| |
| |||||||
Log-Analyse und Auswertung: Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.??Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
23.10.2010, 19:14
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.10.2010, 14:22
| #2 |
 | Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? Ok, hier die gmer.log:
__________________Code:
ATTFilter GMER 1.0.15.15315 - hxxp://www.gmer.net
Rootkit scan 2010-10-24 14:39:38
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\fglyqkow.sys
---- System - GMER 1.0.15 ----
Code 85D71C4C ZwTraceEvent
Code 85D71C4B NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C458E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C653D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!NtTraceEvent 82C85A80 5 Bytes JMP 85D71C50
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91426000, 0x267978, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\usbhub \Device\00000077 hcmon.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\usbhub \Device\00000078 hcmon.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\usbhub \Device\00000079 hcmon.sys
Device \Driver\ACPI_HAL \Device\0000005c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbhub \Device\0000007a hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys
---- Threads - GMER 1.0.15 ----
Thread System [4:5144] A5846F2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x94 0xEC 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xF9 0x73 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5E 0xDE 0xF9 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x94 0xEC 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xF9 0x73 0x99 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5E 0xDE 0xF9 0x6E ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 49BF3103E51E64D25B491BF7B54FD4BB9A9913A8F1F680A9F90399A338D1F32F9D988644D752A668937E85B7B582E3535954609A7AECF72FB8A9A2259021BA6EEC09FDDD7C3E60BC9F860AEDF212A00D2AEC51F553C929BF36712E79602E60D01DFC75D8567102A12CFCF3DEC6917843A04FBB55CCC09ADD88B7BE370C6B2BA1E963BD6380C0AD4B3803026F20D20D339FEFEA77CAC60EF11BDFCC140B109591E1311BCD27C33BD4183E632880723080DF411E3F4316F1472A4F45EDEA98CD35665EC88C0D573739F356C1B97E4AEC306E3E8733432EEC8C48728743CA423605FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74C8EDD5E5BE2F6E667A6A0AC4980AC79335E3A597C058C6AB599F193C6DBFE768BB4A460E4E74770E04A905EEB9B829CFD37782DB89F0048E7B4DACDDA8FF7898EC3B74B10155D59985FE6BA4FB83EF02B897D82DE24AE055224C77C8692CA46F494CBDE412BC138514262FA111F76D4955C5DC54F17AEFCFE703B3AA1FACEC60C56F2816A782B86C3E747EFDBEC64BC0006ABD48D8F5843D6783C11A7F49E580B8CC60A9EDE956E8D16DEE07DDB855190B50282BE394C9D2B6CD402B8431900890DE1C69853C150B06A758768B51BEF526A0117AFD26A03AD5494811A3762F18
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 15:17:34 on 24.10.2010 OS: Windows 7 (Build 7600), 32-bit Default Browser: SRWare SRWare Iron 4.0.280.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\avgrsstx.dll [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - "O&O Software GmbH" - C:\Windows\system32\OODBS.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys "AVG Free AVI Loader Driver x86" (AvgLdx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgldx86.sys "AVG Free Network Redirector" (AvgTdiX) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgtdix.sys "AVG Free On-access Scanner Minifilter Driver x86" (AvgMfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgmfx86.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "GGSAFER Driver" (GGSAFERDriver) - ? - C:\Program Files\Garena\plugins\UI\safedrv.sys (File found, but it contains no detailed information) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "SbieDrv" (SbieDrv) - "tzuk" - C:\Program Files\Sandboxie\SbieDrv.sys "VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\Drivers\hcmon.sys "VMware kbd" (vmkbd) - "VMware, Inc." - C:\Windows\system32\drivers\VMkbd.sys "VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys "VMware VMparport" (VMparport) - "VMware, Inc." - C:\Windows\system32\Drivers\VMparport.sys "VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\Drivers\vmx86.sys "Vstor2 Virtual Storage Driver" (vstor2) - "VMware, Inc." - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys "Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - D:\VMware\VMware Workstation\vstor2-ws60.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgpp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? - (File not found | COM-object registry key not found) {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgse.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Plugin Control" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgssie.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - ? - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AVG9_TRAY" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~3\AVG\AVG9\avgtray.exe "CmiRemoveDir" - ? - C:\Windows\CMIRMR~1.EXE " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Acronis OS Selector Reinstall Service" (AcronisOSSReinstallSvc) - ? - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (File found, but it contains no detailed information) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "AVG Free WatchDog" (avg9wd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgwdsvc.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "LogMeIn Hamachi 2.0 Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - C:\Program Files\Hamachi\hamachi-2.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\Programme\OO Software\Defrag\oodag.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Sandboxie Service" (SbieSvc) - "tzuk" - C:\Program Files\Sandboxie\SbieSvc.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "VMware Agent Service" (ufad-ws60) - "VMware, Inc." - D:\VMware\VMware Workstation\vmware-ufad.exe "VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - D:\VMware\VMware Workstation\vmware-authd.exe "VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\Windows\system32\vmnetdhcp.exe "VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\Windows\system32\vmnat.exe "VMware Virtual Mount Manager Extended" (vmount2) - "VMware, Inc." - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe "wampapache" (wampapache) - "Apache Software Foundation" - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe "wampmysqld" (wampmysqld) - ? - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (File found, but it contains no detailed information) "webcamXP Service" (wxpSvc) - "Moonware Studios" - C:\Program Files\wLite\wService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Logical Drives Mask: 0x00000ffc
Kernel Drivers (total 170):
0x82C3A000 \SystemRoot\system32\ntoskrnl.exe
0x82C03000 \SystemRoot\system32\halmacpi.dll
0x80BB7000 \SystemRoot\system32\kdcom.dll
0x89432000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x894AA000 \SystemRoot\system32\PSHED.dll
0x894BB000 \SystemRoot\system32\BOOTVID.dll
0x894C3000 \SystemRoot\system32\CLFS.SYS
0x89505000 \SystemRoot\system32\CI.dll
0x895B0000 \SystemRoot\system32\drivers\Wdf01000.sys
0x89621000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8962F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x89677000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x89680000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x89688000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x89693000 \SystemRoot\system32\DRIVERS\pci.sys
0x896BD000 \SystemRoot\System32\drivers\partmgr.sys
0x896CE000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x896DE000 \SystemRoot\System32\drivers\volmgrx.sys
0x89729000 \SystemRoot\system32\DRIVERS\intelide.sys
0x89730000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8973E000 \SystemRoot\System32\drivers\mountmgr.sys
0x89754000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8975D000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x89780000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x89789000 \SystemRoot\system32\drivers\fltmgr.sys
0x897BD000 \SystemRoot\system32\drivers\fileinfo.sys
0x8981E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8994D000 \SystemRoot\System32\Drivers\msrpc.sys
0x89978000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8998B000 \SystemRoot\System32\Drivers\cng.sys
0x899E8000 \SystemRoot\System32\drivers\pcw.sys
0x899F6000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x899FF000 \SystemRoot\system32\drivers\ndis.sys
0x89AB6000 \SystemRoot\system32\drivers\NETIO.SYS
0x89AF4000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x89C02000 \SystemRoot\System32\drivers\tcpip.sys
0x89D4B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89D7C000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x89D85000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x89DC4000 \SystemRoot\System32\Drivers\spldr.sys
0x89DCC000 \SystemRoot\system32\DRIVERS\snapman.sys
0x89DE7000 \SystemRoot\System32\drivers\rdyboost.sys
0x89E14000 \SystemRoot\System32\Drivers\mup.sys
0x89E24000 \SystemRoot\System32\drivers\hwpolicy.sys
0x89E2C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89E5E000 \SystemRoot\system32\DRIVERS\disk.sys
0x89E6F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x89E94000 \SystemRoot\system32\DRIVERS\agp440.sys
0x89ED6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89EF5000 \SystemRoot\System32\Drivers\Null.SYS
0x89EFC000 \SystemRoot\System32\Drivers\Beep.SYS
0x89F03000 \SystemRoot\System32\drivers\vga.sys
0x89F0F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89F30000 \SystemRoot\System32\drivers\watchdog.sys
0x89F3D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x89F45000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89F4D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x89F55000 \SystemRoot\System32\Drivers\Msfs.SYS
0x89F60000 \SystemRoot\System32\Drivers\Npfs.SYS
0x89F6E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89F85000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89F90000 \SystemRoot\System32\Drivers\avgtdix.sys
0x89FCA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89B19000 \SystemRoot\system32\drivers\afd.sys
0x89B73000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x89B7A000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89B99000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89BA7000 \SystemRoot\system32\DRIVERS\serial.sys
0x89BC1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89BD4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90419000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9045A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90464000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9046E000 \SystemRoot\System32\drivers\discache.sys
0x9047A000 \SystemRoot\system32\drivers\csc.sys
0x904DE000 \SystemRoot\System32\Drivers\dfsc.sys
0x904F6000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90504000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9050A000 \SystemRoot\System32\Drivers\avgldx86.sys
0x9053E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9055F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9141D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x918AE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91965000 \SystemRoot\System32\drivers\dxgmms1.sys
0x9199E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x919A9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x919F4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91A03000 \SystemRoot\system32\drivers\ctaud2k.sys
0x91A83000 \SystemRoot\system32\drivers\portcls.sys
0x91AB2000 \SystemRoot\system32\drivers\drmk.sys
0x91ACB000 \SystemRoot\system32\drivers\ks.sys
0x91AFF000 \SystemRoot\system32\drivers\ctoss2k.sys
0x91B33000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x91B3B000 \SystemRoot\system32\DRIVERS\ctgame.sys
0x91B3E000 \SystemRoot\system32\DRIVERS\fetnd6v.sys
0x91B49000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91B75000 \SystemRoot\system32\DRIVERS\fdc.sys
0x91B80000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91B8A000 \SystemRoot\system32\DRIVERS\parport.sys
0x91BA2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91BBA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91BC7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91BD4000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x90571000 \SystemRoot\system32\drivers\cmuda.sys
0x91BD8000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91BE5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x906B7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x906C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x906E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x906FC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90713000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91418000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x9072A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x91BF7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90734000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91BF9000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x91BFC000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x90742000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90C3F000 \SystemRoot\system32\drivers\ha10kx2k.sys
0x90D49000 \SystemRoot\system32\drivers\emupia2k.sys
0x90D78000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x90DA1000 \SystemRoot\system32\drivers\ctac32k.sys
0x90E3D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E4E000 \SystemRoot\System32\drivers\COMMONFX.SYS
0x90E69000 \SystemRoot\System32\drivers\CTSBLFX.SYS
0x90EF7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90F02000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90F15000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90F1C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90F1E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x90F35000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90F42000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90F4D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x90F56000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93CC0000 \SystemRoot\System32\win32k.sys
0x90F67000 \SystemRoot\System32\drivers\Dxapi.sys
0x90F71000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93F20000 \SystemRoot\System32\TSDDD.dll
0x93F50000 \SystemRoot\System32\cdd.dll
0x90F7C000 \SystemRoot\system32\drivers\luafv.sys
0x90F97000 \SystemRoot\system32\drivers\WudfPf.sys
0x90FB1000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x90FB7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90FC7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x94434000 \SystemRoot\system32\drivers\HTTP.sys
0x944B9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x944D2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x944E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x94507000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x94542000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9455D000 \??\C:\Windows\system32\Drivers\hcmon.sys
0x94568000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9456F000 \??\C:\Windows\system32\Drivers\VMparport.sys
0x94576000 \??\C:\Windows\system32\Drivers\vmx86.sys
0x94657000 \SystemRoot\system32\drivers\peauth.sys
0x946EE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x946F8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x94719000 \??\C:\Program Files\Sandboxie\SbieDrv.sys
0x94737000 \SystemRoot\System32\drivers\tcpipreg.sys
0x94744000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x94749000 \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
0x9474C000 \??\D:\VMware\VMware Workstation\vstor2-ws60.sys
0x94750000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9479F000 \SystemRoot\System32\DRIVERS\srv.sys
0x94400000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x94421000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77150000 \Windows\System32\ntdll.dll
0x47810000 \Windows\System32\smss.exe
0x77390000 \Windows\System32\apisetschema.dll
Processes (total 54):
0 System Idle Process
4 System
340 C:\Windows\System32\smss.exe
532 csrss.exe
604 C:\Windows\System32\wininit.exe
616 csrss.exe
660 C:\Windows\System32\services.exe
676 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\winlogon.exe
860 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\Ati2evxx.exe
1048 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1544 C:\Windows\System32\spoolsv.exe
1572 C:\Windows\System32\svchost.exe
1716 C:\Windows\System32\Ati2evxx.exe
1784 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1876 C:\Windows\System32\svchost.exe
1920 C:\Program Files\Hamachi\hamachi-2.exe
2020 C:\Program Files\OO Software\Defrag\oodag.exe
2028 C:\Windows\System32\dwm.exe
392 C:\Windows\explorer.exe
528 C:\Program Files\Sandboxie\SbieSvc.exe
1512 C:\Windows\System32\svchost.exe
1940 C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
312 C:\Windows\System32\taskhost.exe
2068 C:\Windows\System32\vmnat.exe
2184 C:\Windows\System32\vmnetdhcp.exe
2228 D:\VMware\VMware Workstation\vmware-authd.exe
2464 C:\Program Files\AVG\AVG9\avgnsx.exe
2812 C:\Program Files\AVG\AVG9\avgrsx.exe
2824 C:\Program Files\AVG\AVG9\avgchsvx.exe
2920 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3600 WUDFHost.exe
3704 C:\Program Files\AVG\AVG9\avgtray.exe
3736 C:\Program Files\Skype\Phone\Skype.exe
3808 C:\Windows\System32\svchost.exe
2652 C:\Program Files\SRWare Iron\iron.exe
2688 C:\Windows\System32\SearchIndexer.exe
2160 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2224 C:\Program Files\SRWare Iron\iron.exe
4072 C:\Windows\System32\svchost.exe
4768 C:\Program Files\SRWare Iron\iron.exe
1472 C:\Windows\System32\SearchProtocolHost.exe
4872 C:\Windows\System32\SearchFilterHost.exe
3672 C:\Users\***\Desktop\MBRCheck.exe
5472 C:\Windows\System32\conhost.exe
5436 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`8160fe00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000a`02c2be00 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000002f`763c9c00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000042`6fc80400 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-12
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
Grüße jackie |
|
| Themen zu Security Essentials 2010 entfernt und hoffentlich wieder alles i.O.?? |
| anleitungen, entfern, entfernt, essen, essentials, forum, gen, hoffe, natürlich, poste, security, security essentials, security essentials 2010, service, sichert, titel, troja, trojaner, wenig |
Hybrid-Darstellung
