| |
| |||||||
Log-Analyse und Auswertung: Infizierung mit malware-genWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.02.2010, 11:37
| #1 |
 |  Infizierung mit malware-gen sehr geehrte damen und herren, ich hoffe sie können mir bei der lösung des folgenden problems helfen, seit ein paar tagen, wenn ich im internet bin findet mein antivirenprogramm namens avast folgende datei: Objekt:Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ykig.tmp Infektion: Win32:Malware-gen Aktion: In Container verschoben Prozess C:\Windows\system32\svchost.exe diese datei wird wenn ich internet bin ca. alle 15 min gefunden und das ist doch sehr nervend. ich habe auch im internet nach einer lösung gesucht, aber da ich mich nicht so gut mit dem pc auskenne, weiss ich nicht mehr weiter. daraufhin habe ich ihre homepage gefunden und alle aktionen die sie vor dem posten eines themas empfehlen durchgeführt. CCleaner hat alles gelöscht Malware log steht unten dabei und bei RSIT hatte ich folgendes problem: das log wurde erzeugt unten gepostet, die info datei fehlt. es öffnete sich nämlich ein fenster: AutoIt Error line-1: Error: Variables used without being declared. Ich hoffe sie können mit diesen information etwas anfangen und mir mit diesem problem weiterhelfen. vielen dank im voraus. mfg Markus Das malware log Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3694 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.02.2010 10:34:20 mbam-log-2010-02-10 (10-34-20).txt Scan-Methode: Vollständiger Scan (C:\|E:\|) Durchsuchte Objekte: 224585 Laufzeit: 1 hour(s), 24 minute(s), 48 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Rsit log Logfile of random's system information tool 1.06 (written by random/random) Run by Tool Pusher at 2010-02-10 11:08:13 Microsoft Windows 7 Home Premium System drive C: has 84 GB (44%) free of 191 GB Total RAM: 3070 MB (59% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:08:15, on 10.02.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\taskeng.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\3DataManager\3DataManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Tool Pusher\Desktop\RSIT.exe C:\Program Files\trend micro\Tool Pusher.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14978&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E52D3DF9-D9EA-464A-9CE0-2FFD8118B593}: NameServer = 213.94.78.16 213.94.78.17 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: WTGService - Unknown owner - C:\Program Files\3DataManager\WTGService.exe -- End of file - 8042 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-24 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-24 34816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-28 7625248] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-29 98304] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup VPN Client.lnk - C:\Windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticetext"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\.\Autorun.exe AUTORUN=1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{363be41b-bf2f-11de-8f8f-0024d2dc08d3}] shell\AutoRun\command - G:\.\Autorun.exe AUTORUN=1 ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-02-10 10:46:15 ----D---- C:\rsit 2010-02-10 10:46:15 ----D---- C:\Program Files\trend micro 2010-02-09 13:47:46 ----D---- C:\Program Files\CCleaner 2010-02-09 11:52:51 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2010-02-09 11:51:04 ----D---- C:\Users\Tool Pusher\AppData\Roaming\SUPERAntiSpyware.com 2010-02-09 11:51:04 ----D---- C:\Program Files\SUPERAntiSpyware 2010-02-09 11:49:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-02-05 18:58:23 ----D---- C:\Users\Tool Pusher\AppData\Roaming\Malwarebytes 2010-02-05 18:58:17 ----D---- C:\ProgramData\Malwarebytes 2010-02-05 18:58:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-05 13:23:12 ----D---- C:\Windows\Minidump 2010-02-05 13:08:36 ----A---- C:\Windows\system32\aswBoot.exe 2010-02-05 13:08:33 ----D---- C:\ProgramData\Alwil Software 2010-02-05 13:08:33 ----D---- C:\Program Files\Alwil Software 2010-02-03 15:15:11 ----D---- C:\Program Files\Adobe 2010-02-01 17:39:47 ----D---- C:\Users\Tool Pusher\AppData\Roaming\vlc 2010-01-27 16:56:16 ----A---- C:\Windows\system32\winlogon.exe 2010-01-27 16:56:16 ----A---- C:\Windows\explorer.exe 2010-01-22 14:06:39 ----A---- C:\Windows\system32\mshtml.dll 2010-01-22 14:06:38 ----A---- C:\Windows\system32\wininet.dll 2010-01-22 14:06:38 ----A---- C:\Windows\system32\urlmon.dll 2010-01-22 14:06:38 ----A---- C:\Windows\system32\ieframe.dll 2010-01-22 14:06:38 ----A---- C:\Windows\system32\iedkcs32.dll 2010-01-22 14:06:37 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-01-20 10:24:16 ----D---- C:\ProgramData\Office Genuine Advantage 2010-01-17 14:28:49 ----A---- C:\Windows\system32\dneinobj.dll 2010-01-17 14:28:29 ----D---- C:\Program Files\Common Files\Deterministic Networks 2010-01-17 14:28:26 ----D---- C:\Program Files\Cisco Systems 2010-01-16 12:30:00 ----A---- C:\Windows\system32\MRT.exe 2010-01-13 12:59:47 ----A---- C:\Windows\system32\t2embed.dll 2010-01-13 12:59:47 ----A---- C:\Windows\system32\fontsub.dll ======List of files/folders modified in the last 1 months====== 2010-02-10 10:49:45 ----D---- C:\Windows\Prefetch 2010-02-10 10:47:56 ----D---- C:\Windows\system32\config 2010-02-10 10:46:15 ----RD---- C:\Program Files 2010-02-10 10:39:22 ----D---- C:\Windows\System32 2010-02-10 10:39:22 ----D---- C:\Windows\inf 2010-02-10 10:39:22 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-02-10 10:38:35 ----D---- C:\Windows\Temp 2010-02-10 09:07:38 ----D---- C:\Windows 2010-02-10 00:13:53 ----D---- C:\Users\Tool Pusher\AppData\Roaming\BitTorrent 2010-02-09 14:59:16 ----D---- C:\Windows\system32\catroot2 2010-02-09 13:49:20 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-02-09 12:58:29 ----D---- C:\Users\Tool Pusher\AppData\Roaming\3DataManager 2010-02-09 11:57:18 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-02-09 11:52:51 ----HD---- C:\ProgramData 2010-02-09 11:52:18 ----SHD---- C:\Windows\Installer 2010-02-09 11:52:18 ----SHD---- C:\Config.Msi 2010-02-09 11:50:18 ----SHD---- C:\System Volume Information 2010-02-09 11:49:46 ----D---- C:\Program Files\Common Files 2010-02-06 11:22:18 ----D---- C:\Windows\system32\drivers 2010-02-05 13:15:15 ----D---- C:\Windows\debug 2010-02-05 13:09:07 ----D---- C:\Windows\winsxs 2010-02-03 15:15:15 ----D---- C:\ProgramData\Adobe 2010-02-03 15:15:15 ----D---- C:\Program Files\Common Files\Adobe 2010-02-01 16:51:02 ----D---- C:\Windows\system32\Tasks 2010-02-01 16:43:16 ----SD---- C:\Users\Tool Pusher\AppData\Roaming\Microsoft 2010-01-28 03:00:34 ----D---- C:\Program Files\Internet Explorer 2010-01-27 16:56:09 ----D---- C:\Windows\system32\catroot 2010-01-26 17:28:46 ----D---- C:\Users\Tool Pusher\AppData\Roaming\PrimoPDF 2010-01-21 00:03:52 ----D---- C:\Users\Tool Pusher\AppData\Roaming\Apple Computer 2010-01-19 17:41:49 ----D---- C:\Windows\system32\zh-TW 2010-01-19 17:41:49 ----D---- C:\Windows\system32\zh-HK 2010-01-19 17:41:49 ----D---- C:\Windows\system32\tr-TR 2010-01-19 17:41:49 ----D---- C:\Windows\system32\sv-SE 2010-01-19 17:41:49 ----D---- C:\Windows\system32\pt-BR 2010-01-19 17:41:49 ----D---- C:\Windows\system32\nl-NL 2010-01-19 17:41:49 ----D---- C:\Windows\system32\nb-NO 2010-01-19 17:41:49 ----D---- C:\Windows\system32\ko-KR 2010-01-19 17:41:49 ----D---- C:\Windows\system32\it-IT 2010-01-19 17:41:49 ----D---- C:\Windows\system32\he-IL 2010-01-19 17:41:49 ----D---- C:\Windows\system32\fr-FR 2010-01-19 17:41:49 ----D---- C:\Windows\system32\fi-FI 2010-01-19 17:41:49 ----D---- C:\Windows\system32\es-ES 2010-01-19 17:41:49 ----D---- C:\Windows\system32\en-US 2010-01-19 17:41:49 ----D---- C:\Windows\system32\el-GR 2010-01-19 17:41:49 ----D---- C:\Windows\system32\de-DE 2010-01-19 17:41:49 ----D---- C:\Windows\system32\da-DK 2010-01-19 17:41:49 ----D---- C:\Windows\system32\ar-SA 2010-01-17 14:28:50 ----D---- C:\Windows\system32\DriverStore 2010-01-15 12:30:18 ----D---- C:\Windows\Logs 2010-01-14 03:01:17 ----D---- C:\ProgramData\Microsoft Help 2010-01-13 19:17:11 ----D---- C:\Users\Tool Pusher\AppData\Roaming\dvdcss |
|
12.02.2010, 22:58
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infizierung mit malware-gen Hallo und
__________________ - bitte einen Vollscan mit Malwarebytes wiederholen, die Signaturen (Datenbankversion) waren nicht ganz aktuell - RSIT Logfile ist nicht vollständig und die info.txt fehlt, bitte nachreichen - mach auch einen Scan mit GMER und poste das Log
__________________ |
|
13.02.2010, 01:47
| #3 | |
  | Infizierung mit malware-gen hey cosinus, du hast da glaub was überlesen:
__________________Zitat:
__________________ |
|
13.02.2010, 09:56
| #4 |
| /// Helfer-Team | Infizierung mit malware-gen RSIT im Kompatibilitätsmodus ausführen. |
|
14.02.2010, 20:32
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit malware-genZitat:
 @ToolPusher, wenn RSIT nicht will, kannst Du auch ein Log mit OTL machen: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2010, 21:38
| #6 |
| | Infizierung mit malware-gen Hallo, vielen dank für die ersten antworten. also, RSIT hab ich im kompatibilitätsmodus ausgeführt und hier sind log und info maleware steht weiter unten aaabbbeerrr, bei GMER bekam ich bei drei versuchen 2 blue screens und eine meldung, dass das programm auf grund eines fehlers beendet wird. und mittlerweile bekomme ich auch im internet immer öfter einen blue screen so nach 10 bis 15 minuten, und das nervt mich schon total. ich bin schon knapp davor den pc mit mit meinem vorschlaghammer bekanntschaft schließen zu lasen  ich bitte euch inständig mir zu helfen!!! wiederum vielen dank im voraus mfg Tool Pusher log Logfile of random's system information tool 1.06 (written by random/random) Run by Tool Pusher at 2010-02-14 21:21:24 Microsoft Windows 7 Home Premium Service Pack 2 System drive C: has 96 GB (50%) free of 191 GB Total RAM: 3070 MB (70% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:21:33, on 14.02.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Users\Tool Pusher\Desktop\RSIT.exe C:\Program Files\trend micro\Tool Pusher.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14978&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing) O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: WTGService - Unknown owner - C:\Program Files\3DataManager\WTGService.exe -- End of file - 7810 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-24 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-24 34816] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1348904] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-07-28 7625248] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-29 98304] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup VPN Client.lnk - C:\Windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticetext"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - G:\.\Autorun.exe AUTORUN=1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{363be41b-bf2f-11de-8f8f-0024d2dc08d3}] shell\AutoRun\command - G:\.\Autorun.exe AUTORUN=1 ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-02-14 12:47:04 ----A---- C:\Windows\ntbtlog.txt 2010-02-11 09:39:42 ----A---- C:\Windows\system32\quartz.dll 2010-02-11 09:39:41 ----A---- C:\Windows\system32\msyuv.dll 2010-02-11 09:39:41 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-11 09:39:41 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-11 09:39:41 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-11 09:39:41 ----A---- C:\Windows\system32\avifil32.dll 2010-02-11 09:39:40 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-11 09:39:40 ----A---- C:\Windows\system32\msrle32.dll 2010-02-11 09:39:39 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2010-02-11 09:39:39 ----A---- C:\Windows\system32\secproc_ssp.dll 2010-02-11 09:39:39 ----A---- C:\Windows\system32\secproc_isv.dll 2010-02-11 09:39:39 ----A---- C:\Windows\system32\secproc.dll 2010-02-11 09:39:39 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2010-02-11 09:39:39 ----A---- C:\Windows\system32\RMActivate_isv.exe 2010-02-11 09:39:39 ----A---- C:\Windows\system32\RMActivate.exe 2010-02-11 09:39:38 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2010-02-10 10:46:15 ----D---- C:\rsit 2010-02-10 10:46:15 ----D---- C:\Program Files\trend micro 2010-02-09 13:47:46 ----D---- C:\Program Files\CCleaner 2010-02-09 11:52:51 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2010-02-09 11:51:04 ----D---- C:\Users\Tool Pusher\AppData\Roaming\SUPERAntiSpyware.com 2010-02-09 11:51:04 ----D---- C:\Program Files\SUPERAntiSpyware 2010-02-09 11:49:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-02-05 18:58:23 ----D---- C:\Users\Tool Pusher\AppData\Roaming\Malwarebytes 2010-02-05 18:58:17 ----D---- C:\ProgramData\Malwarebytes 2010-02-05 18:58:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-05 13:23:12 ----D---- C:\Windows\Minidump 2010-02-05 13:08:36 ----A---- C:\Windows\system32\aswBoot.exe 2010-02-05 13:08:33 ----D---- C:\ProgramData\Alwil Software 2010-02-05 13:08:33 ----D---- C:\Program Files\Alwil Software 2010-02-03 15:15:11 ----D---- C:\Program Files\Adobe 2010-02-01 17:39:47 ----D---- C:\Users\Tool Pusher\AppData\Roaming\vlc 2010-01-27 16:56:16 ----A---- C:\Windows\system32\winlogon.exe 2010-01-27 16:56:16 ----A---- C:\Windows\explorer.exe 2010-01-22 14:06:39 ----A---- C:\Windows\system32\mshtml.dll 2010-01-22 14:06:38 ----A---- C:\Windows\system32\wininet.dll 2010-01-22 14:06:38 ----A---- C:\Windows\system32\urlmon.dll 2010-01-22 14:06:38 ----A---- C:\Windows\system32\ieframe.dll 2010-01-22 14:06:38 ----A---- C:\Windows\system32\iedkcs32.dll 2010-01-22 14:06:37 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-01-20 10:24:16 ----D---- C:\ProgramData\Office Genuine Advantage 2010-01-17 14:28:49 ----A---- C:\Windows\system32\dneinobj.dll 2010-01-17 14:28:29 ----D---- C:\Program Files\Common Files\Deterministic Networks 2010-01-17 14:28:26 ----D---- C:\Program Files\Cisco Systems 2010-01-16 12:30:00 ----A---- C:\Windows\system32\MRT.exe ======List of files/folders modified in the last 1 months====== 2010-02-14 21:18:14 ----D---- C:\Windows\Prefetch 2010-02-14 21:17:09 ----D---- C:\Windows\Temp 2010-02-14 19:51:36 ----D---- C:\Windows\System32 2010-02-14 19:51:36 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-02-14 19:46:57 ----D---- C:\Windows 2010-02-14 19:16:53 ----D---- C:\Windows\system32\config 2010-02-14 15:33:28 ----D---- C:\Windows\inf 2010-02-14 15:31:58 ----D---- C:\Users\Tool Pusher\AppData\Roaming\3DataManager 2010-02-14 13:13:00 ----D---- C:\Windows\winsxs 2010-02-14 13:11:37 ----D---- C:\Windows\system32\drivers 2010-02-14 12:54:54 ----D---- C:\Windows\debug 2010-02-14 12:54:45 ----SHD---- C:\Windows\Installer 2010-02-14 12:54:42 ----SHD---- C:\Config.Msi 2010-02-14 12:54:42 ----D---- C:\ProgramData\Microsoft Help 2010-02-14 12:53:58 ----D---- C:\Windows\system32\catroot 2010-02-14 12:53:48 ----SHD---- C:\System Volume Information 2010-02-11 20:09:36 ----D---- C:\Users\Tool Pusher\AppData\Roaming\BitTorrent 2010-02-11 19:57:53 ----D---- C:\Windows\system32\catroot2 2010-02-10 17:26:48 ----D---- C:\ProgramData\Spybot - Search & Destroy 2010-02-10 10:46:15 ----RD---- C:\Program Files 2010-02-09 11:57:18 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-02-09 11:52:51 ----HD---- C:\ProgramData 2010-02-09 11:49:46 ----D---- C:\Program Files\Common Files 2010-02-03 15:15:15 ----D---- C:\ProgramData\Adobe 2010-02-03 15:15:15 ----D---- C:\Program Files\Common Files\Adobe 2010-02-01 16:51:02 ----D---- C:\Windows\system32\Tasks 2010-02-01 16:43:16 ----SD---- C:\Users\Tool Pusher\AppData\Roaming\Microsoft 2010-01-28 03:00:34 ----D---- C:\Program Files\Internet Explorer 2010-01-26 17:28:46 ----D---- C:\Users\Tool Pusher\AppData\Roaming\PrimoPDF 2010-01-21 00:03:52 ----D---- C:\Users\Tool Pusher\AppData\Roaming\Apple Computer 2010-01-19 17:41:49 ----D---- C:\Windows\system32\zh-TW 2010-01-19 17:41:49 ----D---- C:\Windows\system32\zh-HK 2010-01-19 17:41:49 ----D---- C:\Windows\system32\tr-TR 2010-01-19 17:41:49 ----D---- C:\Windows\system32\sv-SE 2010-01-19 17:41:49 ----D---- C:\Windows\system32\pt-BR 2010-01-19 17:41:49 ----D---- C:\Windows\system32\nl-NL 2010-01-19 17:41:49 ----D---- C:\Windows\system32\nb-NO 2010-01-19 17:41:49 ----D---- C:\Windows\system32\ko-KR 2010-01-19 17:41:49 ----D---- C:\Windows\system32\it-IT 2010-01-19 17:41:49 ----D---- C:\Windows\system32\he-IL 2010-01-19 17:41:49 ----D---- C:\Windows\system32\fr-FR 2010-01-19 17:41:49 ----D---- C:\Windows\system32\fi-FI 2010-01-19 17:41:49 ----D---- C:\Windows\system32\es-ES 2010-01-19 17:41:49 ----D---- C:\Windows\system32\en-US 2010-01-19 17:41:49 ----D---- C:\Windows\system32\el-GR 2010-01-19 17:41:49 ----D---- C:\Windows\system32\de-DE 2010-01-19 17:41:49 ----D---- C:\Windows\system32\da-DK 2010-01-19 17:41:49 ----D---- C:\Windows\system32\ar-SA 2010-01-17 14:28:50 ----D---- C:\Windows\system32\DriverStore 2010-01-15 12:30:18 ----D---- C:\Windows\Logs ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-02-11 23376] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-02-11 162512] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-02-11 46672] R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256] R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480] R1 tcpipBM;Bytemobile Kernel Network Provider; C:\Windows\system32\drivers\tcpipBM.sys [2009-02-20 18816] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-02-11 19024] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-02-11 51792] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-26 281760] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2008-06-19 306299] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-26 25888] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-30 4994560] R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku; C:\Windows\system32\DRIVERS\CmBatt.sys [2009-07-14 14080] R3 CompositeBus;Busenumeratortreiber für Verbundgeräte; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232] R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-03-29 125328] R3 FwLnk;FwLnk Driver; C:\Windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-07-28 2735504] R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152] R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2009-06-24 159776] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-03-17 140288] R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-) PCI NIC-NT-Treiber; C:\Windows\system32\DRIVERS\rtl819xp.sys [2009-09-09 546304] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-08-14 203312] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 22912] R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2009-07-14 146176] R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2008-07-15 17960] R3 vwifibus;Virtueller WiFi-Bustreiber; C:\Windows\system32\DRIVERS\vwifibus.sys [2009-07-14 19968] R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672] S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328] S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728] S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736] S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952] S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312] S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176] S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832] S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 drmkaud;Microsoft Trusted Audio Drivers; C:\Windows\system32\drivers\drmkaud.sys [2009-07-14 5120] S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168] S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160] S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-13 26624] S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504] S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152] S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864] S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2009-11-09 9216] S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584] S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2009-07-14 8320] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2009-07-14 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2009-07-14 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144] S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288] S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136] S3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [] S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys [] S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624] S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072] S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys [] S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824] S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944] S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224] S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2009-11-09 104960] S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2009-11-09 104960] S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2009-11-09 104960] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-29 176128] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712] R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-06-19 1528608] R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632] R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2009-03-06 464224] R2 WTGService;WTGService; C:\Program Files\3DataManager\WTGService.exe [2009-07-20 308688] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824] S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520] S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016] S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2009-07-14 522752] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 GameConsoleService;GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [2009-02-11 242424] S3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688] S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992] -----------------EOF----------------- info info.txt logfile of random's system information tool 1.06 2010-02-14 21:21:38 ======Uninstall list====== -->"C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Blasterball 2 Revolution\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Bounce Symphony\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Chicken Invaders 3 - Revenge of the Yolk\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Dora's Carnival Adventure\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Farm Mania\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\FATE\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Jewel Quest\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Mah Jong Quest\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\My Tribe\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Mystery P.I. - The New York Fortune\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Polar Golfer\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Slingo Deluxe\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Super Granny\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Tradewinds\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\World of Goo\Uninstall.exe" -->"C:\Program Files\TOSHIBA Games\Zuma Deluxe\Uninstall.exe" 3DataManager-->C:\Program Files\3DataManager\Uninstaller.exe Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001} ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143} Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Ashampoo WinOptimizer 6.50-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\unins000.exe" avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup BitTorrent-->C:\Program Files\BitTorrent\uninst.exe Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0007 Catalyst Control Center - Branding-->MsiExec.exe /I{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0007 -removeonly Cisco Systems VPN Client 5.0.03.0560-->MsiExec.exe /X{A7091E1D-36A4-47F1-A739-173CC341414F} Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE} Free DVD Ripper Version 2.25-->"C:\Program Files\Free DVD Ripper\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B} Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE} Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE} Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE} Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2} Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} PrimoPDF -- by Nitro PDF Software-->"C:\Program Files\Nitro PDF\PrimoPDF\uninstaller.exe" QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2} Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtkUpd.exe -r -m -nrg2709 Realtek USB 2.0 Card Reader-->"C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0007 -removeonly Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0007 -removeonly Realtek WiFi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}\Install.exe -uninst -l0x7 Realtek WLAN Driver-->MsiExec.exe /X{0FB630AB-7BD8-40AE-B223-60397D57C3C9} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0007 -removeonly TOSHIBA Benutzerhandbücher-->C:\Program Files\InstallShield Installation Information\{1C971EE3-B4C4-4367-9676-57549919C6CE}\setup.exe -runfromtemp -l0x0007 -removeonly TOSHIBA ConfigFree-->MsiExec.exe /X{F3529665-D75E-4D6D-98F0-745C78C68E9B} TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0} TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0007 -ADDREMOVE -removeonly TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0407 TOSHIBA Face Recognition-->"C:\Program Files\InstallShield Installation Information\{C730E42C-935A-45BB-A0C5-37E5234D111B}\setup.exe" -runfromtemp -l0x0407 -removeonly TOSHIBA Face Recognition-->MsiExec.exe /I{C730E42C-935A-45BB-A0C5-37E5234D111B} TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0x7 Toshiba Online Product Information-->C:\Program Files\InstallShield Installation Information\{2290A680-4083-410A-ADCC-7092C67FC052}\setup.exe -runfromtemp -l0x0007 -removeonly TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF} TOSHIBA Recovery Disk Creator Reminder-->C:\Program Files\InstallShield Installation Information\{773970F1-5EBA-4474-ADEE-1EA3B0A59492}\setup.exe -runfromtemp -l0x0407 TOSHIBA Service Station-->C:\Program Files\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0007 -removeonly TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}\setup.exe" -l0x7 TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exe TRORDCLauncher-->C:\Program Files\InstallShield Installation Information\{E65C7D8E-186D-484B-BEA8-DEF0331CE600}\setup.exe -runfromtemp -l0x0407 Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331} Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1} Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF} Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30} Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96} Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1} VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe WildTangent-Spiele-->"C:\Program Files\TOSHIBA Games\Uninstall.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AS: Spybot - Search and Destroy (disabled) ======System event log====== Computer Name: ToolPusher-PC Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB974306(Update) von Aufgelöst(Resolved) in Installiert(Installed) zu ändern. Record Number: 19871 Source Name: Microsoft-Windows-Servicing Time Written: 20091021234224.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: ToolPusher-PC Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB974306(Update) von Aufgelöst(Resolved) in Installiert(Installed) zu ändern. Record Number: 19870 Source Name: Microsoft-Windows-Servicing Time Written: 20091021234224.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: ToolPusher-PC Event Code: 4371 Message: Windows-Wartung hat begonnen, den Status des Pakets KB974306(Update) von Aufgelöst(Resolved) in Installiert(Installed) zu ändern. Record Number: 19869 Source Name: Microsoft-Windows-Servicing Time Written: 20091021234224.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: ToolPusher-PC Event Code: 4386 Message: Windows-Wartung erforderte einen Neustart, um das Update 961501-20_neutral_GDR aus Paket KB961501(Security Update) in den Status Installation angefordert(Install Requested) setzen zu können. Record Number: 19868 Source Name: Microsoft-Windows-Servicing Time Written: 20091021234223.000000-000 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: ToolPusher-PC Event Code: 4376 Message: Windows-Wartung erforderte einen Neustart, um das Paket KB961501(Security Update) in den Status Installation angefordert(Install Requested) setzen zu können. Record Number: 19867 Source Name: Microsoft-Windows-Servicing Time Written: 20091021234223.000000-000 Event Type: Warnung User: NT-AUTORITÄT\SYSTEM =====Application event log===== Computer Name: WIN-O437IMHCHSR Event Code: 8225 Message: Der VSS-Dienst wird aufgrund eines Ereignisses vom Dienststeuerungs-Manager heruntergefahren. Record Number: 877 Source Name: VSS Time Written: 20090824004847.000000-000 Event Type: Informationen User: Computer Name: WIN-O437IMHCHSR Event Code: 9009 Message: Der Desktopfenster-Manager wurde mit dem Code (0xc00002fe) abgebrochen. Record Number: 876 Source Name: Desktop Window Manager Time Written: 20090824004847.000000-000 Event Type: Informationen User: Computer Name: WIN-O437IMHCHSR Event Code: 0 Message: Der Dienst wurde erfolgreich heruntergefahren. Record Number: 875 Source Name: TemproMonitoringService Time Written: 20090824004847.000000-000 Event Type: Informationen User: Computer Name: WIN-O437IMHCHSR Event Code: 103 Message: Windows (1504) Windows: Das Datenbankmodul hat die Instanz (0) beendet. Record Number: 874 Source Name: ESENT Time Written: 20090824004827.000000-000 Event Type: Informationen User: Computer Name: WIN-O437IMHCHSR Event Code: 1013 Message: Windows Search wurde normal beendet. Record Number: 873 Source Name: Microsoft-Windows-Search Time Written: 20090824004827.000000-000 Event Type: Informationen User: =====Security event log===== Computer Name: ToolPusher-PC Event Code: 4647 Message: Benutzerinitiierte Abmeldung: Antragsteller: Sicherheits-ID: S-1-5-21-2669769244-1158439611-1926919515-500 Kontoname: Administrator Kontodomäne: WIN-O437IMHCHSR Anmelde-ID: 0x2625d Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird. Es kann keine weitere benutzerinitiierte Aktivität erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden. Record Number: 1063 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090824004848.531800-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-O437IMHCHSR Event Code: 4634 Message: Ein Konto wurde abgemeldet. Antragsteller: Sicherheits-ID: S-1-5-7 Kontoname: ANONYMOUS-ANMELDUNG Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x1c03a Anmeldetyp: 3 Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur zwischen Neustarts auf demselben Computer eindeutig. Record Number: 1062 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090824004847.486600-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-O437IMHCHSR Event Code: 4616 Message: Die Systemzeit wurde geändert. Antragsteller: Sicherheits-ID: S-1-5-19 Kontoname: LOKALER DIENST Kontodomäne: NT-AUTORITÄT Anmelde-ID: 0x3e5 Prozessinformationen: Prozess-ID: 0x540 Name: C:\Windows\System32\svchost.exe Vorherige Zeit: 02:48:47 24.08.2009 Neue Zeit: 02:48:47 24.08.2009 Dieses Ereignis wird generiert, wenn die Systemzeit geändert wird. Es ist normal, dass der mit Systemberechtigung ausgeführte Windows-Zeitdienst die Systemzeit regelmäßig ändert. Andere Änderungen der Systemzeit können darauf hinweisen, dass der Computer manipuliert wird. Record Number: 1061 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090824004847.159000-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-O437IMHCHSR Event Code: 1100 Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren. Record Number: 1060 Source Name: Microsoft-Windows-Eventlog Time Written: 20090824004847.439800-000 Event Type: Überwachung erfolgreich User: Computer Name: WIN-O437IMHCHSR Event Code: 1102 Message: Das Überwachungsprotokoll wurde gelöscht. Subjekt: Sicherheits-ID: S-1-5-21-2669769244-1158439611-1926919515-500 Kontoname: Administrator Domänenname: WIN-O437IMHCHSR Anmelde-ID: 0x2625d Record Number: 1059 Source Name: Microsoft-Windows-Eventlog Time Written: 20090824004818.049724-000 Event Type: Überwachung erfolgreich User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "DFSTRACINGON"=FALSE "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat -----------------EOF----------------- und hier das malware ergebnis Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3694 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 14.02.2010 21:18:04 mbam-log-2010-02-14 (21-18-04).txt Scan-Methode: Vollständiger Scan (C:\|E:\|) Durchsuchte Objekte: 209543 Laufzeit: 1 hour(s), 26 minute(s), 17 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
14.02.2010, 21:56
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit malware-gen Log sehen ok aus. Zitat:
Kommst Du irgendwie noch an die von avast angemeckerte Datei ran? Qurantäne? Wenn ja bitte wiederherstellen und bei Virustotal.com auswerten lassen, Ergebnislink posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.02.2010, 22:31
| #8 |
| | Infizierung mit malware-gen hallo, virus total spuckte den folgenden link aus: http://www.virustotal.com/de/analisis/f72add7e2362eb38831d55a5302b9f876363558623b301176dd48321103fdf25-1265651466 maleware log folgt danke |
|
15.02.2010, 14:19
| #9 |
| | Infizierung mit malware-gen so, jetzt hab ich die neueste version (3741) von Malwarebytes rüberlaufen lassen und das ist das ergebnis dazu: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3741 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.02.2010 14:15:02 mbam-log-2010-02-15 (14-14-59).txt Scan-Methode: Vollständiger Scan (C:\|E:\|) Durchsuchte Objekte: 211553 Laufzeit: 29 minute(s), 9 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\eclr.tmp\svchost.exe (Trojan.Dropper) -> No action taken. C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\hyus.tmp\svchost.exe (Trojan.Dropper) -> No action taken. |
|
15.02.2010, 22:49
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit malware-gen Hast Du die Funde entfernt? Da steht no action taken...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2010, 16:52
| #11 |
| | Infizierung mit malware-gen hallo, hab den scan nochmal gemacht und die 2 datein gelöscht, siehe log. noch eine frage, kann es sein, dass wen Malwarebytes scannt und ich gleichzeitig im internet bin, mein pc auf grund dessen abschmiert (bluescreen)?! danke im voraus lg tool Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3741 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 16.02.2010 15:46:39 mbam-log-2010-02-16 (15-46-39).txt Scan-Methode: Vollständiger Scan (C:\|E:\|) Durchsuchte Objekte: 211985 Laufzeit: 1 hour(s), 42 minute(s), 54 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\hyus.tmp\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\eclr.tmp\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully. |
|
16.02.2010, 17:05
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit malware-genZitat:
Probier danach mal ein Log mit CF zu erstellen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2010, 21:35
| #13 |
| | Infizierung mit malware-gen hallo, so ich habe alles gemacht wie du gesagt hast und hier ist das log von combofix ComboFix 10-02-12.01 - Tool Pusher 16.02.2010 21:20:22.4.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.3070.2236 [GMT 1:00] ausgeführt von:: c:\users\Tool Pusher\Desktop\cofi.exe SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . Infizierte Kopie von c:\windows\system32\DRIVERS\iaStor.sys wurde gefunden und desinfiziert Kopie von - Kitty ate it  wurde wiederhergestellt . ((((((((((((((((((((((( Dateien erstellt von 2010-01-16 bis 2010-02-16 )))))))))))))))))))))))))))))) . 2010-02-16 20:26 . 2010-02-16 20:28 -------- d-----w- c:\users\Tool Pusher\AppData\Local\temp 2010-02-16 20:26 . 2010-02-16 20:26 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-02-16 20:26 . 2010-02-16 20:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-02-16 19:40 . 2010-02-16 19:55 -------- d-----w- C:\cofi 2010-02-15 09:43 . 2010-02-15 09:43 -------- d-----w- c:\program files\iPod 2010-02-15 09:43 . 2010-02-15 09:44 -------- d-----w- c:\program files\iTunes 2010-02-15 09:29 . 2010-02-15 09:29 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-10 09:46 . 2010-02-14 20:21 -------- d-----w- C:\rsit 2010-02-10 09:46 . 2010-02-14 20:21 -------- d-----w- c:\program files\trend micro 2010-02-09 12:47 . 2010-02-09 12:47 -------- d-----w- c:\program files\CCleaner 2010-02-09 10:55 . 2010-02-09 13:34 52224 ----a-w- c:\users\Tool Pusher\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-02-09 10:55 . 2010-02-09 13:34 117760 ----a-w- c:\users\Tool Pusher\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-02-09 10:52 . 2010-02-09 10:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-02-09 10:51 . 2010-02-09 10:51 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-02-09 10:51 . 2010-02-09 10:51 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\SUPERAntiSpyware.com 2010-02-09 10:49 . 2010-02-09 10:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-09 10:06 . 2010-02-09 10:06 727360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\Malwarebytes 2010-02-05 17:58 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-05 17:58 . 2010-02-05 17:58 -------- d-----w- c:\programdata\Malwarebytes 2010-02-05 17:58 . 2010-02-15 09:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-02-05 17:58 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-05 12:09 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-02-05 12:09 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-02-05 12:09 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-02-05 12:09 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-02-05 12:09 . 2010-02-11 18:38 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2010-02-05 12:08 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr 2010-02-05 12:08 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe 2010-02-05 12:08 . 2010-02-05 12:08 -------- d-----w- c:\programdata\Alwil Software 2010-02-05 12:08 . 2010-02-05 12:08 -------- d-----w- c:\program files\Alwil Software 2010-02-02 09:57 . 2010-02-10 09:43 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2010-02-01 16:39 . 2010-02-15 18:54 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\vlc 2010-02-01 15:45 . 2010-02-15 09:03 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2010-02-01 15:44 . 2010-02-15 09:03 727360 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-01-31 20:26 . 2010-01-31 20:26 -------- d-----w- c:\users\Tool Pusher\.jagex_cache_32 2010-01-29 16:14 . 2010-01-29 16:14 -------- d-----w- c:\users\Tool Pusher\AppData\Local\Diagnostics 2010-01-27 15:56 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe 2010-01-27 15:56 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe 2010-01-22 13:06 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll 2010-01-20 09:24 . 2010-01-20 09:24 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-01-20 09:24 . 2010-01-20 09:24 -------- d-----w- c:\users\Tool Pusher\Office Genuine Advantage . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-16 20:26 . 2009-07-14 08:47 240294 ----a-w- c:\windows\system32\perfc007.dat 2010-02-16 20:26 . 2009-07-14 08:47 1009166 ----a-w- c:\windows\system32\perfh007.dat 2010-02-16 20:15 . 2009-11-25 21:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2010-02-16 15:56 . 2009-10-21 19:56 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\BitTorrent 2010-02-15 09:43 . 2009-12-06 17:16 -------- d-----w- c:\program files\Common Files\Apple 2010-02-15 09:18 . 2009-10-21 20:18 69 ----a-w- c:\users\Tool Pusher\jagex_runescape_preferences.dat 2010-02-15 09:15 . 2009-10-21 20:20 69 ----a-w- c:\users\Tool Pusher\jagex_runescape_preferences2.dat 2010-02-14 14:31 . 2009-11-09 12:10 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\3DataManager 2010-02-14 11:54 . 2009-06-24 11:09 -------- d-----w- c:\programdata\Microsoft Help 2010-02-09 10:57 . 2009-11-25 21:11 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-09 01:11 . 2009-12-19 23:29 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-02-03 14:15 . 2009-06-24 10:47 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-26 16:28 . 2009-12-26 14:18 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\PrimoPDF 2010-01-20 23:03 . 2009-12-06 17:20 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\Apple Computer 2010-01-18 23:29 . 2010-02-11 08:39 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-18 23:29 . 2010-02-11 08:39 85504 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-18 23:29 . 2010-02-11 08:39 365568 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-18 23:29 . 2010-02-11 08:39 369152 ----a-w- c:\windows\system32\secproc.dll 2010-01-18 23:28 . 2010-02-11 08:39 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-18 23:28 . 2010-02-11 08:39 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-18 23:28 . 2010-02-11 08:39 320512 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-18 23:28 . 2010-02-11 08:39 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-17 14:25 . 2009-12-06 13:22 1670624 ----a-w- c:\programdata\WildTangent\TOSHIBA Game Console\Downloads\de\Installers\SetupGamesClient.exe 2010-01-17 13:28 . 2010-01-17 13:28 -------- d-----w- c:\program files\Common Files\Deterministic Networks 2010-01-17 13:28 . 2010-01-17 13:28 -------- d-----w- c:\program files\Cisco Systems 2010-01-13 18:17 . 2009-10-29 14:27 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\dvdcss 2010-01-08 21:23 . 2010-01-08 21:23 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2010-01-08 03:18 . 2010-02-11 08:39 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-01-08 03:17 . 2010-02-11 08:39 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-26 14:16 . 2009-12-26 14:16 -------- d-----w- c:\program files\Nitro PDF 2009-12-23 16:13 . 2009-12-23 16:13 -------- d-----w- c:\program files\Microsoft 2009-12-23 16:13 . 2009-12-23 16:13 -------- d-----w- c:\program files\Windows Live 2009-12-23 16:13 . 2009-12-23 16:13 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-12-23 16:09 . 2009-12-23 16:09 -------- d-----w- c:\program files\Common Files\Windows Live 2009-12-20 10:42 . 2009-12-20 10:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-19 23:33 . 2009-06-24 10:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-19 23:31 . 2009-12-19 23:31 -------- d-----w- c:\program files\Realtek WLAN Driver 2009-12-19 23:30 . 2009-12-19 21:59 -------- d-----w- c:\program files\Realtek 2009-12-19 23:28 . 2009-12-19 23:28 -------- d-----w- c:\programdata\ATI 2009-12-19 23:28 . 2009-08-24 00:21 -------- d-----w- c:\program files\ATI Technologies 2009-12-19 23:26 . 2009-12-19 23:26 10134 ----a-r- c:\users\Tool Pusher\AppData\Roaming\Microsoft\Installer\{E25FA4E1-678F-414F-9777-1E3FDBBDA4D1}\ARPPRODUCTICON.exe 2009-12-19 22:53 . 2009-12-19 22:53 -------- d-----w- c:\program files\Common Files\Toshiba Shared 2009-12-19 22:53 . 2009-08-24 00:40 -------- d-----w- c:\programdata\Toshiba 2009-12-19 22:53 . 2009-06-24 10:41 -------- d-----w- c:\program files\TOSHIBA 2009-12-19 22:52 . 2009-12-19 22:52 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\InstallShield 2009-12-19 22:46 . 2009-12-19 22:46 110816 ----a-w- c:\users\Tool Pusher\AppData\Local\GDIPFONTCACHEV1.DAT 2009-12-19 22:40 . 2009-12-19 22:40 -------- d-sh--we c:\programdata\Vorlagen 2009-12-19 22:40 . 2009-12-19 22:40 -------- d-sh--we c:\programdata\Startmenü 2009-12-19 22:40 . 2009-12-19 22:40 -------- d-sh--we c:\programdata\Favoriten 2009-12-19 22:40 . 2009-12-19 22:40 -------- d-sh--we c:\programdata\Dokumente 2009-12-19 22:40 . 2009-12-19 22:40 -------- d-sh--we c:\programdata\Anwendungsdaten 2009-12-19 22:40 . 2009-12-19 22:40 -------- d-sh--we c:\program files\Gemeinsame Dateien 2009-12-19 22:22 . 2009-12-19 22:22 21532 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-19 22:17 . 2009-12-19 18:45 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\WinBatch 2009-12-19 22:17 . 2009-10-22 08:22 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\WildTangent 2009-12-19 22:17 . 2009-11-05 18:24 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\TOSHIBA 2009-12-19 22:17 . 2009-10-25 11:38 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\Ubisoft 2009-12-19 22:17 . 2009-10-21 19:48 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\TuneUp Software 2009-12-19 22:17 . 2009-10-21 17:59 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\Program Files 2009-12-19 22:17 . 2009-10-21 17:39 -------- d-----w- c:\users\Tool Pusher\AppData\Roaming\ATI 2009-12-19 22:08 . 2009-12-06 17:19 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-12-19 22:08 . 2009-10-21 19:47 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-12-19 22:08 . 2009-06-24 11:13 -------- d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} 2009-12-19 22:05 . 2009-12-06 17:18 -------- d-----w- c:\program files\QuickTime 2009-12-19 22:05 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild 2009-12-19 22:05 . 2009-10-22 17:31 -------- d-----w- c:\program files\Microsoft.NET 2009-12-19 22:05 . 2009-10-22 17:29 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-12-19 22:05 . 2009-06-24 11:11 -------- d-----w- c:\program files\Microsoft Works 2009-12-19 22:04 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games 2009-12-19 22:04 . 2009-06-24 10:42 -------- d-----w- c:\program files\Java 2009-12-19 22:03 . 2009-06-24 10:27 -------- d-----w- c:\program files\Intel 2009-12-19 22:03 . 2009-10-29 14:32 -------- d-----w- c:\program files\Free DVD Ripper 2009-12-19 22:03 . 2009-10-22 17:22 -------- d-----w- c:\program files\DAEMON Tools 2009-12-19 22:03 . 2009-06-24 11:02 -------- d-----w- c:\program files\eBay 2009-12-19 22:03 . 2009-06-24 10:58 -------- d-----w- c:\program files\Google 2009-12-19 22:03 . 2009-06-24 10:40 -------- d-----w- c:\program files\Common Files\InstallShield 2009-12-19 22:03 . 2009-08-24 00:44 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba 2009-12-19 22:03 . 2009-12-06 17:19 -------- d-----w- c:\program files\Bonjour 2009-12-19 22:03 . 2009-10-21 19:54 -------- d-----w- c:\program files\BitTorrent 2009-12-19 22:03 . 2009-08-24 00:21 -------- d-----w- c:\program files\ATI 2009-12-19 22:02 . 2009-12-06 17:18 -------- d-----w- c:\program files\Apple Software Update 2009-12-19 22:02 . 2009-11-30 18:23 -------- d-----w- c:\program files\Ashampoo 2009-12-19 22:02 . 2009-06-24 11:02 -------- d-----w- c:\program files\Amazon 2009-12-19 22:02 . 2009-06-24 11:13 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites 2009-12-19 22:02 . 2009-11-09 12:06 -------- d-----w- c:\program files\3DataManager 2009-12-19 22:02 . 2009-11-09 12:08 -------- d-----w- c:\program files\3-addons 2009-12-19 21:59 . 2009-12-19 21:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf 2009-12-19 21:59 . 2009-12-19 21:59 0 ----a-w- c:\windows\ativpsrm.bin 2009-12-19 21:59 . 2009-12-19 21:59 -------- d-----w- c:\program files\Synaptics 2009-12-19 18:49 . 2009-08-24 00:32 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-12-19 09:02 . 2010-02-11 08:39 12288 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-19 09:02 . 2010-02-11 08:39 1328640 ----a-w- c:\windows\system32\quartz.dll 2009-12-19 09:02 . 2010-02-11 08:39 22016 ----a-w- c:\windows\system32\msyuv.dll 2009-12-19 09:02 . 2010-02-11 08:39 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-19 09:02 . 2010-02-11 08:39 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-19 09:02 . 2010-02-11 08:39 84480 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-19 09:02 . 2010-02-11 08:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-19 09:02 . 2010-02-11 08:39 91648 ----a-w- c:\windows\system32\avifil32.dll 2009-12-08 08:05 . 2010-02-11 08:39 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-08 08:05 . 2010-02-11 08:39 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608] " Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2010-1-17 6144] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun R1 aswSP;aswSP;c:\windows\System32\drivers\aswSP.sys [05.02.2010 13:09 162512] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [24.08.2009 01:43 25896] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14.07.2009 00:52 48128] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [20.12.2009 00:26 176128] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [05.02.2010 13:09 19024] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [05.02.2010 13:09 51792] R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [10.08.2009 19:55 185712] R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [10.03.2009 18:51 46448] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [25.11.2009 22:11 1153368] R2 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [24.08.2009 01:40 62776] R2 WTGService;WTGService;c:\program files\3DataManager\WTGService.exe [09.11.2009 13:06 308688] R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [20.12.2009 00:33 7680] R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-) PCI NIC-NT-Treiber;c:\windows\System32\drivers\rtl819xp.sys [20.12.2009 00:31 546304] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [25.08.2008 08:58 77824] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [22.10.2009 18:11 682232] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [29.10.2009 15:32 84832] S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [30.11.2009 19:23 406016] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\System32\drivers\massfilter.sys [09.11.2009 13:06 9216] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - avgntflt . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.ask.com?o=14978&l=dis uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home FF - ProfilePath - c:\users\Tool Pusher\AppData\Roaming\Mozilla\Firefox\Profiles\bnhy5ska.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://studmail.unileoben.ac.at/|https://online.unileoben.ac.at/mu_online/webnav.ini|http://orf.at/#|http://www.bloomberg.com/markets/commodities/energyprices.html FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - Entfernte verwaiste Registrierungseinträge - - - - SafeBoot-dmboot.sys SafeBoot-dmio.sys SafeBoot-dmload.sys SafeBoot-dmadmin SafeBoot-dmserver SafeBoot-SRService . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Alwil Software\Avast5\AvastUI.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\iPod\bin\iPodService.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\system32\sppsvc.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Zeit der Fertigstellung: 2010-02-16 21:32:03 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-02-16 20:32 ComboFix2.txt 2010-02-16 19:55 Vor Suchlauf: 15 Verzeichnis(se), 97.848.020.992 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 97.548.320.768 Bytes frei - - End Of File - - A24D44499802615001FAD9E7768C50EA |
|
16.02.2010, 21:54
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierung mit malware-genZitat:
Aber CF hat das Rootkit durch Zurückkopieren einer sauberen Datei erledigt Mach bitte noch einen Kontrollscan, öffne Malwarebytes, aktualisiere das Programm, starte einen Vollscan und lass alle etwaigen Funde entfernen. Anschließend wieder das Logfile posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.02.2010, 23:33
| #15 |
| | Infizierung mit malware-gen hallo, hier das log von malware. danke mfg tool Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3747 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 16.02.2010 23:30:59 mbam-log-2010-02-16 (23-30-58).txt Scan-Methode: Vollständiger Scan (C:\|E:\|) Durchsuchte Objekte: 213373 Laufzeit: 1 hour(s), 26 minute(s), 51 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
| Themen zu Infizierung mit malware-gen |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, antivirus, avast, avast!, bho, browser, desktop, ebay, firefox, gservice, hijack, hijackthis, home premium, homepage, installation, internet, lanmanworkstation, local\temp, mozilla, notepad.exe, object, plug-in, policyagent, programdata, programm, realtek, registrierungsschlüssel, registry, safer networking, saver, security, senden, software, start menu, superantispyware, system, temp, trustedinstaller, windows, windows 7 home, windows 7 home premium, wlansvc, wrapper, wscript.exe |
Linear-Darstellung
