| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Security Shield wird nicht komplett entfernt und installiert sich neuWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.01.2011, 15:54
| #1 |
 |  Security Shield wird nicht komplett entfernt und installiert sich neu Hallo, ich hab mir Security Shield eingefangen und auch die Anleitung hier im Forum angeschaut und durchgeführt. Allerdings säubert das mein System wohl nicht vollständig, da sich Security Shield immer wieder automatisch selbst installiert und ausführt. Habe jetzt das 2. mal die Schritte zum Entfernen durchgeführt und meine logs sind im Anhang. Bräuchte dringend Hilfe mein System wieder sauber zu bekommen ohne es neu aufzusetzen, da ich gerade an einem Projekt arbeite. Geändert von Kit Fisto (29.01.2011 um 15:59 Uhr) |
|
30.01.2011, 20:37
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Security Shield wird nicht komplett entfernt und installiert sich neu Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
__________________ |
|
30.01.2011, 21:12
| #3 | |
| | Security Shield wird nicht komplett entfernt und installiert sich neuZitat:
Geändert von Kit Fisto (30.01.2011 um 21:21 Uhr) |
|
31.01.2011, 10:25
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shield wird nicht komplett entfernt und installiert sich neu Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1951de7c-c9ac-11dc-b24a-001d9206ed8f}\Shell\AutoRun\command - "" = H:\PStart.exe
O33 - MountPoints2\{9c8f59a4-125c-11de-b7a7-001d9206ed8f}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{9c8f59a4-125c-11de-b7a7-001d9206ed8f}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe
O33 - MountPoints2\{d2aad986-a104-11dc-9855-001d9206ed8f}\Shell - "" = AutoRun
O33 - MountPoints2\{d2aad986-a104-11dc-9855-001d9206ed8f}\Shell\AutoRun\command - "" = G:\start_here.exe
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.01.2011, 13:12
| #5 |
| | Security Shield wird nicht komplett entfernt und installiert sich neuCode:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1951de7c-c9ac-11dc-b24a-001d9206ed8f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1951de7c-c9ac-11dc-b24a-001d9206ed8f}\ not found.
File H:\PStart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c8f59a4-125c-11de-b7a7-001d9206ed8f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c8f59a4-125c-11de-b7a7-001d9206ed8f}\ not found.
File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c8f59a4-125c-11de-b7a7-001d9206ed8f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c8f59a4-125c-11de-b7a7-001d9206ed8f}\ not found.
File C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2aad986-a104-11dc-9855-001d9206ed8f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2aad986-a104-11dc-9855-001d9206ed8f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2aad986-a104-11dc-9855-001d9206ed8f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2aad986-a104-11dc-9855-001d9206ed8f}\ not found.
File G:\start_here.exe not found.
ADS C:\ProgramData\TEMP:888AFB86 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Desktop
User: ***
->Temp folder emptied: 351369059 bytes
->Temporary Internet Files folder emptied: 4415751 bytes
->Java cache emptied: 6625853 bytes
->FireFox cache emptied: 99927048 bytes
->Flash cache emptied: 2579247 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74308 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 443,00 mb
OTL by OldTimer - Version 3.2.20.6 log created on 01312011_130511
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Seit dem 2. entfernen ist es auch ruhig geworden, aber ich möchte natürlich trotzdem gerne wissen ob mein System wirklich wieder sauber ist. |
|
31.01.2011, 14:08
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shield wird nicht komplett entfernt und installiert sich neu Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Security Shield wird nicht komplett entfernt und installiert sich neu |
|
31.01.2011, 15:28
| #7 |
| | Security Shield wird nicht komplett entfernt und installiert sich neu Combofix Logfile: Code:
ATTFilter ComboFix 11-01-30.02 - *** 31.01.2011 15:14:05.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1033.18.2047.1322 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\twunk_32.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-28 bis 2011-01-31 ))))))))))))))))))))))))))))))
.
2011-01-31 12:05 . 2011-01-31 12:05 -------- d-----w- C:\_OTL
2011-01-30 09:08 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07D214C-4202-4517-8317-2FF81FE18965}\mpengine.dll
2011-01-29 08:54 . 2011-01-29 08:54 -------- d-----w- c:\program files\CCleaner
2011-01-29 08:22 . 2011-01-29 08:22 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-01-29 08:21 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-29 08:21 . 2011-01-29 08:21 -------- d-----w- c:\programdata\Malwarebytes
2011-01-29 08:21 . 2011-01-29 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-29 08:21 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-28 08:25 . 2011-01-28 08:25 -------- d-----w- c:\users\***\AppData\Roaming\IrfanView
2011-01-28 08:25 . 2011-01-28 08:25 -------- d-----w- c:\program files\IrfanView
2011-01-14 00:01 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-14 00:01 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-14 00:01 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-14 00:01 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-14 00:01 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-14 00:01 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-14 00:01 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-03 00:36 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-01-03 00:36 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-01-03 00:36 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-01-03 00:36 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-01-03 00:36 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-01-03 00:36 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-01-03 00:36 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-29 10:47 . 2010-12-29 10:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-21 14:14 . 2009-03-19 20:20 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-03 09:05 . 2010-12-29 14:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 19:17 . 2010-11-24 19:17 65536 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{6A7B0B55-D7D4-44CD-832D-310F4C9DEA47}\NewShortcut1_6A7B0B55D7D444CD832D310F4C9DEA47.exe
2010-11-23 11:08 . 2009-03-19 20:20 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-04 18:56 . 2010-12-28 22:01 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-28 22:01 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-28 22:01 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-28 22:01 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-28 22:01 171520 ----a-w- c:\windows\system32\taskeng.exe
2007-11-05 06:54 . 2007-12-23 01:43 3564584 ----a-w- c:\program files\procexp.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-09-22 4240760]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Diamondback"="c:\program files\Razer\Diamondback\razerhid.exe" [2007-02-14 147456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-23 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"?4::\"="" [?]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-2-12 44176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DVDRIVER;DVDRIVER;c:\windows\system32\DRIVERS\dvdriver.sys [2008-02-25 34376]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 136176]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-12-02 685816]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-23 135336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2005-04-24 13225]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - PROCEXP111
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 21:44]
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 21:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kft8tayo.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&q=
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Mouse Gestures Redox: {FFA36170-80B1-4535-B0E3-A4569E497DD0} - %profile%\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-01-31 15:21
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
syscheckrt.exe = c:\syscheckrt\syscheckrt.exe
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"syscheckrt.exe"="c:\\syscheckrt\\syscheckrt.exe"
.
Zeit der Fertigstellung: 2011-01-31 15:24:04
ComboFix-quarantined-files.txt 2011-01-31 14:23
Vor Suchlauf: 9.545.420.800 Bytes frei
Nach Suchlauf: 9.386.573.824 Bytes frei
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 59755065BD44546236736324007CF8D0
|
|
31.01.2011, 16:00
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shield wird nicht komplett entfernt und installiert sich neu Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter KILLALL::
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"?4::\"=-
Rootkit::
c:\syscheckrt\syscheckrt.exe
Folder::
c:\syscheckrt
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2011, 16:52
| #9 |
| | Security Shield wird nicht komplett entfernt und installiert sich neu Combofix Logfile: Code:
ATTFilter ComboFix 11-01-30.02 - *** 31.01.2011 16:31:47.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1033.18.2047.1195 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\syscheckrt
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-28 bis 2011-01-31 ))))))))))))))))))))))))))))))
.
2011-01-31 15:39 . 2011-01-31 15:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-31 12:05 . 2011-01-31 12:05 -------- d-----w- C:\_OTL
2011-01-30 09:08 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F07D214C-4202-4517-8317-2FF81FE18965}\mpengine.dll
2011-01-29 08:54 . 2011-01-29 08:54 -------- d-----w- c:\program files\CCleaner
2011-01-29 08:22 . 2011-01-29 08:22 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-01-29 08:21 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-29 08:21 . 2011-01-29 08:21 -------- d-----w- c:\programdata\Malwarebytes
2011-01-29 08:21 . 2011-01-29 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-29 08:21 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-28 08:25 . 2011-01-28 08:25 -------- d-----w- c:\users\***\AppData\Roaming\IrfanView
2011-01-28 08:25 . 2011-01-28 08:25 -------- d-----w- c:\program files\IrfanView
2011-01-14 00:01 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-14 00:01 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-14 00:01 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-14 00:01 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-14 00:01 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-14 00:01 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-14 00:01 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-03 00:36 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-01-03 00:36 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-01-03 00:36 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-01-03 00:36 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-01-03 00:36 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-01-03 00:36 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-01-03 00:36 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-29 10:47 . 2010-12-29 10:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-21 14:14 . 2009-03-19 20:20 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-03 09:05 . 2010-12-29 14:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 19:17 . 2010-11-24 19:17 65536 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{6A7B0B55-D7D4-44CD-832D-310F4C9DEA47}\NewShortcut1_6A7B0B55D7D444CD832D310F4C9DEA47.exe
2010-11-23 11:08 . 2009-03-19 20:20 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-04 18:56 . 2010-12-28 22:01 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-28 22:01 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-28 22:01 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-28 22:01 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-28 22:01 171520 ----a-w- c:\windows\system32\taskeng.exe
2007-11-05 06:54 . 2007-12-23 01:43 3564584 ----a-w- c:\program files\procexp.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-17 171464]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-09-22 4240760]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Diamondback"="c:\program files\Razer\Diamondback\razerhid.exe" [2007-02-14 147456]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-23 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2010-2-12 44176]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DVDRIVER;DVDRIVER;c:\windows\system32\DRIVERS\dvdriver.sys [2008-02-25 34376]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 136176]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\DRIVERS\WebCamDV.sys [x]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-12-03 1389400]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-12-03 15264]
R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-12-02 685816]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-23 135336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2005-04-24 13225]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-07 21:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\kft8tayo.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.de/search?hl=de&q=
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - %profile%\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Mouse Gestures Redox: {FFA36170-80B1-4535-B0E3-A4569E497DD0} - %profile%\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-syscheckrt.exe - c:\syscheckrt\syscheckrt.exe
HKU-Default-Run-syscheckrt.exe - c:\syscheckrt\syscheckrt.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-01-31 16:40
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(6020)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-31 16:47:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-31 15:47
ComboFix2.txt 2011-01-31 14:24
Vor Suchlauf: 9.294.954.496 Bytes frei
Nach Suchlauf: 9.271.877.632 Bytes frei
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E4AB2BD6EFBED1D9D9625D0AC33E08B4
|
|
31.01.2011, 19:12
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shield wird nicht komplett entfernt und installiert sich neu Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2011, 19:36
| #11 |
| | Security Shield wird nicht komplett entfernt und installiert sich neu ist hochgeladen |
|
31.01.2011, 19:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shield wird nicht komplett entfernt und installiert sich neu Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2011, 20:33
| #13 |
| | Security Shield wird nicht komplett entfernt und installiert sich neu GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-31 20:19:32
Windows 6.0.6002 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-7 SAMSUNG_HD501LJ rev.CR100-11
Running: bcghf2qz.exe; Driver: C:\Users\***\AppData\Local\Temp\pxtyqpob.sys
---- Kernel code sections - GMER 1.0.15 ----
? C:\Windows\System32\Drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload 8B83A41B 5 Bytes JMP 85E35770
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BC09320, 0x3DE2A7, 0xE8000020]
.text aofvqobj.SYS 8B946000 22 Bytes [82, E3, 1C, 82, 6C, E2, 1C, ...]
.text aofvqobj.SYS 8B946017 98 Bytes [00, 32, 87, 6F, 80, 3D, 85, ...]
.text aofvqobj.SYS 8B94607A 82 Bytes [EF, 81, 18, C0, E1, 81, E7, ...]
.text aofvqobj.SYS 8B9460CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...]
.text aofvqobj.SYS 8B946118 185 Bytes [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060561E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80604AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80605748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80604B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80604C1A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortNotification] 000000DC
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortStallExecution] 0000031F
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortMoveMemory] 00000190
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 00000182
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000363
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000258
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortReadPortUshort] 0000030E
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000017E
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortInitialize] 00000254
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E
IAT \SystemRoot\System32\Drivers\aofvqobj.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Users\***\Desktop\bcghf2qz.exe[540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00252F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\***\Desktop\bcghf2qz.exe[540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00252D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\***\Desktop\bcghf2qz.exe[540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00252CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\***\Desktop\bcghf2qz.exe[540] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00252CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razerofa.exe[1216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01DA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razerofa.exe[1216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01DA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razerofa.exe[1216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01DA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razerofa.exe[1216] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01DA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00132F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00132D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00132CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[1456] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00132CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razertra.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01572F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razertra.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01572D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razertra.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01572CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Razer\Diamondback\razertra.exe[3480] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01572CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[5600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00222F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[5600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00222D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[5600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00222CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[5600] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00222CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8446F1E8
Device \Driver\volmgr \Device\VolMgrControl 8446C1E8
Device \Driver\usbohci \Device\USBPDO-0 85E3C3F8
Device \Driver\usbehci \Device\USBPDO-1 85E3D1E8
Device \Driver\volmgr \Device\HarddiskVolume1 8446C1E8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 8446C1E8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 860C81E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8446E1E8
Device \Driver\atapi \Device\Ide\IdePort0 8446E1E8
Device \Driver\atapi \Device\Ide\IdePort1 8446E1E8
Device \Driver\atapi \Device\Ide\IdePort2 8446E1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-7 8446E1E8
Device \Driver\atapi \Device\Ide\IdePort3 8446E1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-6 8446E1E8
Device \Driver\volmgr \Device\HarddiskVolume3 8446C1E8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom1 860C81E8
Device \Driver\cdrom \Device\CdRom2 860C81E8
Device \Driver\cdrom \Device\CdRom3 860C81E8
Device \Driver\netbt \Device\NetBT_Tcpip_{4BC350F3-3323-4EF6-83F9-CD5B3360E29E} 8635C790
Device \Driver\netbt \Device\NetBt_Wins_Export 8635C790
Device \Driver\PCI_NTPNP7304 \Device\0000004b sptd.sys
Device \Driver\iScsiPrt \Device\RaidPort0 85E411E8
Device \Driver\usbohci \Device\USBFDO-0 85E3C3F8
Device \Driver\usbehci \Device\USBFDO-1 85E3D1E8
Device \Driver\aofvqobj \Device\Scsi\aofvqobj1Port5Path0Target2Lun0 85E851E8
Device \Driver\aofvqobj \Device\Scsi\aofvqobj1 85E851E8
Device \Driver\aofvqobj \Device\Scsi\aofvqobj1Port5Path0Target1Lun0 85E851E8
Device \Driver\aofvqobj \Device\Scsi\aofvqobj1Port5Path0Target0Lun0 85E851E8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0xF7 0xD4 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFC 0xC2 0x85 0x83 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x18 0xF5 0x55 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC8 0x32 0x9A 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x8E 0xD4 0xC6 0xD1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC6 0xF7 0xD4 0xC5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFC 0xC2 0x85 0x83 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x18 0xF5 0x55 0xE8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC8 0x32 0x9A 0xBA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x8E 0xD4 0xC6 0xD1 ...
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:27:15 on 31.01.2011 OS: Windows Vista Ultimate Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.5.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ac3filter.cpl" - ? - C:\Windows\system32\ac3filter.cpl "Diamondback.cpl" - "Razer Inc." - C:\Windows\system32\Diamondback.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\Windows\system32\javacpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Program Files\Sony Ericsson\Mobile4\Mobile Phone Monitor\ecsepm.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aofvqobj" (aofvqobj) - "Microsoft Corporation" - C:\Windows\system32\drivers\aofvqobj.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\cofi31788c\catchme.sys (File not found) "cdrbsdrv" (cdrbsdrv) - "B.H.A Corporation" - C:\Windows\system32\drivers\cdrbsdrv.sys "giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File found, but it contains no detailed information) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\DRIVERS\PxHelp20.sys "pxtyqpob" (pxtyqpob) - ? - C:\Users\***\AppData\Local\Temp\pxtyqpob.sys (Hidden registry entry, rootkit activity | File not found) "Sony Digital Imaging Video2" (sonypvs1) - "Sony Corporation" - C:\Windows\System32\DRIVERS\sonypvs1.sys "speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "WebCamDV DV to Webcam Converter" (WebCamDV) - ? - C:\Windows\System32\DRIVERS\WebCamDV.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\Combined Community Codec Pack\Filters\Haali\MatroskaSplitter\mmfinfo.dll (File found, but it contains no detailed information) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - "Teleca Sweden AB" - C:\Program Files\Sony Ericsson\Mobile4\File Manager\FM.dll {BBD2BACA-BEED-4307-86F7-563562FCFC13} "Sony Ericsson Datei-Manager" - "Teleca Sweden AB" - C:\Program Files\Sony Ericsson\Mobile4\File Manager\FM.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash9d.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "PHOTOfunSTUDIO HD Edition.lnk" - "Panasonic Corporation" - C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools" - "DT Soft Ltd." - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Diamondback" - ? - C:\Program Files\Razer\Diamondback\razerhid.exe "LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" "PC Suite for Smartphones" - ? - "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "B's Recorder GOLD Library General Service" (bgsvcgen) - "B.H.A Corporation" - C:\Windows\System32\bgsvcgen.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe "LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe "LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "SQL Server (SONY_MEDIAMGR2)" (MSSQL$SONY_MEDIAMGR2) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== MBRCheck Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Ultimate Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MSI
System Product Name: MS-7369
Logical Drives Mask: 0x0000037c
Kernel Drivers (total 156):
0x81E0E000 \SystemRoot\system32\ntkrnlpa.exe
0x821C7000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\PSHED.dll
0x80421000 \SystemRoot\system32\BOOTVID.dll
0x80429000 \SystemRoot\system32\CLFS.SYS
0x8046A000 \SystemRoot\system32\CI.dll
0x8054A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80603000 \SystemRoot\System32\Drivers\sptd.sys
0x806ED000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x806F6000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8071C000 \SystemRoot\system32\drivers\acpi.sys
0x80762000 \SystemRoot\system32\drivers\msisadrv.sys
0x8076A000 \SystemRoot\system32\drivers\pci.sys
0x80791000 \SystemRoot\System32\drivers\partmgr.sys
0x807A0000 \SystemRoot\system32\drivers\volmgr.sys
0x807AF000 \SystemRoot\System32\drivers\volmgrx.sys
0x807F9000 \SystemRoot\system32\drivers\pciide.sys
0x805D3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805E1000 \SystemRoot\System32\drivers\mountmgr.sys
0x805F1000 \SystemRoot\system32\drivers\atapi.sys
0x82C05000 \SystemRoot\system32\drivers\ataport.SYS
0x82C23000 \SystemRoot\system32\drivers\fltmgr.sys
0x82C55000 \SystemRoot\system32\drivers\fileinfo.sys
0x82C65000 \SystemRoot\system32\DRIVERS\PxHelp20.sys
0x82C6F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82CE0000 \SystemRoot\system32\drivers\ndis.sys
0x82E07000 \SystemRoot\system32\drivers\msrpc.sys
0x82E32000 \SystemRoot\system32\drivers\NETIO.SYS
0x82E6D000 \SystemRoot\System32\drivers\tcpip.sys
0x82F57000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F15000 \SystemRoot\system32\drivers\volsnap.sys
0x87F4E000 \SystemRoot\System32\Drivers\spldr.sys
0x87F56000 \SystemRoot\system32\speedfan.sys
0x87F58000 \SystemRoot\System32\Drivers\mup.sys
0x87F67000 \SystemRoot\system32\giveio.sys
0x87F68000 \SystemRoot\System32\drivers\ecache.sys
0x87F8F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x87FB3000 \SystemRoot\system32\drivers\disk.sys
0x87FC4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FE5000 \SystemRoot\system32\drivers\crcdisk.sys
0x82F96000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82FA1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82FAA000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x82FBA000 \SystemRoot\system32\DRIVERS\serial.sys
0x82FD4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x82FDE000 \SystemRoot\system32\DRIVERS\parport.sys
0x82FF6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B80A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B848000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B857000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B8E4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B8F4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B902000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0x8B90B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B923000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8BC09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C313000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C3B4000 \SystemRoot\System32\drivers\watchdog.sys
0x8B945000 \SystemRoot\System32\Drivers\aofvqobj.SYS
0x8C3C0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B9AC000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C3EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C406000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C41D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C428000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C44B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C45A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C46E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C483000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8C50C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C51C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C527000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C532000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C534000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C55E000 \SystemRoot\system32\DRIVERS\zebrceb.sys
0x8C56C000 \SystemRoot\system32\DRIVERS\zebrwh.sys
0x8C56E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C578000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C585000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C5BA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C800000 \SystemRoot\system32\drivers\HdAudio.sys
0x8C83F000 \SystemRoot\system32\drivers\portcls.sys
0x8C86C000 \SystemRoot\system32\drivers\drmk.sys
0x8C891000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C89A000 \SystemRoot\System32\Drivers\Null.SYS
0x8C8A1000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C8B1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C8B8000 \SystemRoot\System32\drivers\vga.sys
0x8C8C4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C8E5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C8ED000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C8F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C900000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C90E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C917000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C92D000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C941000 \SystemRoot\system32\drivers\afd.sys
0x8C989000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C9BB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C9D1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C9DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C9F2000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CC04000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CC40000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CC4A000 \SystemRoot\system32\drivers\csc.sys
0x8CCA5000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CCBC000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8CCE2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CCF9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CCFB000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8D00A000 \SystemRoot\system32\drivers\LVUSBSta.sys
0x8D013000 \SystemRoot\system32\DRIVERS\LV302V32.SYS
0x8D14A000 \SystemRoot\system32\drivers\usbaudio.sys
0x8D15C000 \SystemRoot\System32\Drivers\Razerlow.sys
0x8D160000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D169000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D179000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D181000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D18A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D197000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D1A2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8D1AA000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x96A90000 \SystemRoot\System32\win32k.sys
0x8D1BB000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D1C5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96CB0000 \SystemRoot\System32\TSDDD.dll
0x96CD0000 \SystemRoot\System32\cdd.dll
0x96CE0000 \SystemRoot\System32\ATMFD.DLL
0x8D1D4000 \SystemRoot\system32\drivers\luafv.sys
0x8CE00000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8CE1D000 \SystemRoot\system32\drivers\spsys.sys
0x8CECD000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x8CEFD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8CF0D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8CF20000 \SystemRoot\system32\drivers\HTTP.sys
0x8CF8D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8CFAA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8CFC3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8CFD8000 \SystemRoot\system32\drivers\mrxdav.sys
0x8CCFD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8CD1C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8CD55000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8CD6D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8CD95000 \SystemRoot\System32\DRIVERS\srv.sys
0x8CFF9000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9EA03000 \SystemRoot\system32\drivers\peauth.sys
0x9EAE1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9EAEB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EAF7000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0x9EAFC000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9EB12000 \??\C:\Users\***\AppData\Local\Temp\pxtyqpob.sys
0x77080000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools\daemon.dll
Processes (total 62):
0 System Idle Process
4 System
516 C:\Windows\System32\smss.exe
616 csrss.exe
668 C:\Windows\System32\wininit.exe
676 csrss.exe
716 C:\Windows\System32\services.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
880 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\winlogon.exe
984 C:\Windows\System32\nvvsvc.exe
1012 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1204 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1244 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\audiodg.exe
1360 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\SLsvc.exe
1440 C:\Windows\System32\svchost.exe
1540 C:\Windows\System32\rundll32.exe
1644 C:\Windows\System32\svchost.exe
1848 C:\Windows\System32\spoolsv.exe
1872 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1892 C:\Windows\System32\svchost.exe
584 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
688 C:\Windows\System32\bgsvcgen.exe
864 C:\Program Files\Bonjour\mDNSResponder.exe
996 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1764 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2104 C:\Windows\System32\svchost.exe
2148 C:\Program Files\CyberLink\Shared files\RichVideo.exe
2200 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2216 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2260 C:\Windows\System32\svchost.exe
2356 C:\Windows\System32\svchost.exe
2388 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2484 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
2492 C:\Windows\System32\taskeng.exe
2584 C:\Windows\System32\dwm.exe
2704 C:\Windows\System32\SearchIndexer.exe
2944 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3036 C:\Windows\System32\taskeng.exe
3080 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3100 C:\Program Files\Razer\Diamondback\razerhid.exe
3108 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3208 C:\Windows\System32\rundll32.exe
3220 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3328 C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
3732 C:\Program Files\Google\Update\GoogleUpdate.exe
940 C:\Windows\System32\svchost.exe
3480 C:\Program Files\Razer\Diamondback\razertra.exe
1216 C:\Program Files\Razer\Diamondback\razerofa.exe
1456 C:\Windows\System32\wuauclt.exe
5600 C:\Windows\explorer.exe
5668 C:\Program Files\Mozilla Firefox\firefox.exe
5996 C:\Windows\System32\SearchProtocolHost.exe
3948 C:\Windows\System32\SearchFilterHost.exe
3712 C:\Users\***\Desktop\MBRCheck.exe
3372 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x0000000c`80100000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
PhysicalDrive1 Model Number: SAMSUNGHD501LJ, Rev: CR100-11
PhysicalDrive0 Model Number: ST3160023AS, Rev: 3.00
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
|
|
31.01.2011, 21:33
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Security Shield wird nicht komplett entfernt und installiert sich neu Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2011, 11:32
| #15 | ||
| | Security Shield wird nicht komplett entfernt und installiert sich neuZitat:
Zitat:
 Und was sollte ich jetzt zu Sicherheit alles tun? Geändert von Kit Fisto (01.02.2011 um 11:37 Uhr) |
|
| Themen zu Security Shield wird nicht komplett entfernt und installiert sich neu |
| ad-aware, antivir, avira, bho, bonjour, downloader, dringend, entfernen, error, firefox, flash player, google, hijack, hijackthis, logfile, programm, realtek, scan, security, software, svchost.exe, system, teamspeak, vista |
Linear-Darstellung
