.dll!SetWindowLongW 7E37C2BB 5 Bytes JMP 10698D6B C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\plugin-container.exe[512] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 104C7187 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\plugin-container.exe[512] USER32.dll!TrackPopupMenu 7E3B531E 5 Bytes JMP 104C7781 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\programme\real\realplayer\update\realsched.exe[2856] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Programme\Mozilla Firefox\firefox.exe[2968] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00401410 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3060] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE[3580] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 32605B49 C:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE[3580] ole32.dll!OleLoadFromStream 774F981B 5 Bytes JMP 32920DB5 C:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A6A97D20
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Threads - GMER 1.0.15 ----
Thread System [4:896] AA165E70
Thread System [4:908] AA166720
Thread System [4:912] AA166720
Thread System [4:916] AA166720
Thread System [4:920] AA166720
Thread System [4:924] AA166720
Thread System [4:928] AA166720
Thread System [4:932] AA16629E
Thread System [4:936] AA16629E
Thread System [4:940] AA16629E
Thread System [4:944] AA16629E
Thread System [4:948] AA16629E
Thread System [4:952] AA166576
Thread System [4:956] AA166576
Thread System [4:960] AA166576
Thread System [4:964] AA166576
Thread System [4:968] AA166576
Thread System [4:972] AA16753A
Thread System [4:976] AA167602
Thread System [4:980] AA1723DE
Thread System [4:984] AA165E70
Thread System [4:988] AA165E70
Thread System [4:992] AA165E70
Thread System [4:996] AB421B8E
Thread System [4:1000] AB4221AC
Thread System [4:1004] AB190298
Thread System [4:1008] AB190344
Thread System [4:1012] AB1903EE
---- Services - GMER 1.0.15 ----
Service C:\Programme\Dell (*** hidden *** ) [AUTO] sprtsvc_dellsupportcenter <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
Das andere mache ich gleich! Gruß Detlef |
|
11.06.2011, 21:00
| #24 |
| | Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft Und hier ist MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 142): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E6000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F78000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F67000 pci.sys 0xBA0A8000 isapnp.sys 0xBA4BC000 compbatt.sys 0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0B8000 MountMgr.sys 0xB9F48000 ftdisk.sys 0xB9F22000 dmio.sys 0xBA330000 PartMgr.sys 0xBA4C4000 ACPIEC.sys 0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xBA0C8000 VolSnap.sys 0xB9F0A000 atapi.sys 0xB9E43000 iaStor.sys 0xBA0D8000 disk.sys 0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9E23000 fltMgr.sys 0xB9E11000 sr.sys 0xBA5AC000 DLACDBHM.SYS 0xB9DFA000 DRVMCDB.SYS 0xBA0F8000 PxHelp20.sys 0xB9DE3000 KSecDD.sys 0xB9D56000 Ntfs.sys 0xB9D29000 NDIS.sys 0xBA108000 Combo-Fix.sys 0xBA118000 ohci1394.sys 0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xB9D0F000 Mup.sys 0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB9CA6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xB7A26000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB7A12000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xBA400000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB79EE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA408000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB79C6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB7872000 \SystemRoot\system32\DRIVERS\bcmwl5.sys 0xB7858000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys 0xBA1C8000 \SystemRoot\system32\DRIVERS\o2sd.sys 0xB7840000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0xBA1D8000 \SystemRoot\system32\DRIVERS\o2media.sys 0xB9CA2000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xBA1E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA410000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xB7814000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0xBA248000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xB7799000 \SystemRoot\system32\DRIVERS\Wdf01000.sys 0xBA418000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA258000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA208000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB7776000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA218000 \SystemRoot\System32\Drivers\tosrfcom.sys 0xBA6DD000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA228000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB9C96000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB775F000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA238000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA420000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB774E000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA458000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA460000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB72D1000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xB807E000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB7273000 \SystemRoot\system32\DRIVERS\update.sys 0xBA580000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xB1B74000 \SystemRoot\system32\DRIVERS\tosporte.sys 0xB1799000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xB1789000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA660000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xAA382000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xAA35E000 \SystemRoot\system32\drivers\portcls.sys 0xAB4AD000 \SystemRoot\system32\drivers\drmk.sys 0xAB98C000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xAA30F000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0xAB9B6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA726000 \SystemRoot\System32\Drivers\Null.SYS 0xAB9B4000 \SystemRoot\System32\Drivers\Beep.SYS 0xAB6D4000 \SystemRoot\System32\Drivers\DLARTL_M.SYS 0xAB1C6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xAB1BE000 \SystemRoot\System32\drivers\vga.sys 0xAB9B2000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xAB9B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xAB1B6000 \SystemRoot\System32\Drivers\Msfs.SYS 0xAB1AE000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB6A91000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xAA2DC000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xAA283000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xAA25B000 \SystemRoot\system32\DRIVERS\netbt.sys 0xAA235000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xAA213000 \SystemRoot\System32\drivers\afd.sys 0xAB48D000 \SystemRoot\system32\DRIVERS\netbios.sys 0xAB47D000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAA1E8000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xAA178000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAB46D000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xAB19E000 \??\c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys 0xAB45D000 \SystemRoot\System32\Drivers\Fips.SYS 0xAA33A000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS 0xAAD88000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xAA083000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xB904B000 \SystemRoot\System32\drivers\Dxapi.sys 0xAB17E000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA6E4000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBF60C000 \SystemRoot\System32\ATMFD.DLL 0xB80EE000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0xBA794000 \SystemRoot\System32\Drivers\DLADResM.SYS 0xA8D6A000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS 0xAAC8E000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS 0xADB70000 \SystemRoot\System32\Drivers\DLAPoolM.SYS 0xAAC86000 \SystemRoot\System32\Drivers\DLABMFSM.SYS 0xAAC7E000 \SystemRoot\System32\Drivers\DLABOIOM.SYS 0xA8D54000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS 0xA8D3D000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS 0xAB97C000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA8BC0000 \SystemRoot\system32\drivers\wdmaud.sys 0xBA198000 \SystemRoot\system32\drivers\sysaudio.sys 0xA8AA5000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA89D5000 \SystemRoot\system32\DRIVERS\srv.sys 0xA7166000 \SystemRoot\System32\Drivers\HTTP.sys 0xBA498000 \??\C:\ComboFix\catchme.sys 0xBA61E000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xAB704000 \??\c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{B37BBCC4-58DD-4B69-859A-AF24857B7675}\MpKsl157cf596.sys 0xA7E89000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA6AB4000 \??\C:\DOKUME~1\ICHALL~1\LOKALE~1\Temp\uxtdapod.sys 0xA6A90000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xA6A65000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 65): 0 System Idle Process 4 System 856 C:\WINDOWS\system32\smss.exe 1204 csrss.exe 1236 C:\WINDOWS\system32\winlogon.exe 1280 C:\WINDOWS\system32\services.exe 1292 C:\WINDOWS\system32\lsass.exe 1500 C:\WINDOWS\system32\svchost.exe 1548 svchost.exe 1692 C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe 1728 C:\WINDOWS\system32\svchost.exe 1824 svchost.exe 1980 svchost.exe 388 C:\WINDOWS\system32\WLTRYSVC.EXE 416 C:\WINDOWS\system32\BCMWLTRY.EXE 608 C:\WINDOWS\system32\spoolsv.exe 628 C:\WINDOWS\system32\BRSS01A.EXE 1168 svchost.exe 1584 C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 156 C:\Programme\ICQ6Toolbar\ICQ Service.exe 236 C:\Programme\Java\jre6\bin\jqs.exe 1336 C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe 2124 C:\WINDOWS\system32\nvsvc32.exe 2168 C:\WINDOWS\system32\drivers\o2flash.exe 2256 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2372 C:\Programme\DellTPad\Apoint.exe 2432 C:\WINDOWS\RTHDCPL.EXE 2444 sqlbrowser.exe 2468 C:\WINDOWS\system32\rundll32.exe 2492 C:\WINDOWS\system32\WLTRAY.EXE 2512 C:\Programme\Dell\QuickSet\quickset.exe 2520 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe 2504 C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe 2588 C:\Programme\Java\jre6\bin\jusched.exe 2640 C:\WINDOWS\system32\svchost.exe 2784 C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe 2856 C:\Programme\Real\RealPlayer\Update\realsched.exe 2944 C:\Programme\TomTom HOME 2\TomTomHOMEService.exe 3064 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe 3060 C:\WINDOWS\system32\searchindexer.exe 3296 C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe 3392 C:\Programme\Microsoft Security Client\msseces.exe 3412 C:\Programme\DellTPad\ApMsgFwd.exe 3444 C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe 3468 C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe 3624 C:\Programme\DellTPad\hidfind.exe 3700 C:\Programme\DellTPad\ApntEx.exe 3760 C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe 3968 C:\Programme\OpenOffice.org 3\program\soffice.exe 4088 C:\Programme\OpenOffice.org 3\program\soffice.bin 1088 wmiprvse.exe 840 C:\WINDOWS\system32\ctfmon.exe 2892 C:\WINDOWS\system32\wbem\wmiapsrv.exe 1808 alg.exe 3284 C:\WINDOWS\explorer.exe 2968 C:\Programme\Mozilla Firefox\firefox.exe 456 C:\Programme\Mozilla Firefox\plugin-container.exe 3580 C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE 512 C:\Programme\Mozilla Firefox\plugin-container.exe 4992 C:\WINDOWS\system32\wscntfy.exe 5284 C:\Dokumente und Einstellungen\ichallein\Eigene Dateien\Downloads\dcej0ztm.exe 5764 C:\Programme\QuickTime\QuickTimePlayer.exe 3428 C:\WINDOWS\system32\searchprotocolhost.exe 3664 searchfilterhost.exe 6112 C:\Dokumente und Einstellungen\ichallein\Eigene Dateien\Downloads\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`075a9e00 (NTFS) PhysicalDrive0 Model Number: WDCWD2500BEVT-75ZCT2, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! Gruß Detlef |
|
11.06.2011, 21:41
| #25 |
| | Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft So, nun kommt doch OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 22:39:28 on 11.06.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "RealUpgradeLogonTaskS-1-5-21-542718681-3178781138-3301103432-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe "RealUpgradeScheduledTaskS-1-5-21-542718681-3178781138-3301103432-1005.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe "MP Scheduled Scan.job" - "Microsoft Corporation" - c:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe "Scheduled Update for Ask Toolbar.job" - ? - C:\Programme\Ask.com\UpdateTask.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BCMWLCPL.CPL" - "Dell Inc." - C:\WINDOWS\system32\BCMWLCPL.CPL "cmdvdpak.cpl" - "Sonic Solutions" - C:\WINDOWS\system32\cmdvdpak.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "Macrovision Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "LocalCOM.cpl" - "東芝公司" - C:\WINDOWS\system32\LocalCOM.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal - Free Antivirus " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl (File not found) "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DLABMFSM" (DLABMFSM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLABMFSM.SYS "DLABOIOM" (DLABOIOM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS "DLADResM" (DLADResM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLADResM.SYS "DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAPoolM.SYS "DLARTL_M" (DLARTL_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLARTL_M.SYS "DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Roxio" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\DOKUME~1\ICHALL~1\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MpKsl033aadec" (MpKsl033aadec) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl033aadec.sys (File not found) "MpKsl3aa8aa8f" (MpKsl3aa8aa8f) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl3aa8aa8f.sys (File not found) "MpKsl55230e96" (MpKsl55230e96) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl55230e96.sys (File not found) "MpKsl76db2902" (MpKsl76db2902) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl76db2902.sys (File not found) "MpKsl80ed5f4d" (MpKsl80ed5f4d) - "Microsoft Corporation" - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D18959FE-3820-4E9B-851B-83A07C610F53}\MpKsl80ed5f4d.sys "MpKsl8fe2470b" (MpKsl8fe2470b) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl8fe2470b.sys (File not found) "MpKsl988aa76d" (MpKsl988aa76d) - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{6652333F-E6E9-4257-975E-48CB984E3B8D}\MpKsl988aa76d.sys (File not found) "MpKslb7609bc3" (MpKslb7609bc3) - ? - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKslb7609bc3.sys (File not found) "MpKsld2281442" (MpKsld2281442) - ? - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{9D1B24A5-C07A-4710-81F7-E77FA13C440E}\MpKsld2281442.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "uxtdapod" (uxtdapod) - ? - C:\DOKUME~1\ICHALL~1\LOKALE~1\Temp\uxtdapod.sys (Hidden registry entry, rootkit activity | File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth-Informationsaustausch" - "TOSHIBA" - C:\WINDOWS\system32\TosBtExt.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI239C~1\shellext.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {A4DF5659-0801-4A60-9607-1C48695EFDA9} "Ordner HP Share-to-Web" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll {5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Programme\Roxio\Drag-to-Disc\Shellex.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll <binary data> "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Softonic Toolbar" - "Search-Results" - C:\Programme\Ask.com\GenericAskToolbar.dll <binary data> "Suche Deutschland Toolbar" - "Conduit Ltd." - C:\Programme\Suche_Deutschland\prxtbSuc0.dll <binary data> "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Programme\uTorrentBar_DE\tbuTor.dll <binary data> "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll {937f343c-c9c2-4235-b544-7fc4da2f2594} "Suche Deutschland Toolbar" - "Conduit Ltd." - C:\Programme\Suche_Deutschland\prxtbSuc0.dll {c840e246-6b95-475e-9bd7-caa1c7eca9f2} "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Programme\uTorrentBar_DE\tbuTor.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_16.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll {30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll <binary data> "Softonic Toolbar" - "Search-Results" - C:\Programme\Ask.com\GenericAskToolbar.dll {937f343c-c9c2-4235-b544-7fc4da2f2594} "Suche Deutschland Toolbar" - "Conduit Ltd." - C:\Programme\Suche_Deutschland\prxtbSuc0.dll {c840e246-6b95-475e-9bd7-caa1c7eca9f2} "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Programme\uTorrentBar_DE\tbuTor.dll {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Programme\ConduitEngine\ConduitEngine.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll {D4027C7F-154A-4066-A1AD-4243D8127440} "Softonic Toolbar" - "Search-Results" - C:\Programme\Ask.com\GenericAskToolbar.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {937f343c-c9c2-4235-b544-7fc4da2f2594} "Suche Deutschland Toolbar" - "Conduit Ltd." - C:\Programme\Suche_Deutschland\prxtbSuc0.dll {c840e246-6b95-475e-9bd7-caa1c7eca9f2} "uTorrentBar_DE Toolbar" - "Conduit Ltd." - C:\Programme\uTorrentBar_DE\tbuTor.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\ichallein\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 3.1.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ISUSPM" - "Macrovision Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler "msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe "TomTomHOME.exe" - "TomTom" - "C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "BabylonToolbar" - "Babylon Ltd." - "C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I "Broadcom Wireless Manager UI" - "Dell Inc." - C:\WINDOWS\system32\WLTRAY.exe "Dell QuickSet" - "Dell Inc." - C:\Programme\Dell\QuickSet\quickset.exe "Google Desktop Search" - "Google" - "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup "MSC" - "Microsoft Corporation" - "c:\Programme\Microsoft Security Client\msseces.exe" -hide -runkey "NVHotkey" - "NVIDIA Corporation" - rundll32.exe nvHotkey.dll,Start "nwiz" - "NVIDIA Corporation" - nwiz.exe /installquiet "PDVDDXSrv" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "Share-to-Web Namespace Daemon" - "Hewlett-Packard" - C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\programme\real\realplayer\update\realsched.exe" -osboot [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\WINDOWS\System32\BCMLogon.dll [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Toshiba Bluetooth Monitor" - "Toshiba America Business Solutions, Inc." - C:\WINDOWS\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\WINDOWS\System32\WLTRYSVC.EXE (File found, but it contains no detailed information) "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9bf4a266e0780)" (gupdate1c9bf4a266e0780) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "SeaPort" (SeaPort) - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe "SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - ? - C:\Programme\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter (File not found) "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index Gruß Detlef |
|
11.06.2011, 22:58
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft |
| entferne, entfernen, essentials, geht nicht, konnte, microsoft, microsoft security, microsoft security essentials, morgen, pum.hidden.desktop, pum.hijack.displayproperties, pum.hijack.taskmanager, security essentials, spyware.passwords.xgen, startmenü, suchfunktion, tasks, trojan.agent, trojan.dropper, trojan:win32/alureon, win, xp-recovery, xp-recovery und win32/alureon |
Linear-Darstellung
