![]() |
|
Log-Analyse und Auswertung: S.M.A.R.T HDD / Spyhunter 4 - Daten noch zu retten?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() S.M.A.R.T HDD / Spyhunter 4 - Daten noch zu retten? Hallo, liebes Trojaner-Board-Team, leider habe ich mir irgendwo den S.M.A.R.T. HDD - Virus eingefangen, in meiner Blauäugigkeit WikipediaSecurity blind geglaubt und Spyhunter 4 geloadet. Erst später habe ich in diesem Forum gelesen, dass Spyhunter 4 auch nicht so der Hitt ist. Ich habe schon einige Beiträge zu diesem Virusbefall gelesen und folgende Schritte eingeleitet: 1. Spyhunter deinstalliert - Dateien sind noch auffindbar 2. Versuch S.M.A.R.T. HDD zu deinstallieren, mit dem Erfolg, dass das Programm neustartete. 3. Mit CCleaner eine Programmliste erstellt. 4. DeFogger drübergefegt, die CD/DVD-Emulatoren sind deaktivert. 5. dds geloadet und die beiden Dateien dds.txt und attach.txt erstellt. 6. Den Laptop von GMER scannen lassen. Kein Systemmodifikation erkannt. 7. Malwarebytes geloadet und einen Vollscan durchgeführt, allerdings wusste ich nicht, ob ich die versäuchten Dateien (22 gefunden) löschen soll oder nicht, kann ja sein, dass sie Systemrelevant sind und ich durch das Löschen noch mehr zermalme. Allerdings hab ich den logfile exportiert. Sind meine Daten noch zu retten oder wäre es einfacher, das System (Windows 7, 64 bit) neu draufzuspielen? Für Hilfe, den Virus + Spyhunter wieder zu entfernen, wäre ich sehr dankbar. Ich wünsche euch allen schöne Ostern, Vielen Dank, Nils DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Superman at 20:59:47 on 2012-04-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3828.3023 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\wbem\wmiprvse.exe C:\Users\Superman\Downloads\484w7tlf.exe C:\Program Files\Internet Explorer\iexplore.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://startsear.ch/?aff=3 mStart Page = hxxp://startsear.ch/?aff=3 uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IEPwdBankBHO Class: {56cbb761-da41-4e31-b270-b13b4b0a61d0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE mRun: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe" mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe" mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [<NO NAME>] mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [OfJBmXXIQE.exe] C:\ProgramData\OfJBmXXIQE.exe mRunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage StartupFolder: C:\Users\Superman\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Superman\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - G:\Programme\Icq\ICQ7.5\ICQ.exe IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{ADE9796B-78D7-461B-B15E-7AA2F100AC30} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{ADE9796B-78D7-461B-B15E-7AA2F100AC30}\64259445A51224F6870264F6E60275C414E40273339303 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{ADE9796B-78D7-461B-B15E-7AA2F100AC30}\8416E637 : DhcpNameServer = 192.168.137.1 TCP: Interfaces\{ADE9796B-78D7-461B-B15E-7AA2F100AC30}\A4C4A4B4C484C4 : DhcpNameServer = 192.168.137.1 TCP: Interfaces\{ADE9796B-78D7-461B-B15E-7AA2F100AC30}\C414E4 : DhcpNameServer = 192.168.137.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File {0347C33E-8762-4905-BF09-768834316C61} {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {56CBB761-DA41-4E31-B270-B13B4B0A61D0} BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} {72853161-30C5-4D22-B7F9-0BBC1D38A37E} {9030D464-4C02-4ABF-8ECC-5164760863C6} {D4027C7F-154A-4066-A1AD-4243D8127440} {DBC80044-A445-435b-BC74-9C25C1C588A9} {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} BHO-X64: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} {21FA44EF-376D-4D53-9B0F-8A89D3229068} {32099AAC-C132-4136-9E9A-4E364A424E17} {D4027C7F-154A-4066-A1AD-4243D8127440} TB-X64: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE mRun-x64: [VitaKeyTSR] "C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe" mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun-x64: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun-x64: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe" mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [(Standard)] mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun-x64: [OfJBmXXIQE.exe] C:\ProgramData\OfJBmXXIQE.exe mRunOnce-x64: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent IE-X64: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - G:\Programme\Icq\ICQ7.5\ICQ.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: C:\windows\SysWOW64\nvinit.dll SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook . ============= SERVICES / DRIVERS =============== . R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?] R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S1 avkmgr;avkmgr;C:\windows\system32\DRIVERS\avkmgr.sys --> C:\windows\system32\DRIVERS\avkmgr.sys [?] S1 EgisTecFF;EgisTecFF;C:\windows\system32\DRIVERS\EgisTecFF.sys --> C:\windows\system32\DRIVERS\EgisTecFF.sys [?] S1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?] S1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?] S1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-5 86224] S2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-5 110032] S2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 EgisTec Data Security Service;EgisTec Data Security Service;C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe [2010-5-28 314736] S2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-5-19 322416] S2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-5-28 709488] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\system32\Drivers\FPSensor.sys --> C:\windows\system32\Drivers\FPSensor.sys [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-6 136176] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-9-18 13336] S2 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-6 652360] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-9-18 1620584] S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] S2 RtLedService;RtLedService Installer;C:\Program Files\Realtek\RtLED\RtLEDService.exe [2010-2-5 311296] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-1-31 158856] S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-18 2320920] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 253600] S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?] S3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe [2011-11-20 1527900] S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-6 136176] S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?] S3 IntcDAud;Intel(R) Display-Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?] S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-9-18 509192] S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-9-18 579400] S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\windows\system32\DRIVERS\MAudioFastTrackPro.sys --> C:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [?] S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?] S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 TASCAM_US1800;TASCAM US-1800 Audio Device driver;C:\windows\system32\Drivers\tus1800u.sys --> C:\windows\system32\Drivers\tus1800u.sys [?] S3 TASCAM_US1800_MIDI;TASCAM US-1800 WDM MIDI Device;C:\windows\system32\drivers\tus1800m.sys --> C:\windows\system32\drivers\tus1800m.sys [?] S3 TASCAM_US1800_WDM;TASCAM US-1800 WDM;C:\windows\system32\drivers\tus1800a.sys --> C:\windows\system32\drivers\tus1800a.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 vm332avs;Lenovo Camera2;C:\windows\system32\Drivers\vm332avs.sys --> C:\windows\system32\Drivers\vm332avs.sys [?] S3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] . =============== Created Last 30 ================ . 2012-04-06 16:22:39 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-06 16:08:35 -------- d-----w- C:\Users\Superman\AppData\Roaming\Malwarebytes 2012-04-06 16:08:27 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-06 16:08:26 23152 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-04-06 16:08:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-06 15:43:02 -------- d-----w- C:\sh4ldr 2012-04-06 15:43:02 -------- d-----w- C:\Program Files\Enigma Software Group 2012-04-06 15:42:51 -------- d-----w- C:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP 2012-04-06 14:46:51 221696 ----a-w- C:\ProgramData\VB7hyalqM4xNfP.exe 2012-04-06 14:39:28 299520 ----a-w- C:\ProgramData\OfJBmXXIQE.exe 2012-04-06 10:08:04 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{64455EC6-F2F7-42BF-95CB-69BBF41DB036}\mpengine.dll 2012-04-05 13:52:44 242240 ------w- C:\windows\System32\US-1800.CPL 2012-04-05 13:52:43 50752 ----a-w- C:\windows\System32\drivers\tus1800a.sys 2012-04-05 13:52:43 409664 ----a-w- C:\windows\System32\drivers\tus1800u.sys 2012-04-05 13:52:43 31296 ----a-w- C:\windows\System32\drivers\tus1800m.sys 2012-04-05 13:52:43 -------- d-----w- C:\windows\usb-audio.deTascamUS1800 2012-04-05 05:41:10 -------- d--h--w- C:\Users\Superman\AppData\Roaming\Avira 2012-04-05 05:35:35 97312 ----a-w- C:\windows\System32\drivers\avgntflt.sys 2012-04-05 05:35:35 27760 ----a-w- C:\windows\System32\drivers\avkmgr.sys 2012-04-05 05:35:22 -------- d-----w- C:\ProgramData\Avira 2012-04-05 05:35:22 -------- d-----w- C:\Program Files (x86)\Avira 2012-04-02 14:26:24 8767136 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-01 18:28:10 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-03-31 11:44:19 -------- d--h--w- C:\Program Files\FirefoxPortable 2012-03-14 14:58:06 -------- d--h--w- C:\Users\Superman\AppData\Local\Spotify 2012-03-14 14:57:11 -------- d--h--w- C:\Users\Superman\AppData\Roaming\Spotify 2012-03-14 06:33:07 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-03-14 06:33:06 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 06:33:06 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-03-14 06:09:55 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-03-14 06:09:54 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-03-14 06:09:53 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-03-14 06:09:26 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe 2012-03-14 06:09:26 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-03-14 06:09:26 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-03-14 06:09:25 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-03-14 06:09:25 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-03-14 06:09:25 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-03-14 06:09:25 1031680 ----a-w- C:\windows\System32\rdpcore.dll . ==================== Find3M ==================== . 2012-04-02 14:26:31 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-23 08:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe 2006-05-03 10:06:54 163328 --sha-r- C:\windows\SysWOW64\flvDX.dll 2007-02-21 11:47:16 31232 --sha-r- C:\windows\SysWOW64\msfDX.dll 2008-03-16 13:30:52 216064 --sha-r- C:\windows\SysWOW64\nbDX.dll 2010-01-06 22:00:00 107520 --sha-r- C:\windows\SysWOW64\TAKDSDecoder.dll . ============= FINISH: 20:59:56,00 =============== --- --- --- Attach Logfile: Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 22.03.2011 18:00:31 System Uptime: 06.04.2012 20:47:37 (0 hours ago) . Motherboard: LENOVO | | MoutCook Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU 1 | 2527/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 422 GiB total, 259,885 GiB free. D: is FIXED (NTFS) - 29 GiB total, 27,559 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0000 Manufacturer: Microsoft Name: Microsoft-6zu4-Adapter PNP Device ID: ROOT\*6TO4MP\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-6zu4-Adapter Device ID: ROOT\*6TO4MP\0001 Manufacturer: Microsoft Name: Microsoft-6zu4-Adapter #2 PNP Device ID: ROOT\*6TO4MP\0001 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN Miniport (IKEv2) Device ID: ROOT\MS_AGILEVPNMINIPORT\0000 Manufacturer: Microsoft Name: WAN Miniport (IKEv2) PNP Device ID: ROOT\MS_AGILEVPNMINIPORT\0000 Service: RasAgileVpn . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-ISATAP-Adapter Device ID: ROOT\*ISATAP\0002 Manufacturer: Microsoft Name: Microsoft-ISATAP-Adapter #7 PNP Device ID: ROOT\*ISATAP\0002 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN-Miniport (L2TP) Device ID: ROOT\MS_L2TPMINIPORT\0000 Manufacturer: Microsoft Name: WAN-Miniport (L2TP) PNP Device ID: ROOT\MS_L2TPMINIPORT\0000 Service: Rasl2tp . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-ISATAP-Adapter Device ID: ROOT\*ISATAP\0003 Manufacturer: Microsoft Name: Microsoft-ISATAP-Adapter #8 PNP Device ID: ROOT\*ISATAP\0003 Service: tunnel . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft-Teredo-Tunneling-Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Teredo Tunneling Pseudo-Interface PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN-Miniport (Netzwerkmonitor) Device ID: ROOT\MS_NDISWANBH\0000 Manufacturer: Microsoft Name: WAN-Miniport (Netzwerkmonitor) PNP Device ID: ROOT\MS_NDISWANBH\0000 Service: NdisWan . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN-Miniport (IP) Device ID: ROOT\MS_NDISWANIP\0000 Manufacturer: Microsoft Name: WAN-Miniport (IP) PNP Device ID: ROOT\MS_NDISWANIP\0000 Service: NdisWan . Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Description: Microsoft-Hardware – USB-Maus Device ID: USB\VID_045E&PID_0084\6&18F73C9F&0&3 Manufacturer: Microsoft Name: Microsoft-Hardware – USB-Maus PNP Device ID: USB\VID_045E&PID_0084\6&18F73C9F&0&3 Service: HidUsb . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Lenovo EasyCamera Device ID: USB\VID_5986&PID_A002&MI_00\7&86A86DF&0&0000 Manufacturer: Vimicro Name: Lenovo EasyCamera PNP Device ID: USB\VID_5986&PID_A002&MI_00\7&86A86DF&0&0000 Service: vm332avs . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN-Miniport (IPv6) Device ID: ROOT\MS_NDISWANIPV6\0000 Manufacturer: Microsoft Name: WAN-Miniport (IPv6) PNP Device ID: ROOT\MS_NDISWANIPV6\0000 Service: NdisWan . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN-Miniport (PPPOE) Device ID: ROOT\MS_PPPOEMINIPORT\0000 Manufacturer: Microsoft Name: WAN-Miniport (PPPOE) PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000 Service: RasPppoe . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN-Miniport (PPTP) Device ID: ROOT\MS_PPTPMINIPORT\0000 Manufacturer: Microsoft Name: WAN-Miniport (PPTP) PNP Device ID: ROOT\MS_PPTPMINIPORT\0000 Service: PptpMiniport . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: WAN-Miniport (SSTP) Device ID: ROOT\MS_SSTPMINIPORT\0000 Manufacturer: Microsoft Name: WAN-Miniport (SSTP) PNP Device ID: ROOT\MS_SSTPMINIPORT\0000 Service: RasSstp . ==== System Restore Points =================== . RP155: 23.03.2012 07:32:06 - Windows Update RP156: 27.03.2012 13:26:16 - Windows Update RP157: 29.03.2012 07:45:58 - Windows Update RP158: 31.03.2012 12:37:23 - Wiederherstellungsvorgang RP159: 31.03.2012 12:57:44 - Windows Update RP160: 31.03.2012 13:21:02 - Wiederherstellungsvorgang RP161: 31.03.2012 18:16:11 - Windows Update RP162: 05.04.2012 15:52:58 - Gerätetreiber-Paketinstallation: TASCAM USB-Controller RP163: 05.04.2012 15:53:38 - Gerätetreiber-Paketinstallation: TASCAM Audio-, Video- und Gamecontroller RP164: 05.04.2012 15:54:08 - Gerätetreiber-Paketinstallation: TASCAM Audio-, Video- und Gamecontroller RP165: 06.04.2012 12:07:13 - Windows Update RP167: 06.04.2012 17:00:02 - Windows Defender Checkpoint . ==== Installed Programs ====================== . Adobe Reader X (10.1.2) - Deutsch Adobe Shockwave Player 11.6 AGEIA PhysX v7.09.13 AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Ashampoo Burning Studio 6 FREE Ask Toolbar Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver aTube Catcher Audacity 1.2.6 Avira Free Antivirus BioExcess Broadcom 802.11 Wireless Driver BufferChm Call of Duty(R) - World at War(TM) Call of Duty(R) - World at War(TM) 1.1 Patch Call of Duty(R) 4 - Modern Warfare(TM) Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch capella-scan 7.0 capella 1200 Copy Cuttermaran 1.70 CyberLink YouCam DAEMON Tools Lite DAEMON Tools Toolbar Destinations DeviceDiscovery DocProc Dropbox DVDStyler v2.1 Empire Earth Energy Management F300 F300_Help F300Trb Fax Firebird SQL Server - MAGIX Edition (D) Free Audio Converter version 2.3.1.718 Free Video Dub version 2.0.2.1124 Google Chrome Google Update Helper GPBaseService2 HFSExplorer 0.20.1 HP Update HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply ICQ7.5 Intel(R) Control Center Intel(R) Graphics Media Accelerator Driver Intel(R) Management Engine Components Intel(R) Rapid Storage Technology Java Auto Updater Java(TM) 6 Update 22 Java(TM) 6 Update 29 Junk Mail filter update Lenovo EasyCamera Lenovo OneKey Recovery Lenovo ReadyComm 5 Lenovo ReadyComm 5.0 Service Lenovo Security Suite Linux MultiMedia Studio (LMMS) Live 8.0.1 Live 8.2.2 LMMS 0.4.12 MAGIX Foto Clinic 5.0 (D) MAGIX Foto Manager 2006 (D) MAGIX Music Maker Schulversion (D) MAGIX Music Studio Schulversion (D) MAGIX Online Druck Service (D) MAGIX Video deluxe Schulversion (D) Malwarebytes Anti-Malware Version 1.60.1.1000 MarketResearch McAfee Security Scan Plus Microsoft Choice Guard Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XML Parser MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Updatus OpenOffice.org 3.3 PhotoFiltre Port Locker Power2Go Proun Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Skype™ 5.8 SmartWebPrinting SolutionCenter Spotify Status SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 Switch Audiodatei-Konverter Text-To-Speech-Runtime TmNationsForever Toolbox TOU TrayApp UnloadSupport Unreal Tournament 3 (LG) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 1.1.11 WebReg Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Toolbar Windows Live Writer . ==== End Of File =========================== Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.06.05 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Superman :: SUPERMAN-PC [limitiert] Schutz: Deaktiviert 06.04.2012 18:10:43 mbam-log-2012-04-06 (20-01-33).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 511047 Laufzeit: 1 Stunde(n), 24 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|OfJBmXXIQE.exe (Backdoor.Agent.RCGen) -> Daten: C:\ProgramData\OfJBmXXIQE.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: StartSearchTB -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 3 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=3) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://startsear.ch/?aff=3) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\ProgramData\OfJBmXXIQE.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt. C:\Program Files (x86)\StartSearch plugin\ssBarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt. C:\ProgramData\VB7hyalqM4xNfP.exe (Backdoor.Agent.RCGen) -> Keine Aktion durchgeführt. C:\Users\Superman\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Keine Aktion durchgeführt. D:\Battle of the Immortals\Bin\pp\perfectprotector-x64.sys (Trojan.Agent) -> Keine Aktion durchgeführt. (Ende) Geändert von Gimli Bimli (07.04.2012 um 11:57 Uhr) |
Themen zu S.M.A.R.T HDD / Spyhunter 4 - Daten noch zu retten? |
4d36e972-e325-11ce-bfc1-08002be10318, acrobat update, avgnt, backdoor.agent.rcgen, beiträge, bli, ccleaner, dateien, dateisystem, daten, device driver, durchgeführt, eingefangen, enigma, entfernen, folge, folgende, forum, gmer, heuristiks/extra, heuristiks/shuriken, hijack.startpage, laptop, lenovo, locker, logfile, löschen, malwarebytes, notification, nvidia update, nvpciflt.sys, ostern, plug-in, pmmupdate.exe, programm, pup.bundleinstaller.somoto, retten, s.m.a.r.t., s.m.a.r.t. hdd, scan, scannen, security scan, smart hdd, spyhunter 4, startsearch, usb 2.0, virus, virusbefall, windows, windows 7, windows 7 home, world at war |