| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC wieder frei nach Trojaner packed.win32.katusha.n?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.07.2011, 20:56
| #1 |
| |  PC wieder frei nach Trojaner packed.win32.katusha.n? Hallo liebes Forum, ich hatte den Trojaner "packed.win32.katusha.n" auf meinem Rechner entdeckt und mit Hilfe von Malwarebytes in Quarantäne verschoben. Bin mir aber nicht sicher, ob mein PC jetzt wieder frei ist, da seitdem google nicht mehr funktioniert - könnte das zusammenhängen? Bin unsicher, ob ich den Rechner jetzt wieder vertrauensvoll wie zuvor benutzen kann oder ob immer noch malware drauf ist. Wäre echt dankbar, wenn jemand seine Einschätzung dazu abgeben könnte! Hier ist der Malwarebytes-Scan und der OTL-Scan, ich hoffe das sind alle Infos die ihr braucht! Was meint ihr? Vielen Dank! Fariman __________________ OTL logfile created on: 03.07.2011 15:33:00 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Farnaz\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,21% Memory free 4,22 Gb Paging File | 2,74 Gb Available in Paging File | 65,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 152,77 Gb Total Space | 21,84 Gb Free Space | 14,30% Space Free | Partition Type: NTFS Drive G: | 26,53 Gb Total Space | 10,39 Gb Free Space | 39,16% Space Free | Partition Type: NTFS Computer Name: TOMMY | User Name: Farnaz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.03 15:30:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Farnaz\Downloads\OTL.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.05.29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.02.07 12:47:10 | 003,576,152 | ---- | M] () -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009.09.11 12:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.12 16:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.08.26 20:18:57 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2008.08.14 18:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe PRC - [2008.08.14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2008.08.14 18:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2008.07.26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008.07.26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2008.04.11 04:44:05 | 000,036,864 | ---- | M] (Sony NSCE) -- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe PRC - [2008.03.10 14:14:54 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe PRC - [2008.03.10 14:14:54 | 000,229,376 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe PRC - [2008.02.23 02:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe PRC - [2008.02.23 02:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe PRC - [2008.02.23 02:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe PRC - [2007.11.21 13:38:28 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (SafeList) ========== MOD - [2011.07.03 15:30:50 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Farnaz\Downloads\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2008.07.26 09:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll ========== Win32 Services (SafeList) ========== SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.02.07 12:47:10 | 003,576,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.09.11 12:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.03.27 11:36:38 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.07.26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008.07.26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2008.03.10 14:14:54 | 000,229,376 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.28 02:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2007.11.28 02:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2007.11.28 01:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.12.08 08:25:37 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.06.29 17:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 17:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.05.11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.09 13:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.03.30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.09 13:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2008.08.18 06:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.07.26 17:26:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008.07.26 17:25:46 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2008.07.26 17:22:32 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2008.07.26 17:22:20 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter) DRV - [2008.07.26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2008.02.23 02:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.02.12 02:49:44 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.02.06 02:06:19 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.12.17 03:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.12.13 18:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall) DRV - [2007.06.06 02:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) DRV - [2007.05.26 10:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.zeit.de/index" FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: dictlookup@arnhold.com:0.0.4 FF - prefs.js..extensions.enabledItems: dictionary-switcher@design-noir.de:1.0.1 FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.08 16:09:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.29 22:36:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.25 22:45:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.03 11:18:43 | 000,000,000 | ---D | M] [2010.11.29 00:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Extensions [2010.11.29 00:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2011.07.03 12:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions [2011.04.22 18:00:50 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.09.09 19:10:58 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\2020Player@2020Technologies.com [2010.12.12 13:02:18 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\de-AT@dictionaries.addons.mozilla.org [2010.02.20 10:20:57 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\dictionary-switcher@design-noir.de [2008.09.01 01:39:46 | 000,000,000 | ---D | M] (Dictionary (EN/DE)) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\dictlookup@arnhold.com [2010.10.08 14:47:34 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\en-US@dictionaries.addons.mozilla.org [2011.07.03 12:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farnaz\AppData\Roaming\mozilla\Firefox\Profiles\xemq39u6.default\extensions\staged [2011.06.16 20:21:18 | 000,001,210 | ---- | M] () -- C:\Users\Farnaz\AppData\Roaming\Mozilla\Firefox\Profiles\xemq39u6.default\searchplugins\scroogle-de.xml [2011.06.24 15:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.05.20 20:46:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.25 08:09:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.25 21:36:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.03 09:03:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.05.05 12:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.24 15:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011.06.29 22:36:19 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>  -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5() (No name found) -- C:\USERS\FARNAZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XEMQ39U6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found. O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [InternetCalls] File not found O4 - HKCU..\Run: [MsnMsgr] File not found O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation) O4 - HKCU..\Run: [sbitunesagent] File not found O4 - HKCU..\Run: [VoipDiscount] File not found O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: G:\Farnaz\Fotos\Eigene Bilder\100610 Vinaros\IMG_7342.JPG O24 - Desktop BackupWallPaper: G:\Farnaz\Fotos\Eigene Bilder\100610 Vinaros\IMG_7342.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\Shell - "" = AutoRun O33 - MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\Shell - "" = AutoRun O33 - MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\Shell - "" = AutoRun O33 - MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\Shell - "" = AutoRun O33 - MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun O33 - MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun O33 - MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun O33 - MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun O33 - MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun O33 - MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun O33 - MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\Shell - "" = AutoRun O33 - MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\Shell - "" = AutoRun O33 - MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\Shell - "" = AutoRun O33 - MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\Shell - "" = AutoRun O33 - MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation) Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.03 11:31:28 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\AppData\Roaming\Malwarebytes [2011.07.03 11:31:13 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.07.03 11:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.03 11:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.07.03 11:31:08 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.07.03 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.07.03 11:30:28 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Farnaz\Desktop\mbam-setup-1.51.0.1200.exe [2011.07.03 11:17:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.07.03 11:14:01 | 000,000,000 | R--D | C] -- C:\Users\Farnaz\Desktop\Pictures [2011.07.02 20:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.07.02 20:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.06.30 13:43:37 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\.pdfsam [2011.06.30 13:37:38 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\Documents\Eigene Scans [2011.06.30 11:20:20 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\AppData\Roaming\HP [2011.06.30 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\AppData\Local\HP [2011.06.29 22:37:01 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\AppData\Local\DDMSettings [2011.06.29 21:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011.06.29 21:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2011.06.29 21:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2011.06.29 21:28:45 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll [2011.06.29 21:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011.06.29 21:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.06.24 14:37:49 | 000,000,000 | ---D | C] -- C:\Users\Farnaz\Pictures [2011.06.22 21:52:49 | 000,000,000 | R--D | C] -- C:\Users\Farnaz\Searches [2011.06.13 09:28:44 | 000,000,000 | -HSD | C] -- C:\found.000 [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.03 15:30:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003UA.job [2011.07.03 13:52:26 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.03 13:52:26 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.03 11:55:13 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.07.03 11:52:55 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2011.07.03 11:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.03 11:51:53 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2011.07.03 11:30:40 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Farnaz\Desktop\mbam-setup-1.51.0.1200.exe [2011.07.03 11:18:44 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.07.02 23:43:30 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003Core.job [2011.07.02 16:35:05 | 000,068,608 | ---- | M] () -- C:\Users\Farnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.02 11:50:15 | 004,369,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.02 11:50:15 | 001,735,778 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.02 11:50:15 | 001,354,242 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.02 11:50:15 | 001,195,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.01 21:19:12 | 001,760,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.06.29 21:57:43 | 000,233,363 | ---- | M] () -- C:\Windows\hpoins47.dat [2011.06.29 21:33:01 | 000,001,932 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.03 11:18:44 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.07.03 11:18:43 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.06.29 21:47:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat.temp [2011.06.29 21:33:01 | 000,001,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011.06.29 21:25:10 | 000,233,363 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.02.04 17:46:00 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2011.01.07 23:30:46 | 000,029,184 | ---- | C] () -- C:\Windows\System32\mmcbased.dll [2010.04.21 13:21:14 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.04.13 17:23:41 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI [2010.04.01 17:00:09 | 000,000,286 | ---- | C] () -- C:\Windows\Code.ini [2010.04.01 01:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat [2010.01.08 22:23:27 | 000,001,737 | ---- | C] () -- C:\Windows\Flach48U141.ini [2009.09.24 07:53:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.24 07:53:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.12.26 12:49:50 | 000,000,552 | ---- | C] () -- C:\Users\Farnaz\AppData\Local\d3d8caps.dat [2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.10 11:34:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2008.10.28 21:25:28 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2008.09.02 17:51:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.31 22:28:54 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.08.26 19:36:06 | 000,068,608 | ---- | C] () -- C:\Users\Farnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.26 19:25:05 | 000,001,356 | ---- | C] () -- C:\Users\Farnaz\AppData\Local\d3d9caps.dat [2008.08.26 19:25:01 | 000,028,095 | ---- | C] () -- C:\Users\Farnaz\AppData\Roaming\nvModes.dat [2008.08.26 19:25:01 | 000,028,095 | ---- | C] () -- C:\Users\Farnaz\AppData\Roaming\nvModes.001 [2008.07.26 09:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2008.04.11 04:56:08 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2008.02.05 02:09:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll [2008.02.05 02:09:00 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008.02.05 02:08:45 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008.01.21 09:15:58 | 004,369,430 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 001,354,242 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 001,760,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 001,735,778 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 001,195,712 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.04.19 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Belastingdienst [2010.10.08 13:13:49 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Bytemobile [2010.04.21 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Canneverbe Limited [2009.09.13 13:49:43 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\GameHouse [2011.02.06 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\gtk-2.0 [2008.11.29 18:13:02 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\InternetCalls [2008.12.11 22:08:20 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\InterVideo [2010.04.10 20:57:53 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\JLC's Software [2008.10.28 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Leadertech [2008.12.31 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\NCH Swift Sound [2009.01.23 12:25:00 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\OpenOffice.org [2009.02.02 18:42:53 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Red Alert 3 [2010.12.28 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Songbird2 [2008.12.14 11:52:11 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\TeamViewer [2011.02.04 17:46:29 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Tobit [2010.10.08 13:13:49 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Vodafone [2010.10.08 19:03:38 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Vodafone Mobile Connect [2009.07.18 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\VoipDiscount [2009.08.30 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Zylom [2011.07.03 11:51:00 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.04.26 09:03:10 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Adobe [2011.05.05 13:10:15 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Apple Computer [2010.04.19 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Belastingdienst [2010.10.08 13:13:49 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Bytemobile [2010.04.21 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Canneverbe Limited [2010.04.23 21:33:39 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\DivX [2011.05.19 12:44:09 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\dvdcss [2010.10.08 13:21:42 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\FLEXnet [2009.09.13 13:49:43 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\GameHouse [2008.09.19 20:44:58 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Google [2011.02.06 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\gtk-2.0 [2011.06.30 11:20:20 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\HP [2009.08.30 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Identities [2008.04.11 04:37:10 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\InstallShield [2008.11.29 18:13:02 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\InternetCalls [2008.12.11 22:08:20 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\InterVideo [2010.04.10 20:57:53 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\JLC's Software [2008.10.28 21:29:32 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Leadertech [2008.04.11 04:41:19 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Macromedia [2011.07.03 11:31:28 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Media Center Programs [2011.04.26 09:03:10 | 000,000,000 | --SD | M] -- C:\Users\Farnaz\AppData\Roaming\Microsoft [2008.08.31 16:54:43 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Mozilla [2009.02.06 23:37:49 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\MozillaControl [2008.12.31 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\NCH Swift Sound [2009.01.23 12:25:00 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\OpenOffice.org [2009.01.23 11:28:13 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\OpenOffice.org2 [2009.12.06 12:20:33 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Real [2009.02.02 18:42:53 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Red Alert 3 [2009.02.02 18:42:19 | 000,000,000 | RH-D | M] -- C:\Users\Farnaz\AppData\Roaming\SecuROM [2011.01.16 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Skype [2011.01.16 21:03:53 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\skypePM [2010.12.28 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Songbird2 [2009.11.10 22:30:54 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Sony Corporation [2008.12.14 11:52:11 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\TeamViewer [2011.02.04 17:46:29 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Tobit [2011.07.01 15:09:21 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\vlc [2010.10.08 13:13:49 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Vodafone [2010.10.08 19:03:38 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Vodafone Mobile Connect [2009.07.18 18:08:11 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\VoipDiscount [2008.12.06 22:01:27 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\WinRAR [2008.09.01 01:16:02 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Yahoo! [2009.08.30 20:54:04 | 000,000,000 | ---D | M] -- C:\Users\Farnaz\AppData\Roaming\Zylom < %APPDATA%\*.exe /s > [2009.03.19 01:14:53 | 001,878,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Farnaz\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2010.05.25 22:03:02 | 027,142,744 | ---- | M] (Macrovision Corporation) -- C:\Users\Farnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GMATPrepSetup.exe [2009.12.16 12:20:45 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Farnaz\AppData\Roaming\Real\Update\setup3.09\setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\Drivers\INF\SATA Driver (Intel) (Non-RAID)\iastor.sys [2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys [2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
04.07.2011, 09:58
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC wieder frei nach Trojaner packed.win32.katusha.n? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
04.07.2011, 19:31
| #3 |
| | PC wieder frei nach Trojaner packed.win32.katusha.n? Vielen Dank für die Nachricht!
__________________ja, hier: ___________ Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7010 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 03.07.2011 11:44:46 mbam-log-2011-07-03 (11-44-46).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 168714 Laufzeit: 11 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 10 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI.1 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Toolbar.ToolbarCtl.1 (Adware.Zango) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Farnaz\AppData\Local\Temp\kwuf2ua4.exe.part (Spyware.GamePlayLabs) -> Quarantined and deleted successfully. _______________________________________ Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7010 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 03.07.2011 15:08:40 mbam-log-2011-07-03 (15-08-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Durchsuchte Objekte: 347111 Laufzeit: 3 Stunde(n), 14 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ______________________________________________________ Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7011 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 03.07.2011 20:33:10 mbam-log-2011-07-03 (20-33-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Durchsuchte Objekte: 347502 Laufzeit: 2 Stunde(n), 56 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ________________________ 11:32:00 Farnaz MESSAGE Protection started successfully 11:32:06 Farnaz MESSAGE IP Protection started successfully 11:48:00 Farnaz MESSAGE Protection started successfully 11:48:06 Farnaz MESSAGE IP Protection started successfully 11:55:12 Farnaz MESSAGE Protection started successfully 11:55:18 Farnaz MESSAGE IP Protection started successfully 16:29:45 Farnaz MESSAGE IP Protection stopped 16:29:56 Farnaz MESSAGE Database updated successfully 16:29:59 Farnaz MESSAGE IP Protection started successfully ___________________________________________________ 12:52:14 Farnaz MESSAGE Protection started successfully 12:52:19 Farnaz MESSAGE IP Protection started successfully 12:53:19 Farnaz MESSAGE Scheduled update executed successfully 12:53:20 Farnaz MESSAGE IP Protection stopped 12:53:23 Farnaz MESSAGE Database updated successfully 12:53:26 Farnaz MESSAGE IP Protection started successfully _______________________________________________________ Viele Grüße fariman |
|
04.07.2011, 20:02
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC wieder frei nach Trojaner packed.win32.katusha.n? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\Shell - "" = AutoRun
O33 - MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\Shell - "" = AutoRun
O33 - MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\Shell - "" = AutoRun
O33 - MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.07.2011, 21:49
| #5 |
| | PC wieder frei nach Trojaner packed.win32.katusha.n? Hallo Arne, danke dir! Das sieht dann so aus: __________________________________________ ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{228e1ce1-d2cc-11df-9ef2-001e101f1ed9}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{228e1cef-d2cc-11df-9ef2-001e101f3315}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{228e1cef-d2cc-11df-9ef2-001e101f3315}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{228e1cef-d2cc-11df-9ef2-001e101f3315}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43df1d33-ccb8-11df-83fd-001a80f40f4f}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43df1d5b-ccb8-11df-83fd-001e101f5224}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43df1d5b-ccb8-11df-83fd-001e101f5224}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43df1d5b-ccb8-11df-83fd-001e101f5224}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493a8-d2de-11df-bfeb-001a80f40f4f}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493b0-d2de-11df-bfeb-001a80f40f4f}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493b2-d2de-11df-bfeb-001a80f40f4f}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493ba-d2de-11df-bfeb-001a80f40f4f}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493c2-d2de-11df-bfeb-001a80f40f4f}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a78493cc-d2de-11df-bfeb-001a80f40f4f}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa82821a-d2e4-11df-aacd-001a80f40f4f}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa828222-d2e4-11df-aacd-001e101f82a0}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa828222-d2e4-11df-aacd-001e101f82a0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa828222-d2e4-11df-aacd-001e101f82a0}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1b685c4-dffb-11df-8732-001e101f21c1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1b685c4-dffb-11df-8732-001e101f21c1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f1b685c4-dffb-11df-8732-001e101f21c1}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e479e0-cef7-11df-91fc-001e101f79c9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9e479e0-cef7-11df-91fc-001e101f79c9}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9e479e0-cef7-11df-91fc-001e101f79c9}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.25.0 log created on 07042011_224545 __________________________________________ Gruß Fariman |
|
04.07.2011, 22:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC wieder frei nach Trojaner packed.win32.katusha.n? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> PC wieder frei nach Trojaner packed.win32.katusha.n? |
|
06.07.2011, 11:42
| #7 |
| | PC wieder frei nach Trojaner packed.win32.katusha.n? Hallo Arne, hier ist der Report von Kaspersky: 2011/07/06 12:39:12.0975 3388 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21 2011/07/06 12:39:13.0180 3388 ================================================================================ 2011/07/06 12:39:13.0180 3388 SystemInfo: 2011/07/06 12:39:13.0180 3388 2011/07/06 12:39:13.0180 3388 OS Version: 6.0.6002 ServicePack: 2.0 2011/07/06 12:39:13.0180 3388 Product type: Workstation 2011/07/06 12:39:13.0180 3388 ComputerName: TOMMY 2011/07/06 12:39:13.0181 3388 UserName: Farnaz 2011/07/06 12:39:13.0181 3388 Windows directory: C:\Windows 2011/07/06 12:39:13.0181 3388 System windows directory: C:\Windows 2011/07/06 12:39:13.0181 3388 Processor architecture: Intel x86 2011/07/06 12:39:13.0181 3388 Number of processors: 2 2011/07/06 12:39:13.0181 3388 Page size: 0x1000 2011/07/06 12:39:13.0181 3388 Boot type: Normal boot 2011/07/06 12:39:13.0181 3388 ================================================================================ 2011/07/06 12:39:23.0877 3388 Initialize success 2011/07/06 12:39:32.0709 4936 ================================================================================ 2011/07/06 12:39:32.0709 4936 Scan started 2011/07/06 12:39:32.0709 4936 Mode: Manual; 2011/07/06 12:39:32.0710 4936 ================================================================================ 2011/07/06 12:39:34.0746 4936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/07/06 12:39:34.0942 4936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/07/06 12:39:35.0044 4936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/07/06 12:39:35.0185 4936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/07/06 12:39:35.0225 4936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/07/06 12:39:35.0379 4936 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/07/06 12:39:35.0454 4936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/07/06 12:39:35.0590 4936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/07/06 12:39:35.0654 4936 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/07/06 12:39:35.0781 4936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/07/06 12:39:35.0823 4936 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/07/06 12:39:35.0873 4936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/07/06 12:39:35.0906 4936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/07/06 12:39:36.0087 4936 ApfiltrService (9325e49d555d8f12ce1735227dbb3d80) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/07/06 12:39:36.0152 4936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/07/06 12:39:36.0270 4936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/07/06 12:39:36.0336 4936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/06 12:39:36.0470 4936 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/07/06 12:39:36.0580 4936 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys 2011/07/06 12:39:36.0712 4936 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/07/06 12:39:36.0842 4936 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/07/06 12:39:36.0978 4936 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys 2011/07/06 12:39:37.0113 4936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/07/06 12:39:37.0179 4936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/07/06 12:39:37.0298 4936 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys 2011/07/06 12:39:37.0387 4936 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/06 12:39:37.0497 4936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/07/06 12:39:37.0537 4936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/07/06 12:39:37.0606 4936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/07/06 12:39:37.0714 4936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/07/06 12:39:37.0756 4936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/07/06 12:39:37.0816 4936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/07/06 12:39:37.0950 4936 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/07/06 12:39:38.0010 4936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/06 12:39:38.0135 4936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/06 12:39:38.0214 4936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/07/06 12:39:38.0327 4936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/07/06 12:39:38.0490 4936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/06 12:39:38.0520 4936 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/07/06 12:39:38.0552 4936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/06 12:39:38.0584 4936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/07/06 12:39:38.0622 4936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/07/06 12:39:38.0789 4936 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/07/06 12:39:38.0959 4936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/07/06 12:39:39.0023 4936 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys 2011/07/06 12:39:39.0147 4936 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2011/07/06 12:39:39.0218 4936 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2011/07/06 12:39:39.0275 4936 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/07/06 12:39:39.0402 4936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/07/06 12:39:39.0488 4936 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/06 12:39:39.0635 4936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/07/06 12:39:39.0730 4936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/07/06 12:39:39.0890 4936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/07/06 12:39:39.0976 4936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/07/06 12:39:40.0111 4936 ewusbnet (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys 2011/07/06 12:39:40.0243 4936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/07/06 12:39:40.0364 4936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/07/06 12:39:40.0470 4936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/06 12:39:40.0591 4936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/07/06 12:39:40.0643 4936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/07/06 12:39:40.0758 4936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/06 12:39:40.0860 4936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/07/06 12:39:41.0092 4936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/06 12:39:41.0158 4936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/07/06 12:39:41.0304 4936 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/07/06 12:39:41.0399 4936 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/07/06 12:39:41.0547 4936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/06 12:39:41.0603 4936 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/07/06 12:39:41.0695 4936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/07/06 12:39:41.0751 4936 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/07/06 12:39:41.0795 4936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/07/06 12:39:41.0945 4936 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/07/06 12:39:42.0027 4936 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/07/06 12:39:42.0182 4936 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/07/06 12:39:42.0258 4936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/07/06 12:39:42.0416 4936 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/07/06 12:39:42.0503 4936 hwusbfake (089085538885367e281686762a973eb5) C:\Windows\system32\DRIVERS\ewusbfake.sys 2011/07/06 12:39:42.0625 4936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/07/06 12:39:42.0704 4936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/06 12:39:42.0854 4936 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys 2011/07/06 12:39:42.0934 4936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/07/06 12:39:43.0121 4936 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/07/06 12:39:43.0281 4936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/07/06 12:39:43.0415 4936 IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys 2011/07/06 12:39:43.0574 4936 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/07/06 12:39:43.0621 4936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/06 12:39:43.0682 4936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/06 12:39:43.0843 4936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/07/06 12:39:43.0884 4936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/07/06 12:39:44.0029 4936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/07/06 12:39:44.0064 4936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/07/06 12:39:44.0131 4936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/06 12:39:44.0264 4936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/07/06 12:39:44.0328 4936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/07/06 12:39:44.0476 4936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/06 12:39:44.0520 4936 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 2011/07/06 12:39:44.0592 4936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/06 12:39:44.0763 4936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/06 12:39:44.0829 4936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/07/06 12:39:44.0870 4936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/07/06 12:39:44.0992 4936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/07/06 12:39:45.0039 4936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/07/06 12:39:45.0096 4936 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 2011/07/06 12:39:45.0242 4936 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys 2011/07/06 12:39:45.0388 4936 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys 2011/07/06 12:39:45.0433 4936 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys 2011/07/06 12:39:45.0518 4936 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/07/06 12:39:45.0637 4936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/07/06 12:39:45.0727 4936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/07/06 12:39:45.0894 4936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/07/06 12:39:45.0954 4936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/06 12:39:45.0988 4936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/06 12:39:46.0083 4936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/06 12:39:46.0122 4936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/07/06 12:39:46.0220 4936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/07/06 12:39:46.0375 4936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/06 12:39:46.0478 4936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/07/06 12:39:46.0602 4936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/07/06 12:39:46.0695 4936 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/06 12:39:46.0755 4936 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/06 12:39:46.0841 4936 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/06 12:39:46.0914 4936 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/07/06 12:39:46.0993 4936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/07/06 12:39:47.0254 4936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/07/06 12:39:47.0314 4936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/07/06 12:39:47.0420 4936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/06 12:39:47.0451 4936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/06 12:39:47.0516 4936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/07/06 12:39:47.0705 4936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/07/06 12:39:47.0778 4936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/06 12:39:47.0933 4936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/07/06 12:39:48.0012 4936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/07/06 12:39:48.0142 4936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/06 12:39:48.0244 4936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/07/06 12:39:48.0343 4936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/06 12:39:48.0383 4936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/06 12:39:48.0462 4936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/06 12:39:48.0579 4936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/07/06 12:39:48.0624 4936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/06 12:39:48.0691 4936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/06 12:39:48.0883 4936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/07/06 12:39:48.0992 4936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/07/06 12:39:49.0130 4936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/06 12:39:49.0242 4936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/07/06 12:39:49.0418 4936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/07/06 12:39:49.0469 4936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/07/06 12:39:49.0745 4936 nvlddmkm (442eac1b12acf1bad6f1224167e034c8) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/07/06 12:39:50.0145 4936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/07/06 12:39:50.0185 4936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/07/06 12:39:50.0212 4936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/07/06 12:39:50.0455 4936 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/07/06 12:39:50.0538 4936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/07/06 12:39:50.0671 4936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/07/06 12:39:50.0718 4936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/07/06 12:39:50.0800 4936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/07/06 12:39:50.0859 4936 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/07/06 12:39:51.0023 4936 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/07/06 12:39:51.0105 4936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/07/06 12:39:51.0496 4936 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\Windows\system32\DRIVERS\lv302af.sys 2011/07/06 12:39:51.0641 4936 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\Windows\system32\DRIVERS\LV302V32.SYS 2011/07/06 12:39:51.0893 4936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/06 12:39:51.0937 4936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/07/06 12:39:52.0036 4936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/06 12:39:52.0168 4936 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys 2011/07/06 12:39:52.0266 4936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/07/06 12:39:52.0416 4936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/07/06 12:39:52.0467 4936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/06 12:39:52.0632 4936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/06 12:39:52.0692 4936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/06 12:39:52.0763 4936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/06 12:39:52.0928 4936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/06 12:39:52.0994 4936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/06 12:39:53.0048 4936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/06 12:39:53.0171 4936 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/07/06 12:39:53.0204 4936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/06 12:39:53.0275 4936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/07/06 12:39:53.0330 4936 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys 2011/07/06 12:39:53.0461 4936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/06 12:39:53.0511 4936 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/07/06 12:39:53.0584 4936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/07/06 12:39:53.0631 4936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/07/06 12:39:53.0818 4936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/07/06 12:39:53.0867 4936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/07/06 12:39:53.0948 4936 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys 2011/07/06 12:39:54.0073 4936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/07/06 12:39:54.0111 4936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/06 12:39:54.0141 4936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/07/06 12:39:54.0262 4936 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/07/06 12:39:54.0332 4936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/07/06 12:39:54.0367 4936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/07/06 12:39:54.0415 4936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/07/06 12:39:54.0562 4936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/07/06 12:39:54.0625 4936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/07/06 12:39:54.0720 4936 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/07/06 12:39:54.0873 4936 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/06 12:39:54.0915 4936 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/06 12:39:55.0061 4936 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/07/06 12:39:55.0156 4936 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys 2011/07/06 12:39:55.0310 4936 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys 2011/07/06 12:39:55.0368 4936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/06 12:39:55.0417 4936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/07/06 12:39:55.0526 4936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/07/06 12:39:55.0569 4936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/07/06 12:39:55.0680 4936 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/07/06 12:39:55.0892 4936 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/06 12:39:56.0059 4936 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys 2011/07/06 12:39:56.0118 4936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/06 12:39:56.0170 4936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/07/06 12:39:56.0278 4936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/07/06 12:39:56.0347 4936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/06 12:39:56.0420 4936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/06 12:39:56.0504 4936 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys 2011/07/06 12:39:56.0682 4936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/06 12:39:56.0736 4936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/07/06 12:39:56.0798 4936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/06 12:39:56.0936 4936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/07/06 12:39:57.0000 4936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/06 12:39:57.0173 4936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/06 12:39:57.0213 4936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/07/06 12:39:57.0259 4936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/07/06 12:39:57.0382 4936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/07/06 12:39:57.0431 4936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/06 12:39:57.0514 4936 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 2011/07/06 12:39:57.0704 4936 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/07/06 12:39:57.0766 4936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/06 12:39:57.0939 4936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/07/06 12:39:58.0000 4936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/06 12:39:58.0073 4936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/06 12:39:58.0195 4936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/07/06 12:39:58.0254 4936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/06 12:39:58.0386 4936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/06 12:39:58.0454 4936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/06 12:39:58.0504 4936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/06 12:39:58.0653 4936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/06 12:39:58.0695 4936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/07/06 12:39:58.0735 4936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/07/06 12:39:58.0787 4936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/07/06 12:39:58.0949 4936 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/07/06 12:39:59.0009 4936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/07/06 12:39:59.0091 4936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/07/06 12:39:59.0218 4936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/07/06 12:39:59.0278 4936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/07/06 12:39:59.0334 4936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/07/06 12:39:59.0466 4936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/06 12:39:59.0497 4936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/06 12:39:59.0545 4936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/07/06 12:39:59.0699 4936 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/06 12:39:59.0852 4936 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys 2011/07/06 12:39:59.0977 4936 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/07/06 12:40:00.0115 4936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 2011/07/06 12:40:00.0264 4936 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/07/06 12:40:00.0305 4936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/06 12:40:00.0401 4936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/06 12:40:00.0538 4936 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys 2011/07/06 12:40:00.0614 4936 yukonwlh (2d07e65ed0023bb10b13a912b27dfb1a) C:\Windows\system32\DRIVERS\yk60x86.sys 2011/07/06 12:40:00.0707 4936 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/07/06 12:40:00.0733 4936 Boot (0x1200) (bf1bf63bc1dc135887607c4ac32cb868) \Device\Harddisk0\DR0\Partition0 2011/07/06 12:40:00.0769 4936 Boot (0x1200) (0defe903d5ca5d1f18cf7b22f90d464b) \Device\Harddisk0\DR0\Partition1 2011/07/06 12:40:00.0777 4936 ================================================================================ 2011/07/06 12:40:00.0777 4936 Scan finished 2011/07/06 12:40:00.0777 4936 ================================================================================ 2011/07/06 12:40:00.0796 4340 Detected object count: 0 2011/07/06 12:40:00.0796 4340 Actual detected object count: 0 Grüße Fariman |
|
06.07.2011, 12:34
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC wieder frei nach Trojaner packed.win32.katusha.n? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.07.2011, 19:07
| #9 |
| | PC wieder frei nach Trojaner packed.win32.katusha.n? OK, vielen Dank! Hier ist die Datei von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 11-07-07.03 - Farnaz 07.07.2011 19:35:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.846 [GMT 2:00]
ausgeführt von:: c:\users\Farnaz\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Farnaz\avira_antivir_personal_en.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\Thumbs.db
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-07 bis 2011-07-07 ))))))))))))))))))))))))))))))
.
.
2011-07-07 17:48 . 2011-07-07 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-05 11:59 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B7ABF01-E28D-42E6-90F9-10005324A5F8}\mpengine.dll
2011-07-04 20:45 . 2011-07-04 20:45 -------- d-----w- C:\_OTL
2011-07-03 09:31 . 2011-07-03 09:31 -------- d-----w- c:\users\Farnaz\AppData\Roaming\Malwarebytes
2011-07-03 09:31 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-03 09:31 . 2011-07-03 09:31 -------- d-----w- c:\programdata\Malwarebytes
2011-07-03 09:31 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-03 09:31 . 2011-07-03 09:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-02 18:05 . 2011-07-03 09:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-02 18:05 . 2011-07-03 09:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-01 12:39 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-30 11:43 . 2011-06-30 11:43 -------- d-----w- c:\users\Farnaz\.pdfsam
2011-06-30 09:20 . 2011-06-30 09:20 -------- d-----w- c:\users\Farnaz\AppData\Roaming\HP
2011-06-30 09:20 . 2011-06-30 09:20 -------- d-----w- c:\users\Farnaz\AppData\Local\HP
2011-06-29 20:37 . 2011-06-29 20:37 -------- d-----w- c:\users\Farnaz\AppData\Local\DDMSettings
2011-06-29 19:54 . 2009-10-21 13:29 320512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp101.dll
2011-06-29 19:30 . 2011-06-29 19:30 -------- d-----w- c:\program files\Common Files\HP
2011-06-29 19:30 . 2011-06-29 19:30 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2011-06-29 19:28 . 2009-10-30 04:15 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2011-06-29 19:28 . 2009-09-10 17:44 966656 ----a-w- c:\windows\system32\hpost_p04b.dll
2011-06-29 19:28 . 2009-09-10 17:44 887296 ----a-w- c:\windows\system32\hposwia_p04b.dll
2011-06-29 19:28 . 2009-09-10 17:44 315392 ----a-w- c:\windows\system32\hposc_p04a.dll
2011-06-29 19:28 . 2009-10-22 00:55 452736 ----a-w- c:\windows\system32\hpzids01.dll
2011-06-29 19:28 . 2009-10-21 13:29 125440 ----a-w- c:\windows\system32\hpf3l101.dll
2011-06-29 19:27 . 2011-06-29 19:32 -------- d-----w- c:\program files\HP
2011-06-29 19:24 . 2011-06-29 19:32 -------- d-----w- c:\programdata\HP
2011-06-16 06:39 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 06:39 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 06:39 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 06:39 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 06:39 . 2011-05-02 17:19 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-16 06:39 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 06:39 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 06:39 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 06:39 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 06:39 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 06:39 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-13 07:28 . 2011-06-13 07:28 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 17:14 . 2009-10-04 21:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:52 . 2010-05-20 18:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-03-18 17:56 . 2011-03-25 20:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-03-10 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-23 185872]
"Skytel"="Skytel.exe" [2008-01-23 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-23 4718592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 137752]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-02-12 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-12 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-12 8497696]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-04-11 36864]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-11 2403840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-26 67128]
ScanPanel.lnk - c:\scanpanel\ScnPanel.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-03-10 229376]
S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2011-02-07 3576152]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-12-17 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-11 21:56]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003Core.job
- c:\users\Farnaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 14:10]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003UA.job
- c:\users\Farnaz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-10 14:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Farnaz\AppData\Roaming\Mozilla\Firefox\Profiles\xemq39u6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.zeit.de/index
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-VoipDiscount - c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-InternetCalls - c:\program files\InternetCalls.com\InternetCalls\InternetCalls.exe
HKCU-Run-sbitunesagent - c:\program files\Songbird\songbirditunesagent.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-07 19:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\TEMP\TMP0000001321D1E516F941CE6F 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3606831740-725026975-3834506516-1003\Software\SecuROM\License information*]
"datasecu"=hex:cc,0c,11,2b,a2,59,e7,ca,e6,a7,7c,17,bf,c1,81,fd,90,95,36,90,b2,
dd,3e,b4,ba,09,e6,c2,b3,d2,80,6a,bf,31,e8,ef,99,ea,28,84,94,0b,9a,f4,fd,75,\
"rkeysecu"=hex:a3,af,4f,d4,06,5d,02,c7,4c,70,5e,33,ca,f7,08,ba
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(10336)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-07 19:59:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-07-07 17:59
.
Vor Suchlauf: 9 Verzeichnis(se), 30.651.682.816 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 34.477.649.920 Bytes frei
.
- - End Of File - - 444B118F9F0526DC09E7A6293351506E
___________________________________________________ Erkennt man da jetzt schon was? Viele Grüße und Danke! Fariman |
|
07.07.2011, 21:33
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC wieder frei nach Trojaner packed.win32.katusha.n? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2011, 18:53
| #11 |
| | PC wieder frei nach Trojaner packed.win32.katusha.n? Hallo Arne! Im Anhang die Dateien von GMER und MBRCheck! Den OSAM Log findest du hier: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:39:49 on 16.07.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Google Inc. Google Chrome 0.0.0.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003Core.job" - "Google Inc." - C:\Users\Farnaz\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3606831740-725026975-3834506516-1003UA.job" - "Google Inc." - C:\Users\Farnaz\AppData\Local\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\Users\Farnaz\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "fxldipoc" (fxldipoc) - ? - C:\Users\Farnaz\AppData\Local\Temp\fxldipoc.sys (Hidden registry entry, rootkit activity | File not found) "GEAR ASPI Filter Driver" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\DRIVERS\GEARAspiWDM.sys "Huawei MobileBroadband USB PNP Device" (ew_hwusbdev) - ? - C:\Windows\System32\DRIVERS\ew_hwusbdev.sys (File not found) "huawei_enumerator" (huawei_enumerator) - ? - C:\Windows\System32\DRIVERS\ew_jubusenum.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll (File found, but it contains no detailed information) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Your Company Name" - C:\PROGRA~1\GOOGLE~1\BAE.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Farnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "Logitech Desktop Messenger.lnk" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Shortcut exists | File exists) "ScanPanel.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanPanel.lnk (Shortcut exists | File not found) "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "NSUFloatingUI" - "Sony Corporation" - "C:\Program Files\Sony\Network Utility\LANUtil.exe" "Yahoo! Pager" - "Yahoo! Inc." - "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LogitechCommunicationsManager" - "Logitech Inc." - "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" "LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "MarketingTools" - "Sony NSCE" - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe "MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NMSAccess" (NMSAccess) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "NSUService" (NSUService) - "Sony Corporation" - C:\Program Files\Sony\Network Utility\NSUService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PACSPTISVR" (PACSPTISVR) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe "Radio.fx Server" (Radio.fx) - ? - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe "Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe "Windows Live Setup Service" (WLSetupSvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\installer\WLSetupSvc.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "BMI over [MSAFD-Tcpip [RAW/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll "BMI over [MSAFD-Tcpip [TCP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll "BMI over [MSAFD-Tcpip [UDP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Viele Grüße Fariman |
|
17.07.2011, 17:33
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC wieder frei nach Trojaner packed.win32.katusha.n? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu PC wieder frei nach Trojaner packed.win32.katusha.n? |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, alert, antivir, avira, bho, bonjour, c:\windows\system32\rundll32.exe, cdburnerxp, defender, desktop, eigene bilder, error, explorer, firefox, format, google, hewlett packard, home, hängen, logfile, malware, nicht sicher, nvlddmkm.sys, nvstor.sys, otl-scan, plug-in, realtek, registry, rundll, server, software, start menu, temp, trojaner, vista, vodafone, wrapper |
Linear-Darstellung
