| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.08.2010, 00:15
| #1 |
 |  Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Hallo Leute, vorgestern habe ich mir auf vermeintlich sicheren Webseiten den Antimalware Doctor eingefangen (und Adware.BHO sowie Malware.Packer.Gen, wenn die nicht ohnedies alle zusammengehören). Mein Avira hat sofort angeschlagen - hier einige Einträge aus dem Log: In der Datei 'E:\Users\Martin\AppData\Local\Temp\xeormacswn.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Agent.AO.3446' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'E:\Users\Martin\AppData\Local\Temp\owsnrmexac.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'E:\Users\Martin\AppData\Local\Temp\arwcmsonxe.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'E:\Users\Martin\AppData\Local\Temp\caxmewrson.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Datei in Quarantäne verschieben In der Datei 'E:\Users\Martin\AppData\Local\Temp\socranxmew.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Agent.AO.3446' [trojan] gefunden. Ausgeführte Aktion: Datei in Quarantäne verschieben In der Datei 'E:\Users\Martin\AppData\Local\Temp\nwxosaecmr.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern ... ich hör mal lieber auf. Hat ausgesehen, wie bei einem Gewitter. Habe alles in stoppen bzw. in Qarantäne schieben lassen, hatte aber im Endeffekt dennoch den Antimalware Doctor am Schirm :-(. Alles abgebrochen, bei den Warnungen der FireWall immer abgelehnt. Dann habe ich Eure tolle Anleitung - großes Kompliment!!!! - gefunden mit folgendem Ergebnis: 1) rkill läuft bei mir nicht - bekomme zwar das DOS Fenster, aber dann auch ein Dialogfenster mit: Suche Dienst für pev.rkexe starten....?!? 2) Erster Durchgang mit mbam.exe nur Adware.BHO sowie Malware.Packer.Gen gefunden und entfernt. Neustart, Antimalware Doctor meldet sich, beim 2.Dg mit mbam.exe ausradiert - yessss! Koomplette Systemprüfung mit mbam.exe attestiert weiße Weste. Einziges offensichtliches Problem ist beim Starten win Win-Fehlermeldung "Windows Explorer funktioniert nicht mehr". Außerdem brauchts ewig, bis der Desktop endlich fertig da ist samt Sidebar. 3) CCleaner ist auch schon drübergelaufen Ich poste als nächstes mein mbam log und die RSIT Log files. Ich hoffe Ihr könnt mir helfen, sonst bin ich wieder einmal aufgschmissn. Vielen Dank schon einmal!!!!!! Eine Bitte noch: Könnt Ihr mir nen Tipp geben, was ich tun kann um ähnliche unliebsame Events zukünftig zu vermeiden? Dachte ich hätte automat. WindowsUpdates abonniert und das würde im Hintergrund laufen. Scheinbar aber doch nicht... Und das AntivirenProgramm alleine scheint auch nicht der Weisheit letzter Schluß zu sein..... ================================================ Jetzt die Logs: Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4503 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 30.08.2010 20:10:43 mbam-log-2010-08-30 (20-10-43).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 271309 Time elapsed: 54 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ============================ RSIT Logs habe ich attached Nochmals vielen Dank, Martin |
|
31.08.2010, 08:56
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
31.08.2010, 21:14
| #3 |
| | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Hallo Arne,
__________________danke erst einmal für die Antwort! Anbei die OTL Logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.08.2010 21:56:55 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = E:\Users\Martin\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50,00 Gb Total Space | 19,75 Gb Free Space | 39,49% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 12,13 Gb Free Space | 60,64% Space Free | Partition Type: NTFS Drive E: | 161,88 Gb Total Space | 40,28 Gb Free Space | 24,88% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 30,33 Mb Total Space | 30,33 Mb Free Space | 99,99% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MARTIN-LGNOTEBK Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - D:\Ad-Aware\aawservice.exe (Lavasoft) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - D:\Spybot\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\LG Software\System Control Manager\MGSysCtrl.exe (MSI) PRC - C:\Programme\lg_swupdate\pnp.exe (BIT LEADER) PRC - C:\Programme\lg_swupdate\GiljabiStart.exe (BIT LEADER) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\LG Software\System Control Manager\edd.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation) PRC - C:\Programme\O2Micro Oz128 Driver\o2flash.exe (O2Micro International) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Modules (SafeList) ========== MOD - E:\Users\Martin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (aawservice) -- D:\Ad-Aware\aawservice.exe (Lavasoft) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (SBSDWSCService) -- D:\Spybot\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (NishService) -- C:\Programme\LG Software\System Control Manager\edd.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTMON.EXE (Intel Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (o2flash) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe (O2Micro International) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (iPodDrv) -- C:\Windows\System32\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (ScanUSBET) -- C:\Windows\System32\drivers\etScan.sys (eMPIA Technology, Inc.) DRV - (DCamUSBET) -- C:\Windows\System32\drivers\etDevice.sys (eMPIA Technology, Inc.) DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation) DRV - (FiltUSBET) -- C:\Windows\System32\drivers\etFilter.sys (eMPIA Technology Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro ) DRV - (O2SDRDR) -- C:\Windows\system32\DRIVERS\o2sd.sys (O2Micro ) DRV - (nmwcd) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia) DRV - (nmwcdcm) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia) DRV - (nmwcdcj) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: D:\Mozilla Firefox\components [2010.07.31 19:23:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: D:\Mozilla Firefox\plugins [2010.07.31 19:23:31 | 000,000,000 | ---D | M] [2008.03.20 01:35:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\pxi96goz.default\extensions O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Programme\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation) O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4 - HKLM..\Run: [LG Intelligent Update] C:\Program Files\lg_swupdate\giljabistart.exe (BIT LEADER) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\LG Software\System Control Manager\MGSysCtrl.exe (MSI) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [doubleTwist] C:\Programme\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe (doubleTwist Corporation) O4 - HKCU..\Run: [EPSON Stylus DX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Spybot\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [VisualTaskTips] D:\VisualTaskTips\VisualTaskTips.exe (VisualTaskTips.com) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [BrowserBallot] C:\Windows\System32\browserchoice.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Microsoft Office 2000\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img21.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img21.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.31 00:05:03 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.31 00:05:03 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.29 22:33:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2010.08.29 22:33:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.29 22:33:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.29 22:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.14 21:01:10 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.14 21:01:07 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.08.14 21:01:05 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.14 21:01:05 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.08.14 21:01:04 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.14 21:01:04 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.14 21:01:04 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.08.14 21:01:04 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.14 21:01:04 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.14 21:01:04 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.08.14 21:01:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.14 21:00:52 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.14 21:00:51 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.14 21:00:48 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.14 21:00:48 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.07 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\doubleTwist [2010.08.07 10:16:36 | 000,000,000 | ---D | C] -- C:\Programme\doubleTwist 2.0 ========== Files - Modified Within 30 Days ========== [2010.08.31 21:55:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A4DF0C8F-666D-4417-ABA7-541981A33AD6}.job [2010.08.31 21:53:15 | 002,621,440 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT [2010.08.31 21:32:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.31 17:03:05 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.31 17:03:05 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.31 11:22:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.08.31 11:05:05 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{54AF5D3C-E5C6-457D-9966-A907CBB10854}.job [2010.08.31 11:03:54 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.08.31 11:03:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.08.31 00:05:00 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{ecb78006-ca36-11dd-9044-001d924b5d74}.TMContainer00000000000000000001.regtrans-ms [2010.08.31 00:05:00 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{ecb78006-ca36-11dd-9044-001d924b5d74}.TM.blf [2010.08.30 23:52:51 | 001,474,114 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.30 23:52:51 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.30 23:52:51 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.30 23:52:51 | 000,131,024 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.30 23:52:51 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.30 22:37:22 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F3F8E361-1F43-473F-9B47-1546235CD529}.job [2010.08.30 19:04:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.30 19:04:33 | 2146,734,080 | -HS- | M] () -- C:\hiberfil.sys [2010.08.30 01:20:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.29 23:48:57 | 000,000,504 | ---- | M] () -- C:\Users\Admin\Desktop\CCleaner.lnk [2010.08.27 17:14:59 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.08.15 03:23:01 | 000,249,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2010.08.29 23:48:57 | 000,000,504 | ---- | C] () -- C:\Users\Admin\Desktop\CCleaner.lnk [2010.04.05 15:59:59 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2009.12.29 00:57:05 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2009.12.29 00:53:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.11.13 00:34:45 | 000,000,093 | ---- | C] () -- C:\Users\Admin\AppData\Local\fusioncache.dat [2009.10.31 18:00:30 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2009.10.31 18:00:30 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2009.10.31 18:00:30 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2009.08.27 07:18:01 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2009.08.27 07:18:01 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2008.07.04 00:21:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.05.31 13:06:00 | 000,000,076 | ---- | C] () -- C:\Windows\Setup Wizard.INI [2008.05.31 01:41:57 | 000,000,076 | ---- | C] () -- C:\Windows\AssistantWizard.INI [2008.05.31 00:01:24 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.05.30 23:55:49 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini [2008.03.22 14:02:15 | 000,027,335 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.001 [2008.03.22 13:56:46 | 000,027,335 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\nvModes.dat [2008.03.22 13:45:30 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.03.20 01:28:56 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.12.31 15:48:17 | 000,006,144 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.31 14:03:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll [2007.12.31 14:03:51 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll [2007.12.31 14:03:51 | 000,024,576 | ---- | C] () -- C:\Windows\System32\MGPwrShm.dll [2007.12.31 14:01:33 | 000,167,936 | R--- | C] () -- C:\Windows\System32\nvccoin.dll [2007.12.31 13:59:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.12.31 13:45:08 | 000,003,349 | ---- | C] () -- C:\Windows\lg_up.ini [2007.12.31 13:44:18 | 000,000,897 | ---- | C] () -- C:\Windows\lgcenter.ini [2007.12.31 13:42:58 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [1999.01.23 02:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.08.2010 21:56:55 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = E:\Users\Martin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,00 Gb Total Space | 19,75 Gb Free Space | 39,49% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,13 Gb Free Space | 60,64% Space Free | Partition Type: NTFS
Drive E: | 161,88 Gb Total Space | 40,28 Gb Free Space | 24,88% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 30,33 Mb Total Space | 30,33 Mb Free Space | 99,99% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MARTIN-LGNOTEBK
Current User Name: Admin
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Microsoft Office 2000\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office 2000\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- D:\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{67478EB7-651E-4FC2-A83C-D3F979B4CC0B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{862DD6B0-1FAF-4472-8BDC-9F90E0B4A1A0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8FB9BD82-5748-4008-99D2-381E27FBA639}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97F10D3E-36FD-45C2-9A66-633E6053963E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA9C4FA4-D183-4E7F-A5A8-52CB9843AB0A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{C4941104-B77A-4FAB-90DF-5122A4AC2E58}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021C9C88-ECF3-412F-AAF4-F9CF4689EAD4}" = protocol=6 | dir=in | app=d:\samsung\samsung new pc studio\npsasvr.exe |
"{049D7981-66FA-4810-BEBA-168DDDB16231}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0C373294-FE9E-4E2E-9AB0-97DEEA16EFE6}" = protocol=17 | dir=in | app=d:\itunes\itunes.exe |
"{10050150-8002-4E3B-9D4F-FCCD6A3A05C3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{10390E0E-9C2D-4CC6-822E-671963F19BA6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15CA099D-449C-47F4-8BFE-297B8AA36DD1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{259519A0-AF31-4A93-B97E-82BDB3FF19E0}" = protocol=6 | dir=in | app=d:\samsung\samsung new pc studio\npsvsvr.exe |
"{35395468-90E0-4CEE-927E-693F5EF802F0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{406AD77D-AB60-493A-891E-AECADE0676D8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{439BC0DC-D646-4CA4-8E17-90CC270DBFEF}" = protocol=6 | dir=in | app=c:\windows\temp\aoninstaller.exe |
"{551ECF0C-3B33-47BD-83C7-7863771A51A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5923E3F9-C8FC-4DBE-A5BA-DAEF66929EE7}" = protocol=17 | dir=in | app=d:\itunes\itunes.exe |
"{600CC63D-9FDC-4A8E-B627-3D16B32A79FB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6181D23D-2175-465C-AA90-D34941880947}" = protocol=17 | dir=in | app=f:\utility\utility\winnt_xp\setup wizard.exe |
"{66DECE68-441F-4ACC-ABD0-4D6A7764E310}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6F533BC2-8A64-4998-8E38-F03F522B7268}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7FB96C56-0F06-44F0-897E-54CB691732A0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8E8F6550-BE58-4304-97DB-E3A465E869B4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{97947ED9-3E7C-49A4-A144-EDE1A389A278}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{986DE313-1333-4561-886C-892C3FE4DB32}" = protocol=6 | dir=in | app=d:\itunes\itunes.exe |
"{98770551-6001-4CC7-8094-D7573E02DC1D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A1B1B08C-ECC2-41F9-8AD6-C1F98B80F9AD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A9E27A17-7EA7-4710-B4F8-42DB5F7A6BA1}" = protocol=17 | dir=in | app=d:\samsung\samsung new pc studio\npsasvr.exe |
"{B6A15FB8-062C-4780-B070-8FF2B4F287D7}" = protocol=17 | dir=in | app=d:\samsung\samsung new pc studio\npsvsvr.exe |
"{DE335A69-13FA-457A-B1E1-D19BFD3C7147}" = protocol=6 | dir=in | app=f:\utility\utility\winnt_xp\setup wizard.exe |
"{E48D6D39-C3FF-4599-970D-C51CD65DD4B0}" = protocol=6 | dir=in | app=d:\itunes\itunes.exe |
"{E94E247B-F767-4C6B-943D-784700336501}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE33A1BA-AF90-4FA1-9FC9-7FBCAD643967}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FAB8F652-24D6-47A4-B09F-750DE653AC4A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FF9BAB2C-AA60-4A6D-AE51-295DE955C318}" = protocol=17 | dir=in | app=c:\windows\temp\aoninstaller.exe |
"TCP Query User{0BFD8214-9E82-44D9-8B7F-891DF01C217F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7C2B6E6B-DBF2-4A96-B23E-32A25C270E7A}D:\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=d:\mozilla firefox\firefox.exe |
"TCP Query User{7F9814F4-9327-4429-B65D-1D2676429F07}D:\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=d:\bittornado\btdownloadgui.exe |
"TCP Query User{C73A143F-A30E-43D5-9B37-4B62AAB750A5}C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{F73AB759-5AA5-48FF-9CE0-371BC45B1575}C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{731BD597-F146-4013-A3E2-31C17E319783}C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{758B2BBB-BDA9-4D95-A476-2F09EA32B18D}C:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave ltd\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{76AD66D1-F54B-4537-94A7-81E9ED1F60D0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{77965E39-88EF-4DE6-A82A-B834C8DAC52A}D:\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=d:\mozilla firefox\firefox.exe |
"UDP Query User{F6FDDC48-D6F3-4FFD-BCDB-DBE065B53BB7}D:\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=d:\bittornado\btdownloadgui.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{46181E57-7362-4FCC-A30E-6E31429E160F}_is1" = NaviComputer V0.94
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory und Intel® Matrix Storage Manager
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9455E8B0-4D73-4A9D-BFA3-D2C213BFD28F}" = LG Smart Cam
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3DE6A9E-1FD0-4208-92F4-EC9004E34774}" = Sonic Foundry Sound Forge 6.0e
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD99CBBE-EE80-47E9-94E9-3139C26BAABD}" = Wings Platinum 4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"artido-Foto Fun collection" = artido-Foto Fun collection
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTornado" = BitTornado 0.3.17
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"Digitale Bibliothek 2.80" = Digitale Bibliothek 2.80
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"doubleTwist" = doubleTwist
"DPP" = Canon Utilities Digital Photo Professional 3.6
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"EzManual" = EzManual
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Google Updater" = Google Updater
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"MyCamera" = Canon Utilities MyCamera
"NVIDIA Drivers" = NVIDIA Drivers
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Recuva" = Recuva
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Visual Task Tips" = Visual Task Tips 3.2
"WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.08.2010 19:33:40 | Computer Name = Martin-LGNotebk | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).
Error - 16.08.2010 19:34:11 | Computer Name = Martin-LGNotebk | Source = RapiMgr | ID = 6
Description = Windows Mobile-based USB device is plugged in but is unable to make
a network connection to the desktop.
Error - 16.08.2010 19:38:08 | Computer Name = Martin-LGNotebk | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).
Error - 24.08.2010 18:25:08 | Computer Name = Martin-LGNotebk | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).
Error - 26.08.2010 19:12:53 | Computer Name = Martin-LGNotebk | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).
Error - 27.08.2010 19:47:14 | Computer Name = Martin-LGNotebk | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).
Error - 28.08.2010 17:57:37 | Computer Name = Martin-LGNotebk | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.1.3834, Zeitstempel
0x4c2c67cb, fehlerhaftes Modul urlmon.dll, Version 7.0.6001.18498, Zeitstempel
0x4c28cb08, Ausnahmecode 0xc0000005, Fehleroffset 0x0006dfae, Prozess-ID 0x1bd0,
Anwendungsstartzeit 01cb4623cf76cc20.
Error - 28.08.2010 17:57:43 | Computer Name = Martin-LGNotebk | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel
0x4907e242, fehlerhaftes Modul urlmon.dll, Version 7.0.6001.18498, Zeitstempel
0x4c28cb08, Ausnahmecode 0xc0000005, Fehleroffset 0x0006dfae, Prozess-ID 0x5e0, Anwendungsstartzeit
01cb3c57c3a04b7e.
Error - 28.08.2010 19:01:18 | Computer Name = Martin-LGNotebk | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18164, Zeitstempel
0x4907e242, fehlerhaftes Modul SDHelper.dll, Version 1.5.0.11, Zeitstempel 0x2a425e19,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000410a, Prozess-ID 0x1b4c, Anwendungsstartzeit
01cb46fc0e5bc7f0.
Error - 28.08.2010 19:23:18 | Computer Name = Martin-LGNotebk | Source = Application Hang | ID = 1002
Description = Programm mediafix70700en02.exe, Version 0.1.0.0 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1690 Anfangszeit: 01cb46ff1cfb30e0 Zeitpunkt
der Beendigung: 4
[ Media Center Events ]
Error - 05.08.2009 08:56:42 | Computer Name = Martin-LGNotebk | Source = ehRecvr | ID = 4
Description =
Error - 28.10.2009 05:30:56 | Computer Name = Martin-LGNotebk | Source = ehRecvr | ID = 4
Description =
Error - 18.01.2010 11:52:29 | Computer Name = Martin-LGNotebk | Source = ehRecvr | ID = 4
Description =
Error - 21.03.2010 13:12:36 | Computer Name = Martin-LGNotebk | Source = ehRecvr | ID = 4
Description =
[ System Events ]
Error - 14.08.2010 21:25:59 | Computer Name = Martin-LGNotebk | Source = Service Control Manager | ID = 7009
Description =
Error - 15.08.2010 04:56:28 | Computer Name = Martin-LGNotebk | Source = HTTP | ID = 15016
Description =
Error - 29.08.2010 17:07:30 | Computer Name = Martin-LGNotebk | Source = HTTP | ID = 15016
Description =
Error - 29.08.2010 17:10:28 | Computer Name = Martin-LGNotebk | Source = Service Control Manager | ID = 7009
Description =
Error - 29.08.2010 17:30:09 | Computer Name = Martin-LGNotebk | Source = HTTP | ID = 15016
Description =
Error - 29.08.2010 17:33:06 | Computer Name = Martin-LGNotebk | Source = Service Control Manager | ID = 7009
Description =
Error - 30.08.2010 13:04:43 | Computer Name = Martin-LGNotebk | Source = HTTP | ID = 15016
Description =
Error - 30.08.2010 13:05:26 | Computer Name = Martin-LGNotebk | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 30.08.2010 13:07:12 | Computer Name = Martin-LGNotebk | Source = DCOM | ID = 10005
Description =
Error - 30.08.2010 13:07:12 | Computer Name = Martin-LGNotebk | Source = Service Control Manager | ID = 7009
Description =
< End of report >
|
|
01.09.2010, 08:52
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Weiter gehts mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.09.2010, 00:32
| #5 |
| | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Hallo Arne, mich macht das Zeug fertig. Ich komme immer erst in der Nacht dazu und dann heisst's wieder auf den nächsten Tag warten. Und dann legt sich auch noch die Software quer: Combofix warnte mich, dass Avira antispyware noch lief. Ok, mein Fehler, hatte vergessen, dass das extra zu deaktivieren ist. Aber jetzt bekomme ich die Meldung immer noch, obwohl ich das definitiv deaktiviert habe. Mir zeigt auch das Sicherheitscenter, dass Avira Antivirus, Avira Antispyware, Windows Firewall und Windows Defender deaktiviert sind. Was nun? Die Warnung von ComboFix vor eingeschalteter Antispyware während des Scans war ja sehr eindringlich... Danke, Martin |
|
02.09.2010, 10:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Wenn der Regenschirm geschlossen ist, kannst Du CF ausführen. Ist ein AntiVir Bug.
__________________ --> Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen |
|
02.09.2010, 23:19
| #7 |
| | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Hallo Arne, jetzt hat's geklappt und ComboFix ist durchgelaufen. Worüber ich allerdings gar nicht begeistert bin ist, dass alle persönlichen Einstellungen weg sind: Favoriten in Firefox, angelegte Programmshortcuts in der Startleiste, auch alle meine Daten in Outlook sind weg! Ich paste Dir mal den ComboFix-Log und starte das Ding dann neu und hoffe, dass sich wieder der Normalzustand einstellt. Combofix Logfile: Code:
ATTFilter ComboFix 10-09-01.04 - Admin 02.09.2010 23:44:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.43.1031.18.2047.885 [GMT 2:00]
ausgeführt von:: e:\users\Martin\Desktop\CoFi.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\users\Martin\AppData\Local\Windows Server
e:\users\Martin\AppData\Local\Windows Server\admin.txt
e:\users\Martin\AppData\Local\Windows Server\flags.ini
e:\users\Martin\AppData\Local\Windows Server\hlp.dat
e:\users\Martin\AppData\Local\Windows Server\server.dat
e:\users\Martin\AppData\Local\Windows Server\uses32.dat
e:\users\Martin\AppData\Roaming\0853DDDE0047C1E5A4DB4BD63E02773C
e:\users\Martin\AppData\Roaming\0853DDDE0047C1E5A4DB4BD63E02773C\enemies-names.txt
e:\users\Martin\AppData\Roaming\0853DDDE0047C1E5A4DB4BD63E02773C\local.ini
e:\users\Martin\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-02 bis 2010-09-02 ))))))))))))))))))))))))))))))
.
2010-09-02 21:51 . 2010-09-02 21:51 -------- d-----w- c:\users\Admin\AppData\Local\temp
2010-09-02 21:51 . 2010-09-02 21:51 -------- d-----w- e:\users\Isolde\AppData\Local\temp
2010-08-31 09:03 . 2010-08-31 09:03 -------- d-----w- e:\users\Isolde\AppData\Roaming\Malwarebytes
2010-08-30 22:05 . 2010-08-30 22:05 -------- d-----w- C:\rsit
2010-08-30 22:05 . 2010-08-30 22:05 -------- d-----w- c:\program files\trend micro
2010-08-29 23:11 . 2010-08-29 23:13 -------- d-----w- e:\users\Martin\CCleaner Logs
2010-08-29 21:11 . 2010-08-29 21:11 -------- d-----w- e:\users\Martin\AppData\Roaming\Malwarebytes
2010-08-29 20:33 . 2010-08-29 20:33 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2010-08-29 20:33 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 20:33 . 2010-08-29 20:33 -------- d-----w- c:\programdata\Malwarebytes
2010-08-29 20:33 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-28 21:57 . 2010-08-31 19:37 -------- d-----w- e:\users\Martin\AppData\Local\Windows
2010-08-14 19:00 . 2010-06-11 15:31 274432 ----a-w- c:\windows\system32\schannel.dll
2010-08-14 19:00 . 2010-06-21 13:18 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-08-14 19:00 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2010-08-14 19:00 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-14 19:00 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-14 19:00 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-08-14 19:00 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-14 19:00 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-14 19:00 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-07 08:19 . 2010-08-07 08:19 -------- d-----w- c:\program files\Common Files\doubleTwist
2010-08-07 08:16 . 2010-08-07 08:19 -------- d-----w- c:\program files\doubleTwist 2.0
2010-08-03 22:57 . 2010-08-03 22:57 -------- d-----w- e:\users\Martin\AppData\Local\M.B.Software
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 21:41 . 2008-07-03 21:13 -------- d-----w- c:\programdata\Google Updater
2010-09-01 22:37 . 2008-05-27 00:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-31 19:34 . 2008-06-23 06:21 27430 ----a-w- e:\users\Martin\AppData\Roaming\nvModes.dat
2010-08-31 19:33 . 2008-07-07 18:11 27430 ----a-w- e:\users\Isolde\AppData\Roaming\nvModes.dat
2010-08-30 21:52 . 2006-11-02 15:33 639210 ----a-w- c:\windows\system32\perfh007.dat
2010-08-30 21:52 . 2006-11-02 15:33 131024 ----a-w- c:\windows\system32\perfc007.dat
2010-08-29 23:20 . 2007-01-09 18:49 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-29 20:54 . 2008-07-03 22:18 -------- d-----w- e:\users\Martin\AppData\Roaming\Skype
2010-08-29 19:40 . 2008-07-03 22:21 -------- d-----w- e:\users\Martin\AppData\Roaming\skypePM
2010-08-15 01:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-07 08:19 . 2009-12-28 22:53 -------- d-----w- c:\program files\ffdshow
2010-08-03 23:31 . 2010-06-25 01:03 -------- d-----w- c:\program files\Microsoft.NET
2010-06-28 16:17 . 2010-08-14 19:01 833024 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-14 19:01 78336 ----a-w- c:\windows\system32\ieencode.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"SpybotSD TeaTimer"="d:\spybot\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"VisualTaskTips"="d:\visualtasktips\VisualTaskTips.exe" [2008-03-09 61440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-03 68856]
"doubleTwist"="c:\program files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe" [2010-05-31 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2007-09-28 247088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-10 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 174616]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-07-24 33304]
"MGSysCtrl"="c:\program files\LG Software\System Control Manager\MGSysCtrl.exe" [2007-10-17 569344]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-21 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-28 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2009-07-13 292128]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="d:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
" Malwarebytes Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2010-04-29 1090952]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-25 110592]
Microsoft Office.lnk - d:\microsoft office 2000\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R2 NishService;Evil Driver Daemon;c:\program files\LG Software\System Control Manager\edd.exe [2007-08-23 61440]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-04-22 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-04-22 3072]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-07-09 209408]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-03-10 6656]
S2 SBSDWSCService;SBSD Security Center Service;d:\spybot\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\DRIVERS\etDevice.sys [2007-07-20 471808]
S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2007-06-14 201216]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-07-23 6656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-08-27 c:\windows\Tasks\1-Klick-Wartung.job
- d:\tuneup utilities 2007\SystemOptimizer.exe [2007-08-02 10:40]
2010-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-03 23:33]
2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:07]
2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 20:07]
2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{54AF5D3C-E5C6-457D-9966-A907CBB10854}.job
- c:\windows\system32\msfeedssync.exe [2008-03-22 22:33]
2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{A4DF0C8F-666D-4417-ABA7-541981A33AD6}.job
- c:\windows\system32\msfeedssync.exe [2008-03-22 22:33]
2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{F3F8E361-1F43-473F-9B47-1546235CD529}.job
- c:\windows\system32\msfeedssync.exe [2008-03-22 22:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - d:\micros~1\Office10\EXCEL.EXE/3000
TCP: {CB159AAD-FD58-4EA6-BF80-1E5714ADDD20} = 192.168.178.1,169.254.1.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pxi96goz.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-02 23:51
Windows 6.0.6001 Service Pack 1 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-02 23:55:07
ComboFix-quarantined-files.txt 2010-09-02 21:55
Vor Suchlauf: 8 Verzeichnis(se), 20.318.064.640 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 21.476.499.456 Bytes frei
- - End Of File - - 5D634C74F12D0AF7DFC617CAA4BB9AA7
|
|
02.09.2010, 23:29
| #8 |
| | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Ufff, Gott sei Dank, nach dem Neustart schaut alles wieder aus, wie gewohnt. Bin mal neugierig, was Du zu dem Log sagst. |
|
03.09.2010, 10:31
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.09.2010, 00:01
| #10 |
| | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Hallo Arne, mit GMER habe ich nicht viel Glück gehabt: Beim 1.Versuch hat er das System neu gestartet, ich kam aber zu spät, um die Meldung zu lesen. Dann 2 Systemabstürze und schließlich nochmal ein soweit brauchbarer Versuch, bis GMER das System neu gestartet hat. Dabei kam ein DOS Bildschirm, blauer Hintergrund und eine Meldung wie: "Das Programm hat eine Infektion gefunden und Windows beendet um eine Gefährdung zu vermeiden." oder so ähnlich. Dann wurde noch 2der Schuldige" genannt: uwtyypop.sys. Ich war leider so konzentriert diesen Filenamen zu notieren, dass ich den Rest am Schirm nicht hinlänglich lesen konnte. Wenigstens ist OSAM wie geplant durchgelaufen. Ich habe das log file attached (ist in der Originalformatierung leichter zu lesen) und auch hier gepastet: Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 00:54:06 on 04.09.2010 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.5.11 Scanner Settings Rootkits detection (hidden registry) Rootkits detection (hidden files) Retrieve files information Check Microsoft signatures Filters Trusted entries Empty entries Hidden registry entries (rootkit activity) Exclusively opened files Not found files Files without detailed information Existing files Non-startable services Non-startable drivers Active entries Disabled entries Risk Name Publisher Full Path Status Boot Execute HKLM\SYSTEM\CurrentControlSet\Control\Session Manager |||||| "BootExecute" C:\Windows\system32\lsdelete.exe File found, but it contains no detailed information Common %SystemRoot%\Tasks |||| "GoogleUpdateTaskMachineCore.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||| "GoogleUpdateTaskMachineUA.job" "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||| "Google Software Updater.job" "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||| "1-Klick-Wartung.job" "TuneUp Software GmbH" D:\TuneUp Utilities 2007\SystemOptimizer.exe File exists Control Panel Objects HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls |||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists Drivers HKLM\SYSTEM\CurrentControlSet\Services |||||| "avgio" (avgio) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avgio.sys File exists |||||| "avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists |||||| "avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists "catchme" (catchme) C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found |||||| "epmntdrv" (epmntdrv) C:\Windows\system32\epmntdrv.sys File found, but it contains no detailed information |||||| "EuGdiDrv" (EuGdiDrv) C:\Windows\system32\EuGdiDrv.sys File found, but it contains no detailed information || "FsUsbExDisk" (FsUsbExDisk) C:\Windows\system32\FsUsbExDisk.SYS File found, but it contains no detailed information "IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found || "iPodDrv" (iPodDrv) "Windows (R) Codename Longhorn DDK provider" C:\Windows\system32\drivers\iPodDrv.sys File exists "IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found "IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found || "MGHwCtrl" (MGHwCtrl) "Windows (R) Codename Longhorn DDK provider" C:\Windows\system32\drivers\MGHwCtrl.sys File exists |||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved |||||| {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists HKLM\Software\Classes\Folder\shellex\ColumnHandlers |||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists HKLM\Software\Classes\Protocols\Handler |||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists |||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists |||||| {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found |||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" D:\7-Zip\7-zip.dll File exists {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found |||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." D:\iTunes\iTunesMiniPlayer.dll File exists |||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" D:\Microsoft Office 2000\Office10\msohev.dll File exists |||||| {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" "Microsoft Corporation" D:\Microsoft Office 2000\Office10\MLSHEXT.DLL File exists |||||| {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" "Microsoft Corporation" D:\Microsoft Office 2000\Office10\OLKFSTUB.DLL File exists {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found |||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists |||||| {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" "TuneUp Software GmbH" D:\TuneUp Utilities 2007\SDShelEx-win32.dll File exists |||||| {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" "TuneUp Software GmbH" C:\Windows\System32\uxtuneup.dll File exists |||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL File exists {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found Internet Explorer HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser |||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File exists "ITBar7Layout" File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units |||| {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab "Microsoft Corporation" C:\Windows\system32\LegitCheckControl.DLL File exists {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab File not found | COM-object registry key not found HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions |||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" "Microsoft Corporation" C:\Windows\WindowsMobile\INetRepl.dll File exists |||| {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" "Microsoft Corporation" C:\Windows\WindowsMobile\INetRepl.dll File exists |||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" D:\Spybot\Spybot - Search & Destroy\SDHelper.dll File exists |||| {77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" "Skype Technologies S.A." C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File exists HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar |||| "Google Toolbar" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File exists HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists |||| {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" "Google Inc." C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File exists || {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll File exists |||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists |||| {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\ssv.dll File exists {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} "PodcastBHO Class" "doubleTwist Corporation" C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll File exists |||| {22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" "Skype Technologies S.A." C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File exists |||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" D:\Spybot\Spybot - Search & Destroy\SDHelper.dll File exists Logon %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup |||||| "desktop.ini" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup |||| "Adobe Gamma Loader.lnk" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Shortcut exists | File exists |||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists |||| "Microsoft Office.lnk" "Microsoft Corporation" D:\Microsoft Office 2000\Office10\OSA.EXE Shortcut exists | File exists HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "doubleTwist" "doubleTwist Corporation" C:\Program Files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe File exists |||| "Skype" "Skype Technologies S.A." "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized File exists |||||| "SpybotSD TeaTimer" "Safer-Networking Ltd." D:\Spybot\Spybot - Search & Destroy\TeaTimer.exe File exists |||| "swg" "Google Inc." "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File exists |||| "VisualTaskTips" "VisualTaskTips.com" D:\VisualTaskTips\VisualTaskTips.exe File exists HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd "StartupPrograms" rdpclip File not found HKLM\Software\Microsoft\Windows\CurrentVersion\Run |||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists |||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "D:\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists |||||| "avgnt" "Avira GmbH" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists |||| "IAAnotif" "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File exists |||| "IaNvSrv" "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe File exists |||| "iTunesHelper" "Apple Inc." "D:\iTunes\iTunesHelper.exe" File exists "LG Intelligent Update" "BIT LEADER" "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc File exists |||||| " Malwarebytes Anti-Malware (reboot)" "Malwarebytes Corporation" "D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File exists "MGSysCtrl" "MSI" C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe File exists |||| "QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists |||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Java\jre6\bin\jusched.exe" File exists Services HKLM\SYSTEM\CurrentControlSet\Services |||||| "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) "TuneUp Software GmbH" C:\Windows\System32\uxtuneup.dll File exists |||||| "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe File exists |||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists |||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists |||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists |||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists || "Evil Driver Daemon" (NishService) C:\Program Files\LG Software\System Control Manager\edd.exe File found, but it contains no detailed information |||| "Google Software Updater" (gusvc) "Google" C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File exists |||| "Google Update Service (gupdate)" (gupdate) "Google Inc." C:\Program Files\Google\Update\GoogleUpdate.exe File exists |||||| "Intel(R) Matrix Storage Event Monitor" (IAANTMON) "Intel Corporation" C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe File exists |||||| "iPod-Dienst" (iPod Service) "Apple Inc." C:\Program Files\iPod\bin\iPodService.exe File exists |||||| "Lavasoft Ad-Aware Service" (aawservice) "Lavasoft" D:\Ad-Aware\aawservice.exe File exists |||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists |||||| "O2Micro Flash Memory Card Service" (o2flash) "O2Micro International" C:\Program Files\O2Micro Oz128 Driver\o2flash.exe File exists |||||| "SBSD Security Center Service" (SBSDWSCService) "Safer Networking Ltd." D:\Spybot\Spybot - Search & Destroy\SDWinSec.exe File exists |||||| "ServiceLayer" (ServiceLayer) "Nokia." C:\Program Files\PC Connectivity Solution\ServiceLayer.exe File exists Winsock Providers HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries |||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
04.09.2010, 00:17
| #11 |
| | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Au klasse, der Bootkit Remover sagt nur: System volume is \\.\C: main<>: CreateFile<> Error 5 ERROR: can`t open volume device \\.\C ... und dann verschwindet das Fenster wieder. Arne, kannst Du dem genervten Windowsbenutzer (i.e. mir) bitte erklären, was wir bislang schon gefunden haben bzw evtl entfernt...? Obwohl ich nicht wüsste, was hier schon repariert worden wäre. Würd halt gerne wissen, wieso wir welchen Step der Behandlung machen und was die Erwartung bei der Durchführung bestimmter Schritte ist..... Danke! |
|
04.09.2010, 15:34
| #12 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernenZitat:
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
Zitat:
Sieht man zB im CF-Log unter "weitere Löschungen"
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.09.2010, 17:04
| #13 |
| | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Dir kann man auch gar nix vormachen .... ;-) Hatte den Bootkit Remover wohl tatsächlich nicht als Admin gestartet gehabt. Jetzt hat es funktioniert - am Nachmittag kann man einfach besser denken als mitten in der Nacht. Ich glaube ich habe da grües Licht bekommen. Konnte die Ausgabe nicht kopieren und hab sie daher unten als jpg attached. |
|
04.09.2010, 17:12
| #14 |
| | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Und schließlich MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: MICRO-STAR INT'L CO.,LTD. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: LG Electronics System Product Name: R700-U.APCAG Logical Drives Mask: 0x0000007c Kernel Drivers (total 162): 0x8200B000 \SystemRoot\system32\ntkrnlpa.exe 0x823C4000 \SystemRoot\system32\hal.dll 0x80404000 \SystemRoot\system32\kdcom.dll 0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8046C000 \SystemRoot\system32\PSHED.dll 0x8047D000 \SystemRoot\system32\BOOTVID.dll 0x80485000 \SystemRoot\system32\CLFS.SYS 0x804C6000 \SystemRoot\system32\CI.dll 0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80689000 \SystemRoot\system32\drivers\acpi.sys 0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys 0x806E0000 \SystemRoot\system32\drivers\pci.sys 0x80707000 \SystemRoot\System32\drivers\partmgr.sys 0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80723000 \SystemRoot\system32\drivers\volmgr.sys 0x80732000 \SystemRoot\System32\drivers\volmgrx.sys 0x8077C000 \SystemRoot\system32\drivers\intelide.sys 0x80783000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x80791000 \SystemRoot\System32\drivers\mountmgr.sys 0x82601000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x826BF000 \SystemRoot\system32\DRIVERS\iaNvStor.sys 0x826FB000 \SystemRoot\system32\drivers\atapi.sys 0x82703000 \SystemRoot\system32\drivers\ataport.SYS 0x82721000 \SystemRoot\system32\drivers\msahci.sys 0x8272A000 \SystemRoot\system32\DRIVERS\o2media.sys 0x82734000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0x8275A000 \SystemRoot\system32\DRIVERS\o2sd.sys 0x82763000 \SystemRoot\system32\drivers\fltmgr.sys 0x82795000 \SystemRoot\system32\drivers\fileinfo.sys 0x82C0F000 \SystemRoot\System32\Drivers\ksecdd.sys 0x82C80000 \SystemRoot\system32\drivers\ndis.sys 0x82D8B000 \SystemRoot\system32\drivers\msrpc.sys 0x82DB6000 \SystemRoot\system32\drivers\NETIO.SYS 0x82E0B000 \SystemRoot\System32\drivers\tcpip.sys 0x82EF4000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x88206000 \SystemRoot\System32\Drivers\Ntfs.sys 0x88315000 \SystemRoot\system32\drivers\volsnap.sys 0x8834E000 \SystemRoot\System32\Drivers\spldr.sys 0x88356000 \SystemRoot\System32\Drivers\mup.sys 0x88365000 \SystemRoot\System32\drivers\ecache.sys 0x8838C000 \SystemRoot\system32\drivers\disk.sys 0x8839D000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x883BE000 \SystemRoot\system32\drivers\crcdisk.sys 0x883D4000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x883DF000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x883E8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8CC04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8D34B000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8D3EA000 \SystemRoot\System32\drivers\watchdog.sys 0x82FCD000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x827A5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x82FD8000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x82FE7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8C403000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x8C78C000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x8C7A4000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8C7B4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8C7C2000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8C7D5000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x807A1000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8C7E0000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8C7E2000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8C7ED000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x827E3000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8C7F1000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0x807CC000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x805A6000 \SystemRoot\system32\DRIVERS\storport.sys 0x82E00000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x805E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x82DF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8D608000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8D62B000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8D63A000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8D64E000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8D663000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8D673000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8D675000 \SystemRoot\system32\DRIVERS\ks.sys 0x8D69F000 \SystemRoot\system32\DRIVERS\circlass.sys 0x8D6AD000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8D6B7000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8D6C4000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8D6F8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9040C000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8D709000 \SystemRoot\system32\drivers\portcls.sys 0x8D736000 \SystemRoot\system32\drivers\drmk.sys 0x90206000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x90322000 \SystemRoot\system32\drivers\modem.sys 0x9032F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x90338000 \SystemRoot\System32\Drivers\Null.SYS 0x9033F000 \SystemRoot\System32\Drivers\Beep.SYS 0x9034F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x90356000 \SystemRoot\System32\drivers\vga.sys 0x90362000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x90383000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x9038B000 \SystemRoot\system32\drivers\rdpencdd.sys 0x90393000 \SystemRoot\System32\Drivers\Msfs.SYS 0x9039E000 \SystemRoot\System32\Drivers\Npfs.SYS 0x903AC000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x903B5000 \SystemRoot\system32\DRIVERS\tdx.sys 0x903CB000 \SystemRoot\system32\DRIVERS\smb.sys 0x8D75B000 \SystemRoot\system32\drivers\afd.sys 0x8D7A3000 \SystemRoot\System32\DRIVERS\netbt.sys 0x903DF000 \SystemRoot\system32\DRIVERS\pacer.sys 0x905E9000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8D7D5000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x903F5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x9060E000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x9064A000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90654000 \SystemRoot\System32\Drivers\dfsc.sys 0x9066B000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x90687000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x90689000 \SystemRoot\System32\Drivers\fastfat.SYS 0x9077D000 \SystemRoot\system32\DRIVERS\usbcir.sys 0x90793000 \SystemRoot\system32\DRIVERS\emOEM.sys 0x82F0F000 \SystemRoot\system32\DRIVERS\emBDA.sys 0x9079D000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x907A0000 \SystemRoot\system32\DRIVERS\hidir.sys 0x907AB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x907BB000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x907C4000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x907CC000 \SystemRoot\System32\Drivers\crashdmp.sys 0x93400000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x990A0000 \SystemRoot\System32\win32k.sys 0x934BE000 \SystemRoot\System32\drivers\Dxapi.sys 0x934C8000 \SystemRoot\system32\DRIVERS\monitor.sys 0x992C0000 \SystemRoot\System32\TSDDD.dll 0x992E0000 \SystemRoot\System32\cdd.dll 0x934D7000 \SystemRoot\system32\drivers\luafv.sys 0x934F2000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x9350E000 \SystemRoot\system32\drivers\spsys.sys 0x935BD000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x935CD000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x907D9000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x907E3000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA1A01000 \SystemRoot\system32\drivers\HTTP.sys 0xA1A6E000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA1A8B000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA1AA4000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA1AB9000 \SystemRoot\system32\drivers\mrxdav.sys 0xA1AD9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA1AF8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA1B31000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA1B49000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA1B70000 \SystemRoot\System32\DRIVERS\srv.sys 0xA1BBE000 \??\C:\Windows\system32\drivers\iPodDrv.sys 0xA360E000 \SystemRoot\system32\drivers\peauth.sys 0xA36EC000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA36F6000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA3702000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA3717000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA3729000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA373F000 \??\C:\Windows\system32\drivers\MGHwCtrl.sys 0xA3749000 \SystemRoot\system32\drivers\MSPQM.sys 0xA374B000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xA3762000 \SystemRoot\system32\DRIVERS\etFilter.sys 0x906B1000 \SystemRoot\system32\DRIVERS\etDevice.sys 0xA3794000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0xA37A1000 \SystemRoot\system32\DRIVERS\etScan.sys 0x76DE0000 \Windows\System32\ntdll.dll Processes (total 71): 0 System Idle Process 4 System 460 C:\Windows\System32\smss.exe 612 csrss.exe 664 C:\Windows\System32\wininit.exe 676 csrss.exe 708 C:\Windows\System32\services.exe 744 C:\Windows\System32\lsass.exe 752 C:\Windows\System32\lsm.exe 860 C:\Windows\System32\winlogon.exe 928 C:\Windows\System32\svchost.exe 1008 C:\Windows\System32\svchost.exe 1044 C:\Windows\System32\svchost.exe 1096 C:\Windows\System32\svchost.exe 1128 C:\Windows\System32\svchost.exe 1140 C:\Windows\System32\svchost.exe 1208 C:\Windows\System32\audiodg.exe 1236 C:\Windows\System32\SLsvc.exe 1272 C:\Windows\System32\svchost.exe 1384 C:\Windows\System32\svchost.exe 1516 D:\Ad-Aware\aawservice.exe 1784 C:\Windows\System32\spoolsv.exe 1808 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1820 C:\Windows\System32\svchost.exe 496 C:\Windows\System32\agrsmsvc.exe 584 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 588 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 620 C:\Program Files\Bonjour\mDNSResponder.exe 736 C:\Windows\System32\svchost.exe 1156 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE 836 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE 2060 C:\Program Files\LG Software\System Control Manager\edd.exe 2084 C:\Program Files\O2Micro Oz128 Driver\o2flash.exe 2216 C:\Windows\System32\svchost.exe 2240 C:\Windows\System32\svchost.exe 2312 C:\Windows\System32\svchost.exe 2340 C:\Windows\System32\SearchIndexer.exe 2576 WUDFHost.exe 2756 C:\Windows\System32\dwm.exe 2780 C:\Windows\explorer.exe 2852 C:\Program Files\Windows Defender\MSASCui.exe 2860 C:\Program Files\lg_swupdate\GiljabiStart.exe 2868 C:\Windows\RtHDVCpl.exe 2884 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2892 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE 2908 C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe 2944 C:\Program Files\Java\jre6\bin\jusched.exe 2960 D:\iTunes\iTunesHelper.exe 2968 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2976 C:\Windows\WindowsMobile\wmdc.exe 3024 C:\Program Files\Windows Sidebar\sidebar.exe 3048 C:\Windows\ehome\ehtray.exe 3092 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3112 C:\Program Files\Windows Media Player\wmpnscfg.exe 3208 ehmsas.exe 3504 C:\Windows\System32\taskeng.exe 3572 C:\Windows\System32\taskeng.exe 3848 C:\Windows\System32\rundll32.exe 4060 WmiPrvSE.exe 308 mobsync.exe 2436 C:\Program Files\Windows Sidebar\sidebar.exe 2148 C:\Windows\ehome\ehsched.exe 892 C:\Program Files\Windows Media Player\wmpnetwk.exe 3236 C:\Windows\System32\svchost.exe 4020 C:\Program Files\iPod\bin\iPodService.exe 3296 unsecapp.exe 4168 C:\Windows\ehome\ehrecvr.exe 5136 C:\Program Files\lg_swupdate\pnp.exe 3388 D:\Mozilla Firefox\firefox.exe 4988 C:\Windows\explorer.exe 5312 E:\Users\Martin\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`40100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`c0038000 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000011`c00b0000 (NTFS) PhysicalDrive0 Model Number: FUJITSUMHY2250BH, Rev: 0000000B Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
05.09.2010, 15:01
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Antimalware Doctor, Adware.BHO, Malware.Packer.Gen entfernen |
| adware.bho, antimalware, avira, beim starten, datei, desktop, detected, dos fenster, entfernen, ergebnis, explorer, explorer funktioniert nicht, firewall, folge, funktioniert nicht mehr, hintergrund, infected, local\temp, log, malwarebytes, mbam log, neustart, problem, programm, rkill, suche, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', trojan, virus, windows, windows explorer, windows explorer funktioniert nicht, windows explorer funktioniert nicht mehr |
Linear-Darstellung
