Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC wieder frei nach Trojaner packed.win32.katusha.n?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.07.2011, 20:56   #1
fariman
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Hallo liebes Forum,

ich hatte den Trojaner "packed.win32.katusha.n" auf meinem Rechner entdeckt und mit Hilfe von Malwarebytes in Quarantäne verschoben. Bin mir aber nicht sicher, ob mein PC jetzt wieder frei ist, da seitdem google nicht mehr funktioniert - könnte das zusammenhängen? Bin unsicher, ob ich den Rechner jetzt wieder vertrauensvoll wie zuvor benutzen kann oder ob immer noch malware drauf ist. Wäre echt dankbar, wenn jemand seine Einschätzung dazu abgeben könnte!

Hier ist der Malwarebytes-Scan und der OTL-Scan, ich hoffe das sind alle Infos die ihr braucht!

Was meint ihr?

Vielen Dank!
Fariman

__________________

OTL logfile created on: 03.07.2011 15:33:00 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Farnaz\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,21% Memory free
4,22 Gb Paging File | 2,74 Gb Available in Paging File | 65,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 152,77 Gb Total Space | 21,84 Gb Free Space | 14,30% Space Free | Partition Type: NTFS
Drive G: | 26,53 Gb Total Space | 10,39 Gb Free Space | 39,16% Space Free | Partition Type: NTFS

Computer Name: TOMMY | User Name: Farnaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.03 15:30:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Farnaz\Downloads\OTL.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.05.29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.07 12:47:10 | 003,576,152 | ---- | M] () -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.09.11 12:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.12 16:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.08.26 20:18:57 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008.08.14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008.08.14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008.08.14 18:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008.07.26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.07.26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008.04.11 04:44:05 | 000,036,864 | ---- | M] (Sony NSCE) -- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
PRC - [2008.03.10 14:14:54 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008.03.10 14:14:54 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008.02.23 02:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008.02.23 02:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2008.02.23 02:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007.11.21 13:38:28 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011.07.03 15:30:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Farnaz\Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008.07.26 09:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.02.07 12:47:10 | 003,576,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.03.27 11:36:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.07.26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008.03.10 14:14:54 | 000,229,376 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.28 02:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007.11.28 02:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007.11.28 01:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.12.08 08:25:37 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008.08.18 06:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.26 17:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 17:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 17:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.07.26 17:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008.07.26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.02.23 02:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.02.12 02:49:44 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.06 02:06:19 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.12.17 03:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.12.13 18:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007.06.06 02:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.05.26 10:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.zeit.de/index"
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: dictlookup@arnhold.com:0.0.4
FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.0.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3


FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.08 16:09:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.29 22:36:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.25 22:45:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.03 11:18:43 | 000,000,000 | ---D | M]

[2010.11.29 00:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Extensions
[2010.11.29 00:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.07.03 12:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions
[2011.04.22 18:00:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.09.09 19:10:58 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\2020Player@2020Technologies.com
[2010.12.12 13:02:18 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2010.02.20 10:20:57 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\dictionary-switcher@design-noir.de
[2008.09.01 01:39:46 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\dictlookup@arnhold.com
[2010.10.08 14:47:34 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.07.03 12:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\staged
[2011.06.16 20:21:18 | 000,001,210 | ---- | M] () -- C:\Users\Farnaz\AppData\Roaming\Mozilla\Firefox\Profiles\xemq39u6.default\searchplugins\scroogle-de.xml
[2011.06.24 15:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.20 20:46:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.25 08:09:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.25 21:36:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.03 09:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.05 12:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.24 15:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.06.29 22:36:19 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\FARNAZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XEMQ39U6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [InternetCalls] File not found
O4 - HKCU..\Run: [MsnMsgr] File not found
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [sbitunesagent] File not found
O4 - HKCU..\Run: [VoipDiscount] File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: G:\Farnaz\Fotos\Eigene Bilder\100610 Vinaros\IMG_7342.JPG
O24 - Desktop BackupWallPaper: G:\Farnaz\Fotos\Eigene Bilder\100610 Vinaros\IMG_7342.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\Shell - "" = AutoRun
O33 - MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.07.03 11:31:28 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\AppData\Roaming\Malwarebytes
[2011.07.03 11:31:13 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.03 11:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.03 11:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.03 11:31:08 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.03 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.03 11:30:28 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Farnaz\Desktop\mbam-setup-1.51.0.1200.exe
[2011.07.03 11:17:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.07.03 11:14:01 | 000,000,000 | R--D | C] -- C:\Users\Farnaz\Desktop\Pictures
[2011.07.02 20:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.07.02 20:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.06.30 13:43:37 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\.pdfsam
[2011.06.30 13:37:38 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\Documents\Eigene Scans
[2011.06.30 11:20:20 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\AppData\Roaming\HP
[2011.06.30 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\AppData\Local\HP
[2011.06.29 22:37:01 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\AppData\Local\DDMSettings
[2011.06.29 21:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.06.29 21:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011.06.29 21:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011.06.29 21:28:45 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll
[2011.06.29 21:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.06.29 21:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.06.24 14:37:49 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\Pictures
[2011.06.22 21:52:49 | 000,000,000 | R--D | C] -- C:\Users\Farnaz\Searches
[2011.06.13 09:28:44 | 000,000,000 | -HSD | C] -- C:\found.000
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.03 15:30:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003UA.job
[2011.07.03 13:52:26 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.03 13:52:26 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.03 11:55:13 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.07.03 11:52:55 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2011.07.03 11:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.03 11:51:53 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.03 11:30:40 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Farnaz\Desktop\mbam-setup-1.51.0.1200.exe
[2011.07.03 11:18:44 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.07.02 23:43:30 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003Core.job
[2011.07.02 16:35:05 | 000,068,608 | ---- | M] () -- C:\Users\Farnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.02 11:50:15 | 004,369,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.02 11:50:15 | 001,735,778 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.02 11:50:15 | 001,354,242 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.02 11:50:15 | 001,195,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.01 21:19:12 | 001,760,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.29 21:57:43 | 000,233,363 | ---- | M] () -- C:\Windows\hpoins47.dat
[2011.06.29 21:33:01 | 000,001,932 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.03 11:18:44 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.07.03 11:18:43 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.06.29 21:47:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp
[2011.06.29 21:33:01 | 000,001,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011.06.29 21:25:10 | 000,233,363 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.02.04 17:46:00 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.01.07 23:30:46 | 000,029,184 | ---- | C] () -- C:\Windows\System32\mmcbased.dll
[2010.04.21 13:21:14 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.13 17:23:41 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.04.01 17:00:09 | 000,000,286 | ---- | C] () -- C:\Windows\Code.ini
[2010.04.01 01:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2010.01.08 22:23:27 | 000,001,737 | ---- | C] () -- C:\Windows\Flach48U141.ini
[2009.09.24 07:53:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.24 07:53:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.12.26 12:49:50 | 000,000,552 | ---- | C] () -- C:\Users\Farnaz\AppData\Local\d3d8caps.dat
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.10 11:34:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2008.10.28 21:25:28 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008.09.02 17:51:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.31 22:28:54 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.08.26 19:36:06 | 000,068,608 | ---- | C] () -- C:\Users\Farnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.26 19:25:05 | 000,001,356 | ---- | C] () -- C:\Users\Farnaz\AppData\Local\d3d9caps.dat
[2008.08.26 19:25:01 | 000,028,095 | ---- | C] () -- C:\Users\Farnaz\AppData\Roaming\nvModes.dat
[2008.08.26 19:25:01 | 000,028,095 | ---- | C] () -- C:\Users\Farnaz\AppData\Roaming\nvModes.001
[2008.07.26 09:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008.04.11 04:56:08 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.02.05 02:09:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2008.02.05 02:09:00 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.02.05 02:08:45 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008.01.21 09:15:58 | 004,369,430 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 001,354,242 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 001,760,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 001,735,778 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 001,195,712 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010.04.19 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Belastingdienst
[2010.10.08 13:13:49 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Bytemobile
[2010.04.21 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Canneverbe Limited
[2009.09.13 13:49:43 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\GameHouse
[2011.02.06 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\gtk-2.0
[2008.11.29 18:13:02 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\InternetCalls
[2008.12.11 22:08:20 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\InterVideo
[2010.04.10 20:57:53 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\JLC's Software
[2008.10.28 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Leadertech
[2008.12.31 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\NCH Swift Sound
[2009.01.23 12:25:00 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\OpenOffice.org
[2009.02.02 18:42:53 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Red Alert 3
[2010.12.28 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Songbird2
[2008.12.14 11:52:11 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\TeamViewer
[2011.02.04 17:46:29 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Tobit
[2010.10.08 13:13:49 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Vodafone
[2010.10.08 19:03:38 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Vodafone Mobile Connect
[2009.07.18 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\VoipDiscount
[2009.08.30 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Zylom
[2011.07.03 11:51:00 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.04.26 09:03:10 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Adobe
[2011.05.05 13:10:15 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Apple Computer
[2010.04.19 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Belastingdienst
[2010.10.08 13:13:49 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Bytemobile
[2010.04.21 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Canneverbe Limited
[2010.04.23 21:33:39 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\DivX
[2011.05.19 12:44:09 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\dvdcss
[2010.10.08 13:21:42 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\FLEXnet
[2009.09.13 13:49:43 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\GameHouse
[2008.09.19 20:44:58 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Google
[2011.02.06 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\gtk-2.0
[2011.06.30 11:20:20 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\HP
[2009.08.30 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Identities
[2008.04.11 04:37:10 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\InstallShield
[2008.11.29 18:13:02 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\InternetCalls
[2008.12.11 22:08:20 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\InterVideo
[2010.04.10 20:57:53 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\JLC's Software
[2008.10.28 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Leadertech
[2008.04.11 04:41:19 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Macromedia
[2011.07.03 11:31:28 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Media Center Programs
[2011.04.26 09:03:10 | 000,000,000 | --SD | M] -- C:\Users\Farnaz\AppData\Roaming\Microsoft
[2008.08.31 16:54:43 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Mozilla
[2009.02.06 23:37:49 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\MozillaControl
[2008.12.31 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\NCH Swift Sound
[2009.01.23 12:25:00 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\OpenOffice.org
[2009.01.23 11:28:13 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\OpenOffice.org2
[2009.12.06 12:20:33 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Real
[2009.02.02 18:42:53 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Red Alert 3
[2009.02.02 18:42:19 | 000,000,000 | RH-D | M] -- C:\Users\Farnaz\AppData\Roaming\SecuROM
[2011.01.16 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Skype
[2011.01.16 21:03:53 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\skypePM
[2010.12.28 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Songbird2
[2009.11.10 22:30:54 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Sony Corporation
[2008.12.14 11:52:11 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\TeamViewer
[2011.02.04 17:46:29 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Tobit
[2011.07.01 15:09:21 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\vlc
[2010.10.08 13:13:49 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Vodafone
[2010.10.08 19:03:38 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Vodafone Mobile Connect
[2009.07.18 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\VoipDiscount
[2008.12.06 22:01:27 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\WinRAR
[2008.09.01 01:16:02 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Yahoo!
[2009.08.30 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Zylom

< %APPDATA%\*.exe /s >
[2009.03.19 01:14:53 | 001,878,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Farnaz\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.05.25 22:03:02 | 027,142,744 | ---- | M] (Macrovision Corporation) -- C:\Users\Farnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMATPrepSetup.exe
[2009.12.16 12:20:45 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Farnaz\AppData\Roaming\Real\Update\setup3.09\setup.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\iastor.sys
[2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

Alt 04.07.2011, 09:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 04.07.2011, 19:31   #3
fariman
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Vielen Dank für die Nachricht!

ja, hier:

___________

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7010

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

03.07.2011 11:44:46
mbam-log-2011-07-03 (11-44-46).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168714
Laufzeit: 11 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 10
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Farnaz\AppData\Local\Temp\kwuf2ua4.exe.part (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
_______________________________________
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7010

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

03.07.2011 15:08:40
mbam-log-2011-07-03 (15-08-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 347111
Laufzeit: 3 Stunde(n), 14 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
______________________________________________________
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7011

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

03.07.2011 20:33:10
mbam-log-2011-07-03 (20-33-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 347502
Laufzeit: 2 Stunde(n), 56 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
________________________

11:32:00 Farnaz MESSAGE Protection started successfully
11:32:06 Farnaz MESSAGE IP Protection started successfully
11:48:00 Farnaz MESSAGE Protection started successfully
11:48:06 Farnaz MESSAGE IP Protection started successfully
11:55:12 Farnaz MESSAGE Protection started successfully
11:55:18 Farnaz MESSAGE IP Protection started successfully
16:29:45 Farnaz MESSAGE IP Protection stopped
16:29:56 Farnaz MESSAGE Database updated successfully
16:29:59 Farnaz MESSAGE IP Protection started successfully
___________________________________________________
12:52:14 Farnaz MESSAGE Protection started successfully
12:52:19 Farnaz MESSAGE IP Protection started successfully
12:53:19 Farnaz MESSAGE Scheduled update executed successfully
12:53:20 Farnaz MESSAGE IP Protection stopped
12:53:23 Farnaz MESSAGE Database updated successfully
12:53:26 Farnaz MESSAGE IP Protection started successfully
_______________________________________________________


Viele Grüße

fariman
__________________

Alt 04.07.2011, 20:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\Shell - "" = AutoRun
O33 - MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.07.2011, 21:49   #5
fariman
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Hallo Arne,

danke dir! Das sieht dann so aus:

__________________________________________

========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{228e1cef-d2cc-11df-9ef2-001e101f3315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{228e1cef-d2cc-11df-9ef2-001e101f3315}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43df1d5b-ccb8-11df-83fd-001e101f5224}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43df1d5b-ccb8-11df-83fd-001e101f5224}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa828222-d2e4-11df-aacd-001e101f82a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa828222-d2e4-11df-aacd-001e101f82a0}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1b685c4-dffb-11df-8732-001e101f21c1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1b685c4-dffb-11df-8732-001e101f21c1}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e479e0-cef7-11df-91fc-001e101f79c9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e479e0-cef7-11df-91fc-001e101f79c9}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.25.0 log created on 07042011_224545
__________________________________________

Gruß

Fariman


Alt 04.07.2011, 22:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> PC wieder frei nach Trojaner packed.win32.katusha.n?

Alt 06.07.2011, 11:42   #7
fariman
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Hallo Arne,

hier ist der Report von Kaspersky:


2011/07/06 12:39:12.0975 3388 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/06 12:39:13.0180 3388 ================================================================================
2011/07/06 12:39:13.0180 3388 SystemInfo:
2011/07/06 12:39:13.0180 3388
2011/07/06 12:39:13.0180 3388 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/06 12:39:13.0180 3388 Product type: Workstation
2011/07/06 12:39:13.0180 3388 ComputerName: TOMMY
2011/07/06 12:39:13.0181 3388 UserName: Farnaz
2011/07/06 12:39:13.0181 3388 Windows directory: C:\Windows
2011/07/06 12:39:13.0181 3388 System windows directory: C:\Windows
2011/07/06 12:39:13.0181 3388 Processor architecture: Intel x86
2011/07/06 12:39:13.0181 3388 Number of processors: 2
2011/07/06 12:39:13.0181 3388 Page size: 0x1000
2011/07/06 12:39:13.0181 3388 Boot type: Normal boot
2011/07/06 12:39:13.0181 3388 ================================================================================
2011/07/06 12:39:23.0877 3388 Initialize success
2011/07/06 12:39:32.0709 4936 ================================================================================
2011/07/06 12:39:32.0709 4936 Scan started
2011/07/06 12:39:32.0709 4936 Mode: Manual;
2011/07/06 12:39:32.0710 4936 ================================================================================
2011/07/06 12:39:34.0746 4936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/06 12:39:34.0942 4936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/06 12:39:35.0044 4936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/06 12:39:35.0185 4936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/06 12:39:35.0225 4936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/06 12:39:35.0379 4936 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/06 12:39:35.0454 4936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/06 12:39:35.0590 4936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/06 12:39:35.0654 4936 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/06 12:39:35.0781 4936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/06 12:39:35.0823 4936 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/06 12:39:35.0873 4936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/06 12:39:35.0906 4936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/07/06 12:39:36.0087 4936 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/06 12:39:36.0152 4936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/06 12:39:36.0270 4936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/06 12:39:36.0336 4936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/06 12:39:36.0470 4936 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/07/06 12:39:36.0580 4936 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys
2011/07/06 12:39:36.0712 4936 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/06 12:39:36.0842 4936 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/06 12:39:36.0978 4936 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/06 12:39:37.0113 4936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/06 12:39:37.0179 4936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/06 12:39:37.0298 4936 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
2011/07/06 12:39:37.0387 4936 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/06 12:39:37.0497 4936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/06 12:39:37.0537 4936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/06 12:39:37.0606 4936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/06 12:39:37.0714 4936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/06 12:39:37.0756 4936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/06 12:39:37.0816 4936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/06 12:39:37.0950 4936 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/06 12:39:38.0010 4936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/06 12:39:38.0135 4936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/06 12:39:38.0214 4936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/06 12:39:38.0327 4936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/06 12:39:38.0490 4936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/06 12:39:38.0520 4936 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/06 12:39:38.0552 4936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/06 12:39:38.0584 4936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/06 12:39:38.0622 4936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/06 12:39:38.0789 4936 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/06 12:39:38.0959 4936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/06 12:39:39.0023 4936 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/07/06 12:39:39.0147 4936 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/07/06 12:39:39.0218 4936 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/07/06 12:39:39.0275 4936 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/07/06 12:39:39.0402 4936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/06 12:39:39.0488 4936 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/06 12:39:39.0635 4936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/06 12:39:39.0730 4936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/06 12:39:39.0890 4936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/06 12:39:39.0976 4936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/06 12:39:40.0111 4936 ewusbnet (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/07/06 12:39:40.0243 4936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/06 12:39:40.0364 4936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/06 12:39:40.0470 4936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/06 12:39:40.0591 4936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/06 12:39:40.0643 4936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/06 12:39:40.0758 4936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/06 12:39:40.0860 4936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/06 12:39:41.0092 4936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/06 12:39:41.0158 4936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/06 12:39:41.0304 4936 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/06 12:39:41.0399 4936 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/06 12:39:41.0547 4936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/06 12:39:41.0603 4936 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/06 12:39:41.0695 4936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/06 12:39:41.0751 4936 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/06 12:39:41.0795 4936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/06 12:39:41.0945 4936 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/06 12:39:42.0027 4936 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/07/06 12:39:42.0182 4936 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/07/06 12:39:42.0258 4936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/06 12:39:42.0416 4936 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/07/06 12:39:42.0503 4936 hwusbfake (089085538885367e281686762a973eb5) C:\Windows\system32\DRIVERS\ewusbfake.sys
2011/07/06 12:39:42.0625 4936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/06 12:39:42.0704 4936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/06 12:39:42.0854 4936 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/06 12:39:42.0934 4936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/06 12:39:43.0121 4936 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/06 12:39:43.0281 4936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/06 12:39:43.0415 4936 IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/06 12:39:43.0574 4936 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/06 12:39:43.0621 4936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/06 12:39:43.0682 4936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/06 12:39:43.0843 4936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/06 12:39:43.0884 4936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/06 12:39:44.0029 4936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/06 12:39:44.0064 4936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/06 12:39:44.0131 4936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/06 12:39:44.0264 4936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/06 12:39:44.0328 4936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/06 12:39:44.0476 4936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/06 12:39:44.0520 4936 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/07/06 12:39:44.0592 4936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/06 12:39:44.0763 4936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/06 12:39:44.0829 4936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/06 12:39:44.0870 4936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/06 12:39:44.0992 4936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/06 12:39:45.0039 4936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/06 12:39:45.0096 4936 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/07/06 12:39:45.0242 4936 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys
2011/07/06 12:39:45.0388 4936 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys
2011/07/06 12:39:45.0433 4936 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/06 12:39:45.0518 4936 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/06 12:39:45.0637 4936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/06 12:39:45.0727 4936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/06 12:39:45.0894 4936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/06 12:39:45.0954 4936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/06 12:39:45.0988 4936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/06 12:39:46.0083 4936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/06 12:39:46.0122 4936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/06 12:39:46.0220 4936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/06 12:39:46.0375 4936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/06 12:39:46.0478 4936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/06 12:39:46.0602 4936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/06 12:39:46.0695 4936 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/06 12:39:46.0755 4936 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/06 12:39:46.0841 4936 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/06 12:39:46.0914 4936 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/06 12:39:46.0993 4936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/06 12:39:47.0254 4936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/06 12:39:47.0314 4936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/06 12:39:47.0420 4936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/06 12:39:47.0451 4936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/06 12:39:47.0516 4936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/06 12:39:47.0705 4936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/06 12:39:47.0778 4936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/06 12:39:47.0933 4936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/06 12:39:48.0012 4936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/06 12:39:48.0142 4936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/06 12:39:48.0244 4936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/06 12:39:48.0343 4936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/06 12:39:48.0383 4936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/06 12:39:48.0462 4936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/06 12:39:48.0579 4936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/06 12:39:48.0624 4936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/06 12:39:48.0691 4936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/06 12:39:48.0883 4936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/06 12:39:48.0992 4936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/06 12:39:49.0130 4936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/06 12:39:49.0242 4936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/06 12:39:49.0418 4936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/06 12:39:49.0469 4936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/06 12:39:49.0745 4936 nvlddmkm (442eac1b12acf1bad6f1224167e034c8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/06 12:39:50.0145 4936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/06 12:39:50.0185 4936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/06 12:39:50.0212 4936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/06 12:39:50.0455 4936 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/06 12:39:50.0538 4936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/06 12:39:50.0671 4936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/06 12:39:50.0718 4936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/06 12:39:50.0800 4936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/06 12:39:50.0859 4936 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/07/06 12:39:51.0023 4936 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/06 12:39:51.0105 4936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/06 12:39:51.0496 4936 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\Windows\system32\DRIVERS\lv302af.sys
2011/07/06 12:39:51.0641 4936 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/07/06 12:39:51.0893 4936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/06 12:39:51.0937 4936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/06 12:39:52.0036 4936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/06 12:39:52.0168 4936 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/07/06 12:39:52.0266 4936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/06 12:39:52.0416 4936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/06 12:39:52.0467 4936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/06 12:39:52.0632 4936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/06 12:39:52.0692 4936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/06 12:39:52.0763 4936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/06 12:39:52.0928 4936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/06 12:39:52.0994 4936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/06 12:39:53.0048 4936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/06 12:39:53.0171 4936 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/06 12:39:53.0204 4936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/06 12:39:53.0275 4936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/06 12:39:53.0330 4936 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/07/06 12:39:53.0461 4936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/06 12:39:53.0511 4936 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/06 12:39:53.0584 4936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/06 12:39:53.0631 4936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/06 12:39:53.0818 4936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/06 12:39:53.0867 4936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/06 12:39:53.0948 4936 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/07/06 12:39:54.0073 4936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/06 12:39:54.0111 4936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/06 12:39:54.0141 4936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/06 12:39:54.0262 4936 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/06 12:39:54.0332 4936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/06 12:39:54.0367 4936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/06 12:39:54.0415 4936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/06 12:39:54.0562 4936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/06 12:39:54.0625 4936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/06 12:39:54.0720 4936 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/06 12:39:54.0873 4936 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/06 12:39:54.0915 4936 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/06 12:39:55.0061 4936 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/06 12:39:55.0156 4936 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/07/06 12:39:55.0310 4936 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/07/06 12:39:55.0368 4936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/06 12:39:55.0417 4936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/06 12:39:55.0526 4936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/06 12:39:55.0569 4936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/06 12:39:55.0680 4936 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/06 12:39:55.0892 4936 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/06 12:39:56.0059 4936 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
2011/07/06 12:39:56.0118 4936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/06 12:39:56.0170 4936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/06 12:39:56.0278 4936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/06 12:39:56.0347 4936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/06 12:39:56.0420 4936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/06 12:39:56.0504 4936 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
2011/07/06 12:39:56.0682 4936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/06 12:39:56.0736 4936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/06 12:39:56.0798 4936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/06 12:39:56.0936 4936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/06 12:39:57.0000 4936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/06 12:39:57.0173 4936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/06 12:39:57.0213 4936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/06 12:39:57.0259 4936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/06 12:39:57.0382 4936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/06 12:39:57.0431 4936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/06 12:39:57.0514 4936 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/06 12:39:57.0704 4936 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/06 12:39:57.0766 4936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/06 12:39:57.0939 4936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/06 12:39:58.0000 4936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/06 12:39:58.0073 4936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/06 12:39:58.0195 4936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/07/06 12:39:58.0254 4936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/06 12:39:58.0386 4936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/06 12:39:58.0454 4936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/06 12:39:58.0504 4936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/06 12:39:58.0653 4936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/06 12:39:58.0695 4936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/06 12:39:58.0735 4936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/06 12:39:58.0787 4936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/06 12:39:58.0949 4936 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/06 12:39:59.0009 4936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/06 12:39:59.0091 4936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/06 12:39:59.0218 4936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/06 12:39:59.0278 4936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/06 12:39:59.0334 4936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/06 12:39:59.0466 4936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 12:39:59.0497 4936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/06 12:39:59.0545 4936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/06 12:39:59.0699 4936 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/06 12:39:59.0852 4936 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/06 12:39:59.0977 4936 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/07/06 12:40:00.0115 4936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/06 12:40:00.0264 4936 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/06 12:40:00.0305 4936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/06 12:40:00.0401 4936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/06 12:40:00.0538 4936 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/07/06 12:40:00.0614 4936 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/07/06 12:40:00.0707 4936 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/06 12:40:00.0733 4936 Boot (0x1200) (bf1bf63bc1dc135887607c4ac32cb868) \Device\Harddisk0\DR0\Partition0
2011/07/06 12:40:00.0769 4936 Boot (0x1200) (0defe903d5ca5d1f18cf7b22f90d464b) \Device\Harddisk0\DR0\Partition1
2011/07/06 12:40:00.0777 4936 ================================================================================
2011/07/06 12:40:00.0777 4936 Scan finished
2011/07/06 12:40:00.0777 4936 ================================================================================
2011/07/06 12:40:00.0796 4340 Detected object count: 0
2011/07/06 12:40:00.0796 4340 Actual detected object count: 0




Grüße

Fariman

Alt 06.07.2011, 12:34   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.07.2011, 19:07   #9
fariman
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



OK, vielen Dank! Hier ist die Datei von Combofix:


Combofix Logfile:
Code:
ATTFilter
ComboFix 11-07-07.03 - Farnaz 07.07.2011  19:35:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.846 [GMT 2:00]
ausgeführt von:: c:\users\Farnaz\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Farnaz\avira_antivir_personal_en.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\Thumbs.db
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-07 bis 2011-07-07  ))))))))))))))))))))))))))))))
.
.
2011-07-07 17:48 . 2011-07-07 17:48	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-07-05 11:59 . 2011-06-07 15:55	7074640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B7ABF01-E28D-42E6-90F9-10005324A5F8}\mpengine.dll
2011-07-04 20:45 . 2011-07-04 20:45	--------	d-----w-	C:\_OTL
2011-07-03 09:31 . 2011-07-03 09:31	--------	d-----w-	c:\users\Farnaz\AppData\Roaming\Malwarebytes
2011-07-03 09:31 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-03 09:31 . 2011-07-03 09:31	--------	d-----w-	c:\programdata\Malwarebytes
2011-07-03 09:31 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-03 09:31 . 2011-07-03 09:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-07-02 18:05 . 2011-07-03 09:25	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-07-02 18:05 . 2011-07-03 09:23	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-07-01 12:39 . 2011-04-29 15:59	276992	----a-w-	c:\windows\system32\schannel.dll
2011-06-30 11:43 . 2011-06-30 11:43	--------	d-----w-	c:\users\Farnaz\.pdfsam
2011-06-30 09:20 . 2011-06-30 09:20	--------	d-----w-	c:\users\Farnaz\AppData\Roaming\HP
2011-06-30 09:20 . 2011-06-30 09:20	--------	d-----w-	c:\users\Farnaz\AppData\Local\HP
2011-06-29 20:37 . 2011-06-29 20:37	--------	d-----w-	c:\users\Farnaz\AppData\Local\DDMSettings
2011-06-29 19:54 . 2009-10-21 13:29	320512	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\hpfpp101.dll
2011-06-29 19:30 . 2011-06-29 19:30	--------	d-----w-	c:\program files\Common Files\HP
2011-06-29 19:30 . 2011-06-29 19:30	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2011-06-29 19:28 . 2009-10-30 04:15	372736	----a-w-	c:\windows\system32\hppldcoi.dll
2011-06-29 19:28 . 2009-09-10 17:44	966656	----a-w-	c:\windows\system32\hpost_p04b.dll
2011-06-29 19:28 . 2009-09-10 17:44	887296	----a-w-	c:\windows\system32\hposwia_p04b.dll
2011-06-29 19:28 . 2009-09-10 17:44	315392	----a-w-	c:\windows\system32\hposc_p04a.dll
2011-06-29 19:28 . 2009-10-22 00:55	452736	----a-w-	c:\windows\system32\hpzids01.dll
2011-06-29 19:28 . 2009-10-21 13:29	125440	----a-w-	c:\windows\system32\hpf3l101.dll
2011-06-29 19:27 . 2011-06-29 19:32	--------	d-----w-	c:\program files\HP
2011-06-29 19:24 . 2011-06-29 19:32	--------	d-----w-	c:\programdata\HP
2011-06-16 06:39 . 2011-04-14 14:59	75264	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-06-16 06:39 . 2011-04-21 13:58	273408	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-16 06:39 . 2011-04-29 13:25	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-06-16 06:39 . 2011-04-29 13:25	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-06-16 06:39 . 2011-05-02 17:19	766464	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-16 06:39 . 2010-12-20 16:35	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-06-16 06:39 . 2011-05-02 17:16	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-06-16 06:39 . 2011-04-29 13:24	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 06:39 . 2011-04-29 13:24	79872	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 06:39 . 2011-04-29 13:24	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 06:39 . 2011-05-02 12:02	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-06-13 07:28 . 2011-06-13 07:28	--------	d-----w-	C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 17:53 . 2011-06-02 17:53	94208	----a-w-	c:\windows\system32\dpl100.dll
2011-05-24 17:14 . 2009-10-04 21:44	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2010-05-20 18:46	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-04-13 22:40 . 2011-04-13 22:40	4284416	----a-w-	c:\windows\system32\GPhotos.scr
2011-03-18 17:56 . 2011-03-25 20:45	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-03-10 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-23 185872]
"Skytel"="Skytel.exe" [2008-01-23 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-23 4718592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-12 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-12 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-12 8497696]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-04-11 36864]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-26 67128]
ScanPanel.lnk - c:\scanpanel\ScnPanel.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05	98304	------w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-03-10 229376]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2011-02-07 3576152]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-11 21:56]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003Core.job
- c:\users\Farnaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 14:10]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003UA.job
- c:\users\Farnaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 14:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Farnaz\AppData\Roaming\Mozilla\Firefox\Profiles\xemq39u6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.zeit.de/index
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-VoipDiscount - c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-InternetCalls - c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe
HKCU-Run-sbitunesagent - c:\program files\Songbird\songbirditunesagent.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-07 19:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\windows\TEMP\TMP0000001321D1E516F941CE6F 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3606831740-725026975-3834506516-1003\Software\SecuROM\License information*]
"datasecu"=hex:cc,0c,11,2b,a2,59,e7,ca,e6,a7,7c,17,bf,c1,81,fd,90,95,36,90,b2,
   dd,3e,b4,ba,09,e6,c2,b3,d2,80,6a,bf,31,e8,ef,99,ea,28,84,94,0b,9a,f4,fd,75,\
"rkeysecu"=hex:a3,af,4f,d4,06,5d,02,c7,4c,70,5e,33,ca,f7,08,ba
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(10336)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-07  19:59:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-07-07 17:59
.
Vor Suchlauf: 9 Verzeichnis(se), 30.651.682.816 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 34.477.649.920 Bytes frei
.
- - End Of File - - 444B118F9F0526DC09E7A6293351506E
         
--- --- ---
___________________________________________________

Erkennt man da jetzt schon was?

Viele Grüße und Danke!

Fariman

Alt 07.07.2011, 21:33   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.07.2011, 18:53   #11
fariman
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Hallo Arne!

Im Anhang die Dateien von GMER und MBRCheck! Den OSAM Log findest du hier:
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:39:49 on 16.07.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003Core.job" - "Google Inc." - C:\Users\Farnaz\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003UA.job" - "Google Inc." - C:\Users\Farnaz\AppData\Local\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\Users\Farnaz\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"fxldipoc" (fxldipoc) - ? - C:\Users\Farnaz\AppData\Local\Temp\fxldipoc.sys  (Hidden registry entry, rootkit activity | File not found)
"GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\DRIVERS\GEARAspiWDM.sys
"Huawei MobileBroadband USB PNP Device" (ew_hwusbdev) - ? - C:\Windows\System32\DRIVERS\ew_hwusbdev.sys  (File not found)
"huawei_enumerator" (huawei_enumerator) - ? - C:\Windows\System32\DRIVERS\ew_jubusenum.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys
"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Farnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Logitech Desktop Messenger.lnk" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe  (Shortcut exists | File exists)
"ScanPanel.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanPanel.lnk  (Shortcut exists | File not found)
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe"
"Yahoo! Pager" - "Yahoo! Inc." - "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LogitechCommunicationsManager" - "Logitech Inc." - "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MarketingTools" - "Sony NSCE" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
"MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMSAccess" (NMSAccess) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Radio.fx Server" (Radio.fx) - ? - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
"Windows Live Setup Service" (WLSetupSvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"BMI over [MSAFD-Tcpip [RAW/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"BMI over [MSAFD-Tcpip [TCP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"BMI over [MSAFD-Tcpip [UDP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Viele Grüße

Fariman

Alt 17.07.2011, 17:33   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC wieder frei nach Trojaner packed.win32.katusha.n? - Standard

PC wieder frei nach Trojaner packed.win32.katusha.n?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu PC wieder frei nach Trojaner packed.win32.katusha.n?
4d36e972-e325-11ce-bfc1-08002be10318, adobe, alert, antivir, avira, bho, bonjour, c:\windows\system32\rundll32.exe, cdburnerxp, defender, desktop, eigene bilder, error, explorer, firefox, format, google, hewlett packard, home, hängen, logfile, malware, nicht sicher, nvlddmkm.sys, nvstor.sys, otl-scan, plug-in, realtek, registry, rundll, server, software, start menu, temp, trojaner, vista, vodafone, wrapper




Ähnliche Themen: PC wieder frei nach Trojaner packed.win32.katusha.n?


  1. Win7 Prof. Infiziert mit Win32/Packed.Asprotect.DS Trojaner! Entfernung?
    Log-Analyse und Auswertung - 01.10.2014 (9)
  2. Win32.Packed.VMProtect.AAH kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 22.06.2014 (5)
  3. Trojaner(Trojan:Win32/CoinMiner .R) ist nach löschen und neustart des Computers wieder da
    Log-Analyse und Auswertung - 11.09.2013 (32)
  4. Trojaner nach erfolgreicher Bekämpfung wieder da! | Win32/Small.CA und Zwangs-Neustarts
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (11)
  5. Nach Bundestrojaner-Befall auch im Heimnetzwerk Funde auf anderem Rechner (Win32/Packed.Autoit.C.)
    Plagegeister aller Art und deren Bekämpfung - 09.03.2012 (10)
  6. Ist mein Laptop wieder Trojaner(bka) frei nach systemwiederherstellung?
    Log-Analyse und Auswertung - 05.01.2012 (6)
  7. Kann Trojaner "win32.katusha.o " nicht entfernen!
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (14)
  8. TrojWare.Win32.Trojan.Katusha.~E@104915147
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (1)
  9. win32.katusha.o
    Log-Analyse und Auswertung - 10.06.2011 (39)
  10. Trojaner Win32.Katusha.o in C:\Windows\System32\sysstore.dll (SBI$D40E955A) Library
    Log-Analyse und Auswertung - 06.06.2011 (15)
  11. Trojaner WIN32.Katusha.o lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.06.2011 (27)
  12. win32.katusha.o
    Log-Analyse und Auswertung - 13.08.2010 (8)
  13. Packed.Win32.TDSS.y Trojaner Win32/Alureon.BF
    Plagegeister aller Art und deren Bekämpfung - 08.10.2009 (3)
  14. Viren: packed.win32.katusha.e / Trojan-spy.html.fraud.gen
    Plagegeister aller Art und deren Bekämpfung - 27.08.2009 (16)
  15. Nach Trojaner-PSW.Win32.Agent.mrh wieder sauber?
    Log-Analyse und Auswertung - 04.05.2009 (57)
  16. Backdoor.Win32.Agent.tpi und Packed.Win32.Black.a
    Plagegeister aller Art und deren Bekämpfung - 07.12.2008 (4)
  17. Trojaner -Packed.Win32.Klone.g
    Log-Analyse und Auswertung - 17.07.2006 (2)

Zum Thema PC wieder frei nach Trojaner packed.win32.katusha.n? - Hallo liebes Forum, ich hatte den Trojaner "packed.win32.katusha.n" auf meinem Rechner entdeckt und mit Hilfe von Malwarebytes in Quarantäne verschoben. Bin mir aber nicht sicher, ob mein PC jetzt wieder - PC wieder frei nach Trojaner packed.win32.katusha.n?...
Archiv
Du betrachtest: PC wieder frei nach Trojaner packed.win32.katusha.n? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.