| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojanerwarnung nach XP NeuinstallationWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.09.2010, 09:00
| #16 |
 |  Trojanerwarnung nach XP Neuinstallation so,jetzt hab íchs doch geschafft Extras: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.09.2010 07:04:57 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Ralf Sievert\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
512,00 Mb Total Physical Memory | 181,00 Mb Available Physical Memory | 35,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 50,97 Gb Free Space | 68,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RALF-SIEVERT
Current User Name: Ralf Sievert
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Double Action Air Grip
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A381C835-942E-4780-BD70-35411F5E9C00}" = Virtual Sailor 6.8
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E4E3E62E-16D7-425E-009C-DCB5E64F5955}" = FIFA 2005
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 4.9.0.0
"CCleaner" = CCleaner
"CreationCentre 20051.3.0.27" = CreationCentre 2005
"DMX5_is1" = DriverMax 5
"ie8" = Windows Internet Explorer 8
"Installation Stellwerk Hannover" = Installation Stellwerk Hannover
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netzmanager" = Netzmanager
"PANZERS - Phase1" = PANZERS - Phase1
"Ports Of Call Classic Edition - astragon 1.2.2" = Ports Of Call Classic Edition - astragon 1.2.2
"Shipsim2008" = Schiff-Simulator 2008
"ShipSim2008Editor" = Ship Simulator 2008 Mission Editor
"Shockwave" = Shockwave
"Virtual Sailor_is1" = Virtual Sailor 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.08.2010 13:57:13 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.104:5353 23 Meikes\032Mediathek._home-sharing._tcp.local.
SRV 0 0 3689 SVFehmarn.local.
Error - 31.08.2010 13:57:13 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Reseting to Probing: 26 Meikes\032Mediathek._home-sharing._tcp.local.
SRV 0 0 3689 ralf-sievert.local.
Error - 31.08.2010 13:57:14 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.2.104:5353 261 Meikes\032Mediathek._home-sharing._tcp.local.
TXT txtvers=1¦iTSh Version=196609¦hQ=100¦MID=0x14F5F69FEBF4D41C¦Database ID=E17EE457E5931AFF¦dmv=13107
Error - 31.08.2010 13:57:14 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Reseting to Probing: 26 Meikes\032Mediathek._home-sharing._tcp.local.
SRV 0 0 3689 ralf-sievert.local.
Error - 31.08.2010 16:39:23 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = 428: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 31.08.2010 16:39:40 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = send_msg ERROR: failed to write 88 of 88 bytes to fd 240 errno 10054
(Eine vorhandene Verbindung wurde vom Remotehost geschlossen.)
Error - 31.08.2010 16:39:40 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = 240: Could not write data to client because of error - aborting connection
Error - 31.08.2010 16:39:40 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = 240: DNSServiceBrowse _00000000-0d75-e70e-adb3-833ca9ab4578._sub._home-sharing._tcp.local.
Error - 31.08.2010 16:39:40 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 31.08.2010 16:39:40 | Computer Name = RALF-SIEVERT | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ System Events ]
Error - 29.08.2010 02:55:03 | Computer Name = RALF-SIEVERT | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Netzmanager
Infrastruktur Informationssystem Dienst.
Error - 29.08.2010 12:03:35 | Computer Name = RALF-SIEVERT | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Netzmanager
Infrastruktur Informationssystem Dienst.
Error - 29.08.2010 12:11:25 | Computer Name = RALF-SIEVERT | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Internet Explorer*8 für Windows*XP
Error - 29.08.2010 15:23:29 | Computer Name = RALF-SIEVERT | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Update für die Microsoft .NET Framework 3.5 Service
Pack 1- und .NET Framework 3.5-Produktfamilie für die .NET-Versionen 2.0 bis 3.5
(KB951847) x86
< End of report >
|
|
01.09.2010, 12:15
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojanerwarnung nach XP Neuinstallation Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O4 - HKCU..\Run: [XBV6RD5SZF] C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Temp\Gvl.exe (OpenSC Project)
[2010.08.30 19:43:39 | 000,187,392 | ---- | C] (OpenSC Project) -- C:\WINDOWS\Gpiria.exe
[2010.08.30 16:28:27 | 000,000,000 | ---D | C] -- C:\2163129675308c8e2756
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ |
|
01.09.2010, 15:28
| #18 |
| | Trojanerwarnung nach XP Neuinstallation Hallo,
__________________hier die log nach Neustart: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XBV6RD5SZF deleted successfully.
C:\Dokumente und Einstellungen\Ralf Sievert\Lokale Einstellungen\Temp\Gvl.exe moved successfully.
C:\WINDOWS\Gpiria.exe moved successfully.
C:\2163129675308c8e2756\i386 folder moved successfully.
C:\2163129675308c8e2756\amd64 folder moved successfully.
C:\2163129675308c8e2756 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Ralf Sievert
->Temp folder emptied: 47757041 bytes
->Temporary Internet Files folder emptied: 25218357 bytes
->Java cache emptied: 938420 bytes
->FireFox cache emptied: 66608368 bytes
->Flash cache emptied: 410 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139177 bytes
%systemroot%\System32 .tmp files removed: 3061639 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19600532 bytes
RecycleBin emptied: 1230540921 bytes
Total Files Cleaned = 1.330,00 mb
OTL by OldTimer - Version 3.2.11.0 log created on 09012010_161757
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
01.09.2010, 18:33
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerwarnung nach XP Neuinstallation Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.09.2010, 20:07
| #20 |
| | Trojanerwarnung nach XP Neuinstallation Hallo, hier kommt das Ergebnis von Combofix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 10-09-01.02 - Ralf Sievert 01.09.2010 20:46:22.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.512.189 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Ralf Sievert\Desktop\cofi.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((( Dateien erstellt von 2010-08-01 bis 2010-09-01 ))))))))))))))))))))))))))))))
.
2010-09-01 14:17 . 2010-09-01 14:17 -------- d-----w- C:\_OTL
2010-08-31 12:00 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-31 12:00 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 12:00 . 2010-08-31 12:00 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-08-31 06:03 . 2010-09-01 14:20 85520 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-08-30 18:36 . 2010-08-30 18:36 -------- d-sh--w- c:\dokumente und einstellungen\Ralf Sievert\PrivacIE
2010-08-30 16:31 . 2009-08-21 10:15 557568 ----a-w- c:\windows\system32\B4FM.dll
2010-08-30 16:31 . 2010-08-30 16:37 -------- d-----w- c:\programme\Burn4Free
2010-08-30 14:48 . 2010-08-30 14:48 -------- d-sh--w- c:\dokumente und einstellungen\Ralf Sievert\IETldCache
2010-08-30 14:13 . 2010-08-30 14:13 145 ----a-w- c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2010-08-30 14:13 . 2010-08-30 14:17 -------- d-----w- c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
2010-08-30 14:10 . 2010-06-18 11:39 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-30 14:09 . 2010-08-31 06:03 -------- d-----w- c:\windows\ie8updates
2010-08-30 14:09 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-30 14:09 . 2010-06-24 12:21 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-30 14:09 . 2010-06-24 12:21 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-30 14:09 . 2010-06-24 12:21 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-30 14:09 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-30 14:09 . 2010-06-24 15:51 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-30 14:09 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-30 14:06 . 2010-08-30 14:08 -------- dc-h--w- c:\windows\ie8
2010-08-29 17:36 . 2010-03-22 15:38 3586031 -c--a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\Netzmanager1.045.1230_100322a.exe
2010-08-29 17:34 . 2010-03-22 15:19 10240 -c--a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}\OFFLINE\70A91E40\86C0540D\DlgMiscLocEn.dll
2010-08-29 07:55 . 2010-08-29 07:55 61440 ----a-w- c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36850f2c-n\decora-sse.dll
2010-08-29 07:55 . 2010-08-29 07:55 12800 ----a-w- c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-36850f2c-n\decora-d3d.dll
2010-08-29 07:55 . 2010-08-29 07:55 -------- d-----w- c:\windows\Sun
2010-08-29 07:55 . 2010-08-29 07:55 503808 ----a-w- c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-294bf8c4-n\msvcp71.dll
2010-08-29 07:55 . 2010-08-29 07:55 499712 ----a-w- c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-294bf8c4-n\jmc.dll
2010-08-29 07:55 . 2010-08-29 07:55 348160 ----a-w- c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-294bf8c4-n\msvcr71.dll
2010-08-29 07:54 . 2010-08-29 07:53 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-29 07:40 . 2010-06-21 15:27 354304 -c----w- c:\windows\system32\dllcache\srv.sys
2010-08-29 07:40 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-29 07:39 . 2010-08-29 07:40 -------- d-----w- c:\programme\Stellwerk Hannover
2010-08-29 07:39 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-29 07:39 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-08-29 07:39 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-08-29 07:38 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-08-29 07:38 . 2009-03-06 14:19 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-08-29 07:38 . 2009-02-09 11:21 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-08-29 07:38 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-08-29 07:38 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-08-29 07:38 . 2009-02-09 10:51 678400 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-08-29 07:38 . 2009-02-09 10:51 740352 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-08-29 07:38 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-08-29 07:37 . 2009-06-21 21:45 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-08-29 07:37 . 2010-04-28 18:11 2192256 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-29 07:37 . 2010-04-28 05:41 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-29 07:37 . 2010-04-28 05:41 2069120 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-08-29 07:37 . 2010-04-28 05:41 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-29 07:36 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-08-29 07:36 . 2008-05-01 14:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-08-29 07:34 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-08-29 07:34 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-08-29 07:33 . 2008-06-14 17:32 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-29 07:31 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-08-29 07:30 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-08-29 07:30 . 2008-04-21 21:13 217600 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-08-29 07:30 . 2009-12-09 05:53 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2010-08-28 16:13 . 2010-08-28 16:18 -------- d-----w- c:\programme\Virtual Sailor
2010-08-28 16:05 . 2010-08-29 16:45 -------- d-----w- c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Apple Computer
2010-08-28 16:04 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-28 16:04 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-28 16:04 . 2010-08-28 16:04 -------- d-----w- c:\programme\iPod
2010-08-28 16:03 . 2010-08-28 16:04 -------- d-----w- c:\programme\iTunes
2010-08-28 16:03 . 2010-08-28 16:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-28 16:02 . 2010-08-28 16:03 -------- d-----w- c:\programme\QuickTime
2010-08-28 16:02 . 2010-08-28 16:03 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-08-28 16:01 . 2010-08-28 16:01 -------- d-----w- c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Apple
2010-08-28 16:01 . 2010-08-28 16:01 -------- d-----w- c:\programme\Apple Software Update
2010-08-28 16:01 . 2010-04-19 18:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-08-28 16:01 . 2010-04-19 18:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-08-28 16:00 . 2010-08-28 16:01 -------- d-----w- c:\programme\Bonjour
2010-08-28 16:00 . 2010-08-28 16:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2010-08-28 16:00 . 2010-08-28 16:00 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2010-08-28 15:59 . 2010-08-28 16:05 -------- d-----w- c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2010-08-28 15:01 . 2010-08-28 15:01 -------- d-----w- c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\PackageAware
2010-08-28 14:56 . 2010-08-28 14:56 -------- d-----w- c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\T-Online
2010-08-28 14:54 . 2010-08-28 14:54 -------- d-----w- c:\programme\MSBuild
2010-08-28 14:47 . 2010-08-30 14:29 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-28 14:46 . 2010-08-28 14:46 -------- d-----w- c:\programme\Reference Assemblies
2010-08-28 14:46 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-28 14:46 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-08-28 14:39 . 2010-08-28 14:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\T-Online
2010-08-28 14:39 . 2010-08-28 14:39 -------- d-----w- c:\programme\Gemeinsame Dateien\Marmiko Shared
2010-08-28 14:38 . 2010-08-28 14:39 -------- d-----w- c:\programme\T-Online
2010-08-28 13:55 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-28 13:55 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-28 13:55 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-28 13:55 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-28 13:55 . 2010-08-28 13:55 -------- d-----w- c:\programme\Avira
2010-08-28 13:55 . 2010-08-28 13:55 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-08-28 13:48 . 2008-04-14 05:52 26624 ----a-w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-08-28 13:48 . 2010-08-28 13:48 -------- d-----w- c:\programme\Windows Media Connect 2
2010-08-28 13:46 . 2010-08-28 13:47 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-08-28 13:46 . 2010-08-28 13:46 -------- d-----w- c:\windows\system32\LogFiles
2010-08-28 13:43 . 2010-08-28 13:44 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2010-08-28 13:41 . 2010-08-28 15:29 -------- d-----w- c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Adobe
2010-08-28 13:30 . 2010-08-28 13:30 0 ----a-w- c:\windows\nsreg.dat
2010-08-28 13:29 . 2010-08-28 13:29 -------- d-----w- c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\Mozilla
2010-08-28 13:22 . 2008-09-10 01:13 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-08-28 13:22 . 2008-09-10 01:13 1307648 ------w- c:\windows\system32\msxml6.dll
2010-08-28 13:22 . 2008-04-14 05:27 93184 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-08-28 13:22 . 2008-04-14 05:27 93184 ------w- c:\windows\system32\msxml6r.dll
2010-08-28 13:22 . 2009-07-13 21:43 286208 -c----w- c:\windows\system32\dllcache\wmpdxm.dll
2010-08-28 13:22 . 2009-04-01 21:02 604160 -c----w- c:\windows\system32\dllcache\wmspdmod.dll
2010-08-28 13:22 . 2009-02-04 13:12 96256 -c----w- c:\windows\system32\dllcache\wmpband.dll
2010-08-28 13:22 . 2009-01-30 18:35 4096 -c----w- c:\windows\system32\dllcache\wmvdmoe2.dll
2010-08-28 13:22 . 2009-01-30 18:34 1329152 -c----w- c:\windows\system32\dllcache\WMSPDMOE.dll
2010-08-28 13:22 . 2009-01-30 18:34 4096 -c----w- c:\windows\system32\dllcache\wmsdmoe2.dll
2010-08-28 13:22 . 2008-04-14 05:52 221184 -c----w- c:\windows\system32\dllcache\wmpns.dll
2010-08-28 13:22 . 2009-01-30 18:34 211456 -c----w- c:\windows\system32\dllcache\wmpasf.dll
2010-08-28 13:18 . 2009-02-04 13:10 8192 -c----w- c:\windows\system32\dllcache\asferror.dll
2010-08-28 13:17 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-08-28 13:17 . 2008-04-13 20:06 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2010-08-28 12:54 . 2010-08-30 16:26 26608 ----a-w- c:\dokumente und einstellungen\Ralf Sievert\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-08-28 12:54 . 2010-08-28 12:54 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü
2010-08-28 12:53 . 2010-08-30 14:32 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-08-28 12:41 . 2008-04-14 05:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-08-28 12:38 . 2010-08-28 12:38 -------- d-----w- c:\windows\ServicePackFiles
2010-08-28 12:31 . 2010-08-28 13:05 -------- d-----w- c:\windows\EHome
2010-08-28 11:33 . 2010-08-28 13:21 -------- d-----w- c:\windows\system32\bits
2010-08-28 11:32 . 2009-01-07 16:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-08-28 11:32 . 2010-08-31 06:03 -------- d--h--w- c:\windows\$hf_mig$
2010-08-28 11:31 . 2008-04-14 05:52 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-08-28 11:31 . 2008-04-14 05:52 8192 ------w- c:\windows\system32\bitsprx2.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 12:05 . 2010-08-25 14:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-31 06:01 . 2003-04-02 12:00 84524 ----a-w- c:\windows\system32\perfc007.dat
2010-08-31 06:01 . 2003-04-02 12:00 459152 ----a-w- c:\windows\system32\perfh007.dat
2010-08-31 04:44 . 2010-08-29 17:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Netzmanager
2010-08-30 20:53 . 2010-08-29 17:35 -------- d-----w- c:\programme\Netzmanager
2010-08-29 17:36 . 2010-08-29 17:35 -------- dc-h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
2010-08-29 07:54 . 2010-08-25 13:11 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-08-29 07:53 . 2010-08-25 13:11 -------- d-----w- c:\programme\Java
2010-08-28 16:16 . 2010-08-25 13:36 45056 ----a-r- c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\Vs.exe1_A381C835942E4780BD7035411F5E9C00.exe
2010-08-28 16:16 . 2010-08-25 13:36 45056 ----a-r- c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\Vs.exe_A381C835942E4780BD7035411F5E9C00.exe
2010-08-28 16:16 . 2010-08-25 13:36 10134 ----a-r- c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Microsoft\Installer\{A381C835-942E-4780-BD70-35411F5E9C00}\ARPPRODUCTICON.exe
2010-08-28 13:24 . 2010-08-25 13:08 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-08-25 14:37 . 2010-08-25 14:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Innovative Solutions
2010-08-25 14:37 . 2010-08-25 14:37 -------- d-----w- c:\programme\Innovative Solutions
2010-08-25 14:35 . 2010-08-25 14:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-25 14:25 . 2010-08-25 14:25 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-25 13:48 . 2010-08-25 13:48 -------- d-----w- c:\programme\Vstep
2010-08-25 13:33 . 2010-08-25 13:33 -------- d-----w- c:\programme\directx
2010-08-25 13:29 . 2010-08-25 13:27 -------- d-----w- c:\programme\Microsoft Works
2010-08-25 13:13 . 2010-08-25 13:13 -------- d-----w- c:\programme\microsoft frontpage
2010-08-25 13:10 . 2010-08-25 13:10 -------- d-----w- c:\programme\Common Files
2010-08-25 13:08 . 2010-08-25 13:08 -------- d-----w- c:\programme\Online-Dienste
2010-08-25 13:07 . 2010-08-25 13:07 -------- d-----w- c:\programme\Gemeinsame Dateien\Dienste
2010-08-25 13:06 . 2010-08-25 13:06 21740 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-21 14:30 . 2010-07-21 14:30 73000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-06 13:53 . 2010-07-06 13:53 5080112 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\T-Online\T-Online_Software_6\Basis-Software\update\filedistribution\netzmanager_setup.exe
2010-06-30 12:28 . 2003-04-02 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-01-21 16:24 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2003-04-02 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-04-02 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-04-02 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-08-25 13:07 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-04-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2007-10-04 81920]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2006-12-28 1454080]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-07-21 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\Ralf Sievert\Startmen\Programme\Autostart\
Netzmanager.lnk - c:\programme\Netzmanager\netzmanager.exe [2010-3-22 1540096]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [28.08.2010 15:55 135336]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [25.08.2010 16:45 76117]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [28.08.2010 16:39 61440]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [22.03.2010 16:40 9728]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [25.08.2010 16:48 32631]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [25.08.2010 16:49 10005]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [25.08.2010 18:24 265088]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [25.08.2010 16:50 469935]
R3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [28.08.2010 16:39 17280]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [25.08.2010 18:24 4352]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [28.08.2010 16:39 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [28.08.2010 16:39 17536]
.
Inhalt des "geplante Tasks" Ordners
2010-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\dokumente und einstellungen\Ralf Sievert\Anwendungsdaten\Mozilla\Firefox\Profiles\iiullpnz.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-DriverMax - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
HKLM-Run-nwiz - nwiz.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-01 20:55
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'explorer.exe'(544)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-09-01 20:59:22
ComboFix-quarantined-files.txt 2010-09-01 18:59
Vor Suchlauf: 6 Verzeichnis(se), 55.495.671.808 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 55.522.258.944 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 56D330C550F71007353CA969341DFE93
|
|
02.09.2010, 09:45
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerwarnung nach XP Neuinstallation Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ --> Trojanerwarnung nach XP Neuinstallation |
|
02.09.2010, 14:04
| #22 |
| | Trojanerwarnung nach XP Neuinstallation Hallo, hier kommt erst mal die GMER log: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-02 14:42:57
Windows 5.1.2600 Service Pack 3
Running: dsmxs0qz.exe; Driver: C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\kwtyraoc.sys
---- System - GMER 1.0.15 ----
SSDT F8BCC466 ZwCreateKey
SSDT F8BCC45C ZwCreateThread
SSDT F8BCC46B ZwDeleteKey
SSDT F8BCC475 ZwDeleteValueKey
SSDT F8BCC47A ZwLoadKey
SSDT F8BCC448 ZwOpenProcess
SSDT F8BCC44D ZwOpenThread
SSDT F8BCC484 ZwReplaceKey
SSDT F8BCC47F ZwRestoreKey
SSDT F8BCC470 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7B1C360, 0x307F47, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Report of OSAM: Autorun Manager v5.0.11926.0</title> <style type="text/css"> body { margin : 10px 10px 10px 20px; color : #000000; background-color : #fffbf0; font : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif; scrollbar-3dlight-color : #fffbf0; scrollbar-arrow-color : #000000; scrollbar-darkshadow-color: #000000; scrollbar-face-color : #fffbf0; scrollbar-highlight-color : #000000; scrollbar-shadow-color : #fffbf0; scrollbar-track-color : #fffbf0; } a:link { color: #e15616; } a:visited { color: #e15616; } a:hover { color: #e4743f; } a:active { color: #e4743f; } .header1 { font-size : 115%; font-weight: bold; margin-left: 0px; } table { border-collapse: collapse; border : 1px solid #000000; cellpadding : 0; cellspacing : 0; width : 90%; } td,th { font-size : 12px; color : #000000; background : #fffbf0; border : 1px solid #000000; text-align : left; vertical-align: top; padding : 2px 4px 2px 4px; } .cap { font-weight: bold; font-size : 10pt; padding : 2px 4px 2px 4px; border : 1px solid #000000; } .group { font-weight: bold; font-size : 10pt; padding : 2px 4px 2px 4px; text-align : center; } .reg { font-weight: bold; font-size : 10pt; border : 0px none; padding : 2px 4px 2px 4px; } .notfound { background-color: #B3DDFF; } .blocked { background-color: #FF96EB; } .nodetails { background-color: #FFFF75; } .trusted { background-color: #C8FFC8; } .rootkit { background-color: #FF8696; } td.rs { text-align: center; vertical-align: center; font-family: courier; } td.rs.rm { background: #F90424; title: "Malware"; } td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; } td.rs.rw { background: #F90424; title: "Unwanted"; } td.rs.rs { background: #F90424; title: "Suspicious"; } td.rs.rt { background: #21F411; title: "Trusted"; } td.rs.rc { background: #21F411; title: "Checked"; } td.rs.ry { background: #21F411; title: "Up-to-You"; } td.rs.rr { background: #F6EB13; title: "Riskware"; } td.rs.ru { background: #D4D0C8; title: "Unknown"; } td.rs.rn { background: #FFFFFF; title: "Not checked"; } </style> </head> <body> <p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br> <a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br> Saved at 14:58:44 on 02.09.2010</p> <b>OS</b>: Windows XP Home Edition Service Pack 3 (Build 2600)<br> <b>Default Browser</b>: Mozilla Corporation Firefox 3.6.8<br> <br><b>Scanner Settings</b><br> <input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br> <input type="checkbox" disabled checked>Rootkits detection (hidden files)<br> <input type="checkbox" disabled checked>Retrieve files information<br> <input type="checkbox" disabled checked>Check Microsoft signatures<br> <br><b>Filters</b><br> <input type="checkbox" disabled>Trusted entries<br> <input type="checkbox" disabled>Empty entries<br> <input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br> <input type="checkbox" disabled checked>Exclusively opened files<br> <input type="checkbox" disabled checked>Not found files<br> <input type="checkbox" disabled checked>Files without detailed information<br> <input type="checkbox" disabled checked>Existing files<br> <input type="checkbox" disabled>Non-startable services<br> <input type="checkbox" disabled>Non-startable drivers<br> <input type="checkbox" disabled checked>Active entries<br> <input type="checkbox" disabled checked>Disabled entries<br> <br> <table border="1" cellpadding="0" cellspacing="0"> <tr> <th class="cap" width="20"> </th> <th class="cap">Risk</th> <th class="cap">Name</th> <th class="cap">Publisher</th> <th class="cap">Full Path</th> <th class="cap">Status</th> </tr> <tr> <td class="group" colspan="6">Common</td> </tr> <tr> <td class="reg" colspan="6">%SystemRoot%\Tasks</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"AppleSoftwareUpdate.job"</td> <td>"Apple Inc."</td> <td>C:\Programme\Apple Software Update\SoftwareUpdate.exe</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Control Panel Objects</td> </tr> <tr> <td class="reg" colspan="6">%SystemRoot%\system32</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"infocardcpl.cpl"</td> <td>"Microsoft Corporation"</td> <td>C:\WINDOWS\system32\infocardcpl.cpl</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"javacpl.cpl"</td> <td>"Sun Microsystems, Inc."</td> <td>C:\WINDOWS\system32\javacpl.cpl</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Avira AntiVir Personal"</td> <td>"Avira GmbH"</td> <td>C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"QuickTime"</td> <td>"Apple Inc."</td> <td>C:\Programme\QuickTime\QTSystem\QuickTime.cpl</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Drivers</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avgio" (avgio)</td> <td>"Avira GmbH"</td> <td>C:\Programme\Avira\AntiVir Desktop\avgio.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avgntflt" (avgntflt)</td> <td>"Avira GmbH"</td> <td>C:\WINDOWS\System32\DRIVERS\avgntflt.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avipbb" (avipbb)</td> <td>"Avira GmbH"</td> <td>C:\WINDOWS\System32\DRIVERS\avipbb.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"AVM Eject" (avmeject)</td> <td>"AVM Berlin"</td> <td>C:\WINDOWS\System32\drivers\avmeject.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"catchme" (catchme)</td> <td class="notfound"></td> <td class="notfound">C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\catchme.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"Changer" (Changer)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\Changer.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"i2omgmt" (i2omgmt)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\i2omgmt.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="rootkit"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="rootkit">"kwtyraoc" (kwtyraoc)</td> <td class="rootkit"></td> <td class="rootkit">C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\kwtyraoc.sys</td> <td class="rootkit">Hidden registry entry, rootkit activity | File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"lbrtfdc" (lbrtfdc)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\lbrtfdc.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"MACNDIS5 NDIS Protocol Driver" (MACNDIS5)</td> <td>"Marmiko IT-Solutions GmbH"</td> <td>C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"MIINPazX NDIS Protocol Driver" (MIINPazX)</td> <td>"Deutsche Telekom AG, Marmiko IT-Solutions GmbH"</td> <td>C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX)</td> <td>"Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH"</td> <td>C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"PCIDump" (PCIDump)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\PCIDump.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"PDCOMP" (PDCOMP)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\PDCOMP.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"PDFRAME" (PDFRAME)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\PDFRAME.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"PDRELI" (PDRELI)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\PDRELI.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"PDRFRAME" (PDRFRAME)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\PDRFRAME.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"ssmdrv" (ssmdrv)</td> <td>"Avira GmbH"</td> <td>C:\WINDOWS\System32\DRIVERS\ssmdrv.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"WDICA" (WDICA)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\system32\drivers\WDICA.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="group" colspan="6">Explorer</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath"</td> <td>"Microsoft Corporation"</td> <td>c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"</td> <td>"Adobe Systems, Inc."</td> <td>C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Filter</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td> <td>"Microsoft Corporation"</td> <td>C:\WINDOWS\system32\mscoree.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td> <td>"Microsoft Corporation"</td> <td>C:\WINDOWS\system32\mscoree.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1"</td> <td>"Microsoft Corporation"</td> <td>C:\WINDOWS\system32\mscoree.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA} "Burn4Freecontext menu"</td> <td>"Ikysasoft s.r.l. uninominale"</td> <td>C:\WINDOWS\system32\B4FM.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung"</td> <td class="notfound"></td> <td class="notfound">deskpan.dll</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache"</td> <td>"Microsoft Corporation"</td> <td>c:\WINDOWS\system32\mscoree.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes"</td> <td>"Apple Inc."</td> <td>C:\Programme\iTunes\iTunesMiniPlayer.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{32683183-48a0-441b-a342-7c2a440a9478} "Media Band"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"</td> <td>"Avira GmbH"</td> <td>C:\Programme\Avira\AntiVir Desktop\shlext.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References"</td> <td>"Microsoft Corporation"</td> <td>c:\WINDOWS\system32\dfshim.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References"</td> <td>"Microsoft Corporation"</td> <td>c:\WINDOWS\system32\dfshim.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR"</td> <td>"Alexander Roshal"</td> <td>C:\Programme\WinRAR\rarext.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{E0D79304-84BE-11CE-9641-444553540000} "WinZip"</td> <td>"WinZip Computing, Inc."</td> <td>C:\PROGRA~1\WinZip\WZSHLSTB.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{E0D79305-84BE-11CE-9641-444553540000} "WinZip"</td> <td>"WinZip Computing, Inc."</td> <td>C:\PROGRA~1\WinZip\WZSHLSTB.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{E0D79306-84BE-11CE-9641-444553540000} "WinZip"</td> <td>"WinZip Computing, Inc."</td> <td>C:\PROGRA~1\WinZip\WZSHLSTB.DLL</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Internet Explorer</td> </tr> <tr> <td class="reg" colspan="6">HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">ITBar7Height "ITBar7Height"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound"><binary data> "ITBar7Layout"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound"><binary data> "ITBarLayout"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} "Java Plug-in 1.4.2_03"<br>hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab</td> <td>"JavaSoft / Sun Microsystems, Inc."</td> <td>C:\Programme\Java\j2re1.4.2_03\bin\npjpi142_03.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\bin\npjpi160_20.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\bin\npjpi160_20.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\bin\npjpi160_20.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper"</td> <td>"Adobe Systems Incorporated"</td> <td>C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\bin\jp2ssv.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class"</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Logon</td> </tr> <tr> <td class="reg" colspan="6">%AllUsersProfile%\Startmenü\Programme\Autostart</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"desktop.ini"</td> <td></td> <td>C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">%UserProfile%\Startmenü\Programme\Autostart</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"desktop.ini"</td> <td></td> <td>C:\Dokumente und Einstellungen\Ralf Sievert\Startmenü\Programme\Autostart\desktop.ini</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Netzmanager.lnk"</td> <td>"Deutsche Telekom AG"</td> <td>C:\Programme\Netzmanager\netzmanager.exe</td> <td>Shortcut exists | File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Adobe ARM"</td> <td>"Adobe Systems Incorporated"</td> <td>"C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Adobe Reader Speed Launcher"</td> <td>"Adobe Systems Incorporated"</td> <td>"C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avgnt"</td> <td>"Avira GmbH"</td> <td>"C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"AVMWlanClient"</td> <td>"AVM Berlin"</td> <td>C:\Programme\avmwlanstick\wlangui.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"iTunesHelper"</td> <td>"Apple Inc."</td> <td>"C:\Programme\iTunes\iTunesHelper.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"QuickTime Task"</td> <td>"Apple Inc."</td> <td>"C:\Programme\QuickTime\QTTask.exe" -atboottime</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"SunJavaUpdateSched"</td> <td>"Sun Microsystems, Inc."</td> <td>"C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Services</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32)</td> <td>"Microsoft Corporation"</td> <td>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"Anwendungsverwaltung" (AppMgmt)</td> <td class="notfound"></td> <td class="notfound">C:\WINDOWS\System32\appmgmts.dll</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Apple Mobile Device" (Apple Mobile Device)</td> <td>"Apple Inc."</td> <td>C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"ASP.NET State Service" (aspnet_state)</td> <td>"Microsoft Corporation"</td> <td>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Avira AntiVir Guard" (AntiVirService)</td> <td>"Avira GmbH"</td> <td>C:\Programme\Avira\AntiVir Desktop\avguard.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Avira AntiVir Planer" (AntiVirSchedulerService)</td> <td>"Avira GmbH"</td> <td>C:\Programme\Avira\AntiVir Desktop\sched.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"AVM WLAN Connection Service" (AVM WLAN Connection Service)</td> <td>"AVM Berlin"</td> <td>C:\Programme\avmwlanstick\WlanNetService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Dienst "Bonjour"" (Bonjour Service)</td> <td>"Apple Inc."</td> <td>C:\Programme\Bonjour\mDNSResponder.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"iPod-Dienst" (iPod Service)</td> <td>"Apple Inc."</td> <td>C:\Programme\iPod\bin\iPodService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Java Quick Starter" (JavaQuickStarterService)</td> <td>"Sun Microsystems, Inc."</td> <td>C:\Programme\Java\jre6\bin\jqs.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ru"> </td> <td>"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service)</td> <td>"Deutsche Telekom AG"</td> <td>C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl)</td> <td>"Deutsche Telekom AG, Marmiko IT-Solutions GmbH"</td> <td>C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Windows CardSpace" (idsvc)</td> <td>"Microsoft Corporation"</td> <td>C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0)</td> <td>"Microsoft Corporation"</td> <td>c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Winlogon</td> </tr> <tr> <td class="reg" colspan="6">HKCU\Control Panel\IOProcs</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"MVB"</td> <td class="notfound"></td> <td class="notfound">mvfs32.dll</td> <td class="notfound">File not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation"</td> <td class="notfound"></td> <td class="notfound">appmgmts.dll</td> <td class="notfound">File not found</td> </tr> <tr> <td class="group" colspan="6">Winsock Providers</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"mdnsNSP"</td> <td>"Apple Inc."</td> <td>C:\Programme\Bonjour\mdnsNSP.dll</td> <td>File exists</td> </tr> </table> <p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p> </body></html> |
|
02.09.2010, 14:10
| #23 |
| | Trojanerwarnung nach XP Neuinstallation ...und das sollte das bootkit log sein: Code:
ATTFilter .\debug.cpp(238) : Debug log started at 02.09.2010 - 13:06:03
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.0
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x00217380 "\WINDOWS\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x806ef000 0x00020300 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xf8a35000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xf8945000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xf84e5000 0x0002f000 "ACPI.sys"
.\debug.cpp(256) : 0xf8a37000 0x00002000 "\WINDOWS\System32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xf84d4000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xf8535000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xf8afd000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xf87b5000 0x00007000 "\WINDOWS\System32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xf8a39000 0x00002000 "intelide.sys"
.\debug.cpp(256) : 0xf8545000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xf84b5000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xf87bd000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xf8555000 0x0000e000 "VolSnap.sys"
.\debug.cpp(256) : 0xf849d000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xf8565000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xf8575000 0x0000d000 "\WINDOWS\System32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xf847d000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xf846b000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xf8454000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xf83c7000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xf839a000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xf8380000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xf8585000 0x0000b000 "agp440.sys"
.\debug.cpp(256) : 0xf8725000 0x0000a000 "\SystemRoot\System32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0xf7b1c000 0x0068a000 "\SystemRoot\System32\DRIVERS\nv4_mini.sys"
.\debug.cpp(256) : 0xf7b08000 0x00014000 "\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xf882d000 0x00006000 "\SystemRoot\System32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0xf7ae4000 0x00024000 "\SystemRoot\System32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xf8835000 0x00008000 "\SystemRoot\System32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xf7a79000 0x0006b000 "\SystemRoot\System32\DRIVERS\IntelH51.sys"
.\debug.cpp(256) : 0xf883d000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xf7a67000 0x00012000 "\SystemRoot\system32\drivers\wf2kvcap.sys"
.\debug.cpp(256) : 0xf8735000 0x0000d000 "\SystemRoot\system32\drivers\STREAM.SYS"
.\debug.cpp(256) : 0xf7a44000 0x00023000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0xf7a33000 0x00011000 "\SystemRoot\System32\DRIVERS\Rtlnic51.sys"
.\debug.cpp(256) : 0xf7a1f000 0x00014000 "\SystemRoot\System32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xf8745000 0x00010000 "\SystemRoot\System32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xf89e1000 0x00004000 "\SystemRoot\System32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xf8755000 0x0000d000 "\SystemRoot\System32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xf8845000 0x00007000 "\SystemRoot\System32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xf884d000 0x00006000 "\SystemRoot\System32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xf8765000 0x0000b000 "\SystemRoot\System32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xf8775000 0x00010000 "\SystemRoot\System32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xf8785000 0x0000f000 "\SystemRoot\System32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xf8855000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xf796c000 0x000b3000 "\SystemRoot\system32\drivers\ALCXWDM.SYS"
.\debug.cpp(256) : 0xf7948000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xf8795000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xf8c33000 0x00001000 "\SystemRoot\System32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xf87a5000 0x0000d000 "\SystemRoot\System32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xf89e9000 0x00003000 "\SystemRoot\System32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xf7931000 0x00017000 "\SystemRoot\System32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xf85b5000 0x0000b000 "\SystemRoot\System32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xf85c5000 0x0000c000 "\SystemRoot\System32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xf885d000 0x00005000 "\SystemRoot\System32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xf7920000 0x00011000 "\SystemRoot\System32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xf85d5000 0x00009000 "\SystemRoot\System32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xf8865000 0x00005000 "\SystemRoot\System32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xf886d000 0x00005000 "\SystemRoot\System32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xf8605000 0x0000a000 "\SystemRoot\System32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xf8a57000 0x00002000 "\SystemRoot\System32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xf7822000 0x0005e000 "\SystemRoot\System32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xf89f9000 0x00004000 "\SystemRoot\System32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xf8625000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xf8635000 0x0000f000 "\SystemRoot\System32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xf8a59000 0x00002000 "\SystemRoot\System32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xf81eb000 0x00004000 "\SystemRoot\system32\drivers\MODEMCSA.sys"
.\debug.cpp(256) : 0xf8885000 0x00008000 "\SystemRoot\system32\drivers\wf2ktunr.sys"
.\debug.cpp(256) : 0xf81e7000 0x00003000 "\SystemRoot\system32\drivers\wf2kxbar.sys"
.\debug.cpp(256) : 0xf8a5b000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xf8ba7000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xf8a5d000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xf88a5000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xf8a5f000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xf8a61000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xf88ad000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xf88b5000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xf81d7000 0x00003000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xf669f000 0x00013000 "\SystemRoot\System32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xf6646000 0x00059000 "\SystemRoot\System32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xf661e000 0x00028000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xf65fc000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xf8645000 0x00009000 "\SystemRoot\System32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xf88bd000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0xf65d1000 0x0002b000 "\SystemRoot\System32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xf6561000 0x00070000 "\SystemRoot\System32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xf8665000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xf653b000 0x00026000 "\SystemRoot\System32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xf8675000 0x00009000 "\SystemRoot\System32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xf64f1000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0xf8a67000 0x00002000 "\??\C:\Programme\Avira\AntiVir Desktop\avgio.sys"
.\debug.cpp(256) : 0xf86c5000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xf64b0000 0x00041000 "\SystemRoot\System32\DRIVERS\fwlanusb.sys"
.\debug.cpp(256) : 0xf6498000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xf8a79000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c5000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xf66f6000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xf88dd000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xf8c61000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x00584000 "\SystemRoot\System32\nv4_disp.dll"
.\debug.cpp(256) : 0xbffa0000 0x00046000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xba6d3000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0xba44e000 0x0002d000 "\SystemRoot\System32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xba349000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xba50b000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xf8a75000 0x00002000 "\SystemRoot\System32\Drivers\ParVdm.SYS"
.\debug.cpp(256) : 0xba01a000 0x00057000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xb9310000 0x00041000 "\SystemRoot\System32\Drivers\HTTP.sys"
.\debug.cpp(256) : 0xf87dd000 0x00005000 "\??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS"
.\debug.cpp(256) : 0xb7ac8000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0xb7a86000 0x00017000 "\??\C:\DOKUME~1\RALFSI~1\LOKALE~1\Temp\kwtyraoc.sys"
.\debug.cpp(256) : 0xb790b000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c910000 0x000b9000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a3cbbf11-b052-11df-a5b3-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_80951043&REV_02#3&61aaa01&0&FD#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_80951043&REV_02#3&61aaa01&0&FD#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{71985f4a-1ca1-11d3-9cc8-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000003d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F5211853-3E59-44C9-9CDC-E19D33122623}"
.\debug.cpp(400) : Destination "\Device\{F5211853-3E59-44C9-9CDC-E19D33122623}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_80B31043&REV_10#4&3b90381f&0&68F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0013"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_15_Model_2#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\0000003c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgio"
.\debug.cpp(400) : Destination "\Device\avgio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&19b0fc9&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&11858842&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CF149422-4C7D-4084-A39A-0834D5F4FAFC}"
.\debug.cpp(400) : Destination "\Device\{CF149422-4C7D-4084-A39A-0834D5F4FAFC}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{35CBA67C-AA5B-4D47-B3BC-515831D796D7}"
.\debug.cpp(400) : Destination "\Device\{35CBA67C-AA5B-4D47-B3BC-515831D796D7}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination "\Device\ParallelVdm0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_057c&Pid_6201#001A4F9D0DDE#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&19788b67&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{fd0a5af4-b41d-11d2-9c95-00c04f7971e0}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C2AE5707-236A-41FD-9574-FD59A556C6F1}"
.\debug.cpp(400) : Destination "\Device\{C2AE5707-236A-41FD-9574-FD59A556C6F1}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskSAMSUNG_SP0802N_________________________TK100-24#30534a30324a5830383432353237202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{932919AB-46ED-461C-8829-08F8BA8808D6}"
.\debug.cpp(400) : Destination "\Device\{932919AB-46ED-461C-8829-08F8BA8808D6}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination "\FileSystem\Filters\avgntflt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&Signature63280014Offset2738A00Length12A14C0000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C7&SUBSYS_80891043&REV_02#3&61aaa01&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\??\PCI#VEN_1813&DEV_4000&SUBSYS_00000000&REV_02#4&3b90381f&0&48F0#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{756A8791-09FA-47DD-87E8-75AC054A1A12}"
.\debug.cpp(400) : Destination "\Device\{756A8791-09FA-47DD-87E8-75AC054A1A12}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2ae46918&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C2&SUBSYS_80891043&REV_02#3&61aaa01&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kwtyraoc"
.\debug.cpp(400) : Destination "\Device\kwtyraoc"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_057c&Pid_6201#001A4F9D0DDE#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000031"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000030"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{a3cbbf12-b052-11df-a5b3-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22NP20_______________1.02____#5&e088e23&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Stream#ltxbar.boardmux#5&3b3a583f&0&1#{a799a801-a46d-11d0-a18c-00a02401dcd4}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_109E&DEV_036E&SUBSYS_6606107D&REV_11#4&3b90381f&0&58F0#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BC9D6B68-88C9-4C74-AEA2-12FA59D80A34}"
.\debug.cpp(400) : Destination "\Device\{BC9D6B68-88C9-4C74-AEA2-12FA59D80A34}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9D2720CE-BEC9-4C52-A9B4-80587CCCF184}"
.\debug.cpp(400) : Destination "\Device\{9D2720CE-BEC9-4C52-A9B4-80587CCCF184}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3250fa59&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Intel V92 HaM Data Fax Voice"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Stream#lttuner.philips#5&3b3a583f&0&0#{a799a800-a46d-11d0-a18c-00a02401dcd4}"
.\debug.cpp(400) : Destination "\Device\00000064"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1813&DEV_4000&SUBSYS_00000000&REV_02#4&3b90381f&0&48F0#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{07dad660-22f1-11d1-a9f4-00c04fbbde8f}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22NP20_______________1.02____#5&e088e23&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\00000053"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F485D262-0D08-4DF2-ACC4-ECCDA00C3ADA}"
.\debug.cpp(400) : Destination "\Device\{F485D262-0D08-4DF2-ACC4-ECCDA00C3ADA}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination "\Device\ssmctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#4&2a083901&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TIWLNUSB"
.\debug.cpp(400) : Destination "\Device\TIWLNUSB"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_80951043&REV_02#3&61aaa01&0&FD#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MACNDIS5"
.\debug.cpp(400) : Destination "\Device\MACNDIS5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C4&SUBSYS_80891043&REV_02#3&61aaa01&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#4&2a083901&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000055"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000002f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NdisWanBh"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVD-RAM_GH22NP20_______________1.02____#5&e088e23&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_109E&DEV_036E&SUBSYS_6606107D&REV_11#4&3b90381f&0&58F0#{a799a802-a46d-11d0-a18c-00a02401dcd4}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1813&DEV_4000&SUBSYS_00000000&REV_02#4&3b90381f&0&48F0#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0010"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24CD&SUBSYS_80891043&REV_02#3&61aaa01&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A30B8BEC-FC54-44E3-A3B8-820F41D2C929}"
.\debug.cpp(400) : Destination "\Device\{A30B8BEC-FC54-44E3-A3B8-820F41D2C929}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&2a083901&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000054"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_24C5&SUBSYS_80951043&REV_02#3&61aaa01&0&FD#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_109E&DEV_036E&SUBSYS_6606107D&REV_11#4&3b90381f&0&58F0#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination "\Device\avipbb"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_0323&SUBSYS_5834107D&REV_A1#4&3839c141&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0014"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`02738a00
.\boot_cleaner.cpp(276) : Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf
.\boot_cleaner.cpp(1060) :
.\boot_cleaner.cpp(1061) : Size Device Name MBR Status
.\boot_cleaner.cpp(1062) : --------------------------------------------
.\boot_cleaner.cpp(1106) : 74 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1112) :
.\boot_cleaner.cpp(1118) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1120) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1121) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1125) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1126) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1129) :
.\boot_cleaner.cpp(1151) : Done;
Ralf |
|
02.09.2010, 18:34
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerwarnung nach XP Neuinstallation Einen Gegencheck brauch ich noch: Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.09.2010, 06:57
| #25 |
| | Trojanerwarnung nach XP Neuinstallation Guten Morgen, hier kommt das MBR check log: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000014
Kernel Drivers (total 116):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8A35000 \WINDOWS\system32\KDCOM.DLL
0xF8945000 \WINDOWS\system32\BOOTVID.dll
0xF84E5000 ACPI.sys
0xF8A37000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF84D4000 pci.sys
0xF8535000 isapnp.sys
0xF8AFD000 pciide.sys
0xF87B5000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8A39000 intelide.sys
0xF8545000 MountMgr.sys
0xF84B5000 ftdisk.sys
0xF87BD000 PartMgr.sys
0xF8555000 VolSnap.sys
0xF849D000 atapi.sys
0xF8565000 disk.sys
0xF8575000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF847D000 fltmgr.sys
0xF846B000 sr.sys
0xF8454000 KSecDD.sys
0xF83C7000 Ntfs.sys
0xF839A000 NDIS.sys
0xF8380000 Mup.sys
0xF8585000 agp440.sys
0xF86D5000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7786000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF7751000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8835000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF772D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF883D000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF76C2000 \SystemRoot\System32\DRIVERS\IntelH51.sys
0xF8845000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76B0000 \SystemRoot\system32\drivers\wf2kvcap.sys
0xF86E5000 \SystemRoot\system32\drivers\STREAM.SYS
0xF768D000 \SystemRoot\system32\drivers\ks.sys
0xF767C000 \SystemRoot\System32\DRIVERS\Rtlnic51.sys
0xF7668000 \SystemRoot\System32\DRIVERS\parport.sys
0xF86F5000 \SystemRoot\System32\DRIVERS\serial.sys
0xF89E1000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF8705000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF884D000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8855000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8715000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8725000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8735000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF885D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF75B5000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF7591000 \SystemRoot\system32\drivers\portcls.sys
0xF8745000 \SystemRoot\system32\drivers\drmk.sys
0xF8C3C000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8755000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF89E9000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF757A000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8765000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8775000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8865000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7569000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8785000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF886D000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8875000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF85B5000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8A5B000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF746B000 \SystemRoot\System32\DRIVERS\update.sys
0xF89F9000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF85D5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF85E5000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A5D000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7E30000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF888D000 \SystemRoot\system32\drivers\wf2ktunr.sys
0xF7E2C000 \SystemRoot\system32\drivers\wf2kxbar.sys
0xF8A5F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8BB5000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A61000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88AD000 \SystemRoot\System32\drivers\vga.sys
0xF8A63000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A65000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88B5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88BD000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7E1C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF62E8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF628F000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF6267000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF6245000 \SystemRoot\System32\drivers\afd.sys
0xF85F5000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF88C5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF621A000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF61AA000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8615000 \SystemRoot\System32\Drivers\Fips.SYS
0xF615C000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8625000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF613A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF8A6B000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF8675000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF60F9000 \SystemRoot\System32\DRIVERS\fwlanusb.sys
0xF60E1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A7D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF633F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88ED000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C43000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA6D3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xBA3AE000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xBA349000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA4F3000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8A8D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB9F54000 \SystemRoot\System32\DRIVERS\srv.sys
0xB9157000 \SystemRoot\System32\Drivers\HTTP.sys
0xF880D000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA75C000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF87E5000 \??\C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
0xB8BA4000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 40):
0 System Idle Process
4 System
492 C:\WINDOWS\system32\smss.exe
568 csrss.exe
596 C:\WINDOWS\system32\winlogon.exe
776 C:\WINDOWS\system32\services.exe
788 C:\WINDOWS\system32\lsass.exe
948 C:\WINDOWS\system32\svchost.exe
1004 svchost.exe
1044 C:\WINDOWS\system32\svchost.exe
1100 svchost.exe
1180 svchost.exe
1340 C:\WINDOWS\explorer.exe
1364 C:\WINDOWS\system32\spoolsv.exe
1452 C:\Programme\Avira\AntiVir Desktop\sched.exe
1492 svchost.exe
1676 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
1696 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1704 C:\WINDOWS\system32\rundll32.exe
1712 C:\WINDOWS\SOUNDMAN.EXE
1724 C:\Programme\avmwlanstick\WLanGUI.exe
1744 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1772 C:\Programme\avmwlanstick\WLanNetService.exe
1796 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
1828 C:\Programme\iTunes\iTunesHelper.exe
1856 C:\Programme\Bonjour\mDNSResponder.exe
1888 C:\Programme\Netzmanager\netzmanager.exe
1912 C:\Programme\Java\jre6\bin\jqs.exe
1924 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
1960 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
1980 C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
272 C:\WINDOWS\system32\nvsvc32.exe
2052 wmiprvse.exe
2884 C:\WINDOWS\system32\wscntfy.exe
3428 C:\Programme\iPod\bin\iPodService.exe
3624 C:\WINDOWS\system32\wbem\wmiapsrv.exe
3776 alg.exe
3168 PresentationFontCache.exe
3732 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe
676 C:\Dokumente und Einstellungen\Ralf Sievert\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGSP0802N, Rev: TK100-24
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
|
|
03.09.2010, 10:31
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerwarnung nach XP Neuinstallation Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.09.2010, 14:38
| #27 |
| | Trojanerwarnung nach XP Neuinstallation Hallo, hier kommen die gewünschten logs: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4534
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
03.09.2010 13:37:35
mbam-log-2010-09-03 (13-37-35).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 197467
Laufzeit: 1 Stunde(n), 28 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 09/03/2010 at 02:37 PM
Application Version : 4.42.1000
Core Rules Database Version : 5449
Trace Rules Database Version: 3261
Scan type : Complete Scan
Total Scan Time : 00:57:50
Memory items scanned : 557
Memory threats detected : 0
Registry items scanned : 5701
Registry threats detected : 0
File items scanned : 26428
File threats detected : 2
Trojan.Agent/Gen-Deskryp
C:\_OTL\MOVEDFILES\09012010_161757\C_DOKUMENTE UND EINSTELLUNGEN\RALF SIEVERT\LOKALE EINSTELLUNGEN\TEMP\GVL.EXE
C:\_OTL\MOVEDFILES\09012010_161757\C_WINDOWS\GPIRIA.EXE
|
|
03.09.2010, 17:13
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerwarnung nach XP Neuinstallation Kannst alle Funde entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.09.2010, 19:05
| #29 |
| |  Trojanerwarnung nach XP Neuinstallation Hallo, war´s das jetzt? Muß sonst noch etwas gemacht werden und kann ich die Programme(GMER, Cofi usw.) wieder entfernen? Ich weiß, Fragen über Fragen.... Erst mal recht herzlichen Dank! Gruß Ralf |
|
03.09.2010, 19:23
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojanerwarnung nach XP Neuinstallation Nein, die Tools kannst Du drauflassen, die stören nicht und belasten auch nicht das System, da sie nur dann gestartet werden, wenn Du es manuell machst. Noch Probleme oder andere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojanerwarnung nach XP Neuinstallation |
| .dll, anti-malware, code, dateien, einstellungen, explorer, guten, handle, infizierte, infizierte dateien, lokale, malwarebytes, microsoft, morgen, neuinstallation, recht, services, software, system, system32, temp, trojan.fakealert, trojanerwarnung, version, win, win xp |
Linear-Darstellung
