| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.03.2011, 13:37
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.03.2011, 15:15
| #17 |
 | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Hier schonmal GMER:
__________________GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-23 15:09:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500620AS rev.SD25
Running: ue2veedg.exe; Driver: C:\Users\FAMILI~1\AppData\Local\Temp\kwtdrpow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8FC06340, 0x3DB487, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7461A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [745F8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [745CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7464CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\ExitWin\ew.exe[2736] @ C:\Windows\system32\user32.dll [KERNEL32.dll!CreateThread] [0042B21C] C:\Program Files\ExitWin\ew.exe (Exit Windows/Mirko Böer)
IAT C:\Program Files\ExitWin\ew.exe[2736] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0042B21C] C:\Program Files\ExitWin\ew.exe (Exit Windows/Mirko Böer)
IAT C:\Program Files\ExitWin\ew.exe[2736] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042B21C] C:\Program Files\ExitWin\ew.exe (Exit Windows/Mirko Böer)
IAT C:\Program Files\ExitWin\ew.exe[2736] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042B21C] C:\Program Files\ExitWin\ew.exe (Exit Windows/Mirko Böer)
IAT C:\Program Files\ExitWin\ew.exe[2736] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042B21C] C:\Program Files\ExitWin\ew.exe (Exit Windows/Mirko Böer)
IAT C:\Program Files\ExitWin\ew.exe[2736] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042B21C] C:\Program Files\ExitWin\ew.exe (Exit Windows/Mirko Böer)
IAT C:\Program Files\ExitWin\ew.exe[2736] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!CreateThread] [0042B21C] C:\Program Files\ExitWin\ew.exe (Exit Windows/Mirko Böer)
IAT C:\Program Files\ExitWin\ew.exe[2736] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042B21C] C:\Program Files\ExitWin\ew.exe (Exit Windows/Mirko Böer)
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 01060FF0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0105FA60
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0105DA90
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 01061570
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 0105C230
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 0105B3C0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 0105BCB0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0105D8F0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0105E520
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0105E000
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0105E4A0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0105EFC0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0105E690
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 0105DC40
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0105E140
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0105DA30
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 0105D5F0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 01061010
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0105C0E0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0105FF90
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0105FEB0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0105FE70
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0105CE70
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 0105ACF0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0105DB30
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 0105A9C0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 0105B710
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01059450
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 0105D1C0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 01060FE0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 010612B0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 01061250
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 010614A0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 01061540
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 01061370
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 01060CA0
IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[3188] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 01060990
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00C40FF0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00C3FA60
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00C3DA90
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00C41570
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 00C3C230
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00C3B3C0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00C3BCB0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00C3D8F0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00C3E520
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00C3E000
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00C3E4A0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00C3EFC0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00C3E690
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 00C3DC40
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00C3E140
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00C3DA30
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 00C3D5F0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 00C41010
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00C3C0E0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00C3FF90
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00C3FEB0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00C3FE70
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00C3CE70
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00C3ACF0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00C3DB30
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00C3A9C0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00C3B710
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00C39450
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 00C3D1C0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 00C40FE0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 00C412B0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 00C41250
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00C414A0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00C41540
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 00C41370
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00C40CA0
IAT C:\Program Files\HDDlife\HDDlifePro.exe[4688] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00C40990
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 SaibIa32.sys (Disk Filter Driver/Sonic Solutions)
---- Files - GMER 1.0.15 ----
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\pt_BR\content\LotusSymphonyHome_files\images\background_top_mid.jpg 41938 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\pt_BR\content\LotusSymphonyHome_files\images\clipart.gif 1421 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\pt_BR\content\LotusSymphonyHome_files\images\forums.gif 1510 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\pt_BR\content\LotusSymphonyHome_files\images\PE_icon.gif 3355 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\pt_BR\content\LotusSymphonyHome_files\images\plugins.gif 784 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\pt_BR\content\LotusSymphonyHome_files\images\SSE_icon.gif 3588 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\pt_BR\content\LotusSymphonyHome_files\images\Thumbs.db 13312 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\pt_BR\content\LotusSymphonyHome_files\images\wiki.gif 1004 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\pt_BR\content\LotusSymphonyHome_files\images\WPE_icon.gif 3966 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_CN\content\LotusSymphonyHome_files\images\background_top_mid.jpg 41938 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_CN\content\LotusSymphonyHome_files\images\clipart.gif 1421 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_CN\content\LotusSymphonyHome_files\images\forums.gif 1510 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_CN\content\LotusSymphonyHome_files\images\PE_icon.gif 3355 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_CN\content\LotusSymphonyHome_files\images\plugins.gif 784 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_CN\content\LotusSymphonyHome_files\images\SSE_icon.gif 3588 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_CN\content\LotusSymphonyHome_files\images\Thumbs.db 13312 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_CN\content\LotusSymphonyHome_files\images\wiki.gif 1004 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_CN\content\LotusSymphonyHome_files\images\WPE_icon.gif 3966 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_TW\content\LotusSymphonyHome_files\images\background_top_mid.jpg 41938 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_TW\content\LotusSymphonyHome_files\images\clipart.gif 1421 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_TW\content\LotusSymphonyHome_files\images\forums.gif 1510 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_TW\content\LotusSymphonyHome_files\images\PE_icon.gif 3355 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_TW\content\LotusSymphonyHome_files\images\plugins.gif 784 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_TW\content\LotusSymphonyHome_files\images\SSE_icon.gif 3588 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_TW\content\LotusSymphonyHome_files\images\Thumbs.db 13312 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_TW\content\LotusSymphonyHome_files\images\wiki.gif 1004 bytes
File C:\System Rollback Data\Restore\Archive\00000101\00000100\0\Target\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.standalone.gettingstarted.nl1_1.5.0.20090908-0900\nl\zh_TW\content\LotusSymphonyHome_files\images\WPE_icon.gif 3966 bytes
File C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D\www.youjizz.com\youjizz_player\xRzkEMEkoQ4NteS5f8KvOQ\media7\KINK_US_adrianna-nicole_dia_zerva_ami_emerson_6329_s01_tagteam_chunk_1.flv\player.swf 0 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module 0 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_de.properties 1530 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_ru.properties 3969 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\Messages.class 1372 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages.properties 1340 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_ar.properties 3663 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_ca.properties 1438 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_cs.properties 1469 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_da.properties 1287 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_el.properties 4862 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_es.properties 1518 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_fi.properties 1497 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_fr.properties 1521 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_hu.properties 1697 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_it.properties 1367 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_iw.properties 1489 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_ja.properties 2548 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_ko.properties 2141 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_nl.properties 1353 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_no.properties 1303 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_pl.properties 1543 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_pt.properties 1494 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_pt_BR.properties 1502 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_ro.properties 1398 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_sk.properties 1519 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_sl.properties 1379 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_sv.properties 1367 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_th.properties 3921 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_tr.properties 1552 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_uk.properties 4223 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_zh_CN.properties 1618 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\messages_zh_TW.properties 1628 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\SPNEGO.class 5956 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\SPNEGOLoginModule.class 3383 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\SPNEGOWin32Auth.class 3921 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\module\SPNEGOWin32Exception.class 346 bytes
File C:\System Rollback Data\Restore\Current\42657\21\Target\$Recycle.Bin\S-1-5-21-4221722840-285674823-3773879148-1000\$RUFXL9G\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.security.auth.spnego_6.2.0.20090525-1200\com\ibm\rcp\internal\security\auth\SPNEGOConfigure.class 1619 bytes
---- EOF - GMER 1.0.15 ----
|
|
23.03.2011, 17:44
| #18 |
| | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 So, nun auch OSAM und MBRCheck!
__________________OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:21:58 on 23.03.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Google Inc. Google Chrome 0.0.0.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Computer, Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "BackOnTrack Instant Restore Idle.job" - "Sonic Solutions" - c:\Program Files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Computer, Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\Users\FAMILI~1\AppData\Local\Temp\catchme.sys (File not found) "IEEE-1284.4 Driver HPZid412" (HPZid412) - "HP" - C:\Windows\System32\DRIVERS\HPZid412.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\Windows\System32\drivers\pfc.sys "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "SysCow" (SysCow) - "Sonic Solutions" - C:\Windows\System32\drivers\syscow32v.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {BD758015-47D9-477A-8873-4B688A2BC0E2} "hlRegister Class" - "BinarySense, Inc." - C:\Program Files\Common Files\BinarySense\hlAPP.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Google" - "Google Germany GmbH" - c:\program files\google\googletoolbar1.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} "Winamp Search Class" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_10" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1227390465593&h=80f5dd0efea1362984523e05726b4016/&filename=jinstall-6u10-windows-i586-jc.cab {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} "Java Plug-in 1.6.0_10" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_10" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_10.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? - (File not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Google" - "Google Germany GmbH" - c:\program files\google\googletoolbar1.dll <binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {0124123D-61B4-456f-AF86-78C53A0790C5} "G DATA WebFilter" - ? - (File not found | COM-object registry key not found) {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\program files\google\googletoolbar1.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {C56CB6B0-0D96-11D6-8C65-B2868B609932} "NTIECatcher Class" - "Xi" - C:\Program Files\NetTransport\NTIEHelper.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - ? - (File not found) {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll {0124123D-61B4-456f-AF86-78C53A0790C5} "{0124123D-61B4-456f-AF86-78C53A0790C5}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Familie Ratai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "ExifLauncher2.lnk" - "FUJIFILM Corporation" - C:\Program Files\FinePixViewer\QuickDCF2.exe (Shortcut exists | File exists) "ExitWin.lnk" - "Mirko Böer" - C:\Program Files\ExitWin\ew.exe (Shortcut exists | File exists) "PHOTOfunSTUDIO -viewer-.lnk" - "Matsushita Electric Industrial Co., Ltd." - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Shortcut exists | File exists) "PowerPro.lnk" - "RJL Software, Inc." - C:\Programme\delayexec\delayexec.exe (Shortcut exists | File exists) "Process Explorer.lnk" - "Sysinternals" - C:\Program Files\Process Explorer\procexp.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Picasa Media Detector" - "Google Inc." - C:\Program Files\Picasa2\PicasaMediaDetector.exe "SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe "EEventManager" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "Google EULA Launcher" - " " - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Computer, Inc." - "C:\Program Files\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe" "WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "hpzlnt09" - "HP" - C:\Windows\system32\hpzlnt09.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe "BOTService" (BOTService) - "Sonic Solutions" - c:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "HDDlife HDD Access service" (HDDlife HDD Access service) - "BinarySense, Inc." - C:\Program Files\Common Files\BinarySense\hldasvc.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Roxio SAIB Service" (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - ? - c:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe "UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: FUJITSU SIEMENS
System Product Name: MS-7504VP-PV
Logical Drives Mask: 0x000003fc
Kernel Drivers (total 150):
0x8240A000 \SystemRoot\system32\ntoskrnl.exe
0x827B5000 \SystemRoot\system32\hal.dll
0x8A808000 \SystemRoot\system32\kdcom.dll
0x8A80F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8A87F000 \SystemRoot\system32\PSHED.dll
0x8A890000 \SystemRoot\system32\BOOTVID.dll
0x8A898000 \SystemRoot\system32\CLFS.SYS
0x8A8D9000 \SystemRoot\system32\CI.dll
0x8A9B9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AA35000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AA42000 \SystemRoot\system32\drivers\acpi.sys
0x8AA88000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8AA91000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AA99000 \SystemRoot\system32\drivers\pci.sys
0x8AAC0000 \SystemRoot\System32\drivers\partmgr.sys
0x8AACF000 \SystemRoot\system32\drivers\volmgr.sys
0x8AADE000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AB28000 \SystemRoot\system32\drivers\pciide.sys
0x8AB2F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AB3D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AB4D000 \SystemRoot\system32\drivers\atapi.sys
0x8AB55000 \SystemRoot\system32\drivers\ataport.SYS
0x8AB73000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ABA5000 \SystemRoot\system32\drivers\fileinfo.sys
0x8ABB5000 \SystemRoot\system32\drivers\syscow32v.sys
0x8ABCA000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8AC07000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AC78000 \SystemRoot\system32\drivers\ndis.sys
0x8AD83000 \SystemRoot\system32\drivers\msrpc.sys
0x8ADAE000 \SystemRoot\system32\drivers\NETIO.SYS
0x8ADE9000 \SystemRoot\System32\drivers\tcpip.sys
0x8AED3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AEEE000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8ABD4000 \SystemRoot\system32\drivers\wd.sys
0x8B00C000 \SystemRoot\system32\drivers\volsnap.sys
0x8B045000 \SystemRoot\System32\Drivers\spldr.sys
0x8B04D000 \SystemRoot\System32\Drivers\SaibIa32.sys
0x8B055000 \SystemRoot\System32\Drivers\SahdIa32.sys
0x8B05E000 \SystemRoot\System32\Drivers\mup.sys
0x8B06D000 \SystemRoot\System32\drivers\ecache.sys
0x8B094000 \SystemRoot\system32\drivers\disk.sys
0x8B0A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B0C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B0EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B0FA000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B103000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B112000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8B11B000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B125000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B163000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B172000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B1FF000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B20F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90004000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x90724000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x907C4000 \SystemRoot\System32\drivers\watchdog.sys
0x907D0000 \SystemRoot\system32\drivers\Afc.sys
0x907D8000 \SystemRoot\system32\drivers\pfc.sys
0x907DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B21D000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x907F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B31C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B34B000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B38C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B397000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B3AE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B3B9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B3DC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B3EB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ABDC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90806000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90816000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90821000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9082C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9082E000 \SystemRoot\system32\DRIVERS\ks.sys
0x90858000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90862000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9086F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x908A4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x908B5000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90AC4000 \SystemRoot\system32\drivers\portcls.sys
0x90AF1000 \SystemRoot\system32\drivers\drmk.sys
0x90B16000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90B1F000 \SystemRoot\System32\Drivers\Null.SYS
0x90B26000 \SystemRoot\System32\Drivers\Beep.SYS
0x90B36000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90B3D000 \SystemRoot\System32\drivers\vga.sys
0x90B49000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90B6A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90B72000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90B7A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90B85000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90B93000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90B9C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90BB2000 \SystemRoot\system32\DRIVERS\smb.sys
0x90C06000 \SystemRoot\system32\drivers\afd.sys
0x90C4E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90C80000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x90C89000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90C9F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90CAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90CC0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90CC6000 \SystemRoot\System32\Drivers\SaibVd32.sys
0x90CCF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90D0B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90D14000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90D24000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90D26000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90D30000 \SystemRoot\System32\Drivers\dfsc.sys
0x90D47000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90D6D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x90D75000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90D8C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90D95000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x90D9F000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x90DAC000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x90DD1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x90DE6000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x90DEF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90DFC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90E07000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x98C20000 \SystemRoot\System32\win32k.sys
0x90E0F000 \SystemRoot\System32\drivers\Dxapi.sys
0x90E19000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98E40000 \SystemRoot\System32\TSDDD.dll
0x90E28000 \SystemRoot\system32\drivers\luafv.sys
0x90E43000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x90E58000 \SystemRoot\system32\drivers\spsys.sys
0x90F08000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90F18000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90F42000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x90F4C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x90F5F000 \SystemRoot\system32\drivers\HTTP.sys
0x90FCC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x90BC6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x90FE9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x90BDF000 \SystemRoot\system32\drivers\mrxdav.sys
0x8B0CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0808000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0841000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0859000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0881000 \SystemRoot\System32\DRIVERS\srv.sys
0xA08CF000 \SystemRoot\system32\drivers\peauth.sys
0xA09AD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA09B7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA09C3000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA09D8000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA09EA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x98EC0000 \SystemRoot\System32\cdd.dll
0x775B0000 \Windows\System32\ntdll.dll
Processes (total 72):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
540 csrss.exe
588 C:\Windows\System32\wininit.exe
600 csrss.exe
632 C:\Windows\System32\services.exe
644 C:\Windows\System32\lsass.exe
656 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\nvvsvc.exe
976 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1104 C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
1160 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\audiodg.exe
1336 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\SLsvc.exe
1400 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\rundll32.exe
1596 C:\Windows\System32\svchost.exe
1880 C:\Windows\System32\spoolsv.exe
1912 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1960 C:\Windows\System32\svchost.exe
1532 C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
1592 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1712 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1468 C:\Program Files\avmwlanstick\WLanNetService.exe
2044 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2056 C:\Program Files\Common Files\BinarySense\hldasvc.exe
2064 C:\Program Files\Common Files\BinarySense\hldasvc.exe
2228 C:\Windows\System32\svchost.exe
2288 C:\Windows\System32\svchost.exe
2324 C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
2380 C:\Windows\System32\svchost.exe
2416 C:\Windows\System32\SearchIndexer.exe
2544 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2676 WUDFHost.exe
3696 C:\Windows\System32\taskeng.exe
3880 C:\Windows\System32\dwm.exe
3936 C:\Windows\explorer.exe
4020 C:\Windows\System32\taskeng.exe
3364 C:\Windows\System32\rundll32.exe
1948 C:\Windows\RtHDVCpl.exe
1952 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
1896 C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
2532 C:\Program Files\Java\jre6\bin\jusched.exe
2508 C:\Program Files\QuickTime\qttask.exe
3292 C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
1608 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
1008 C:\Program Files\avmwlanstick\WLanGUI.exe
1004 C:\Program Files\Winamp\winampa.exe
2936 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
832 C:\Program Files\Windows Media Player\wmpnscfg.exe
636 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2264 C:\Windows\ehome\ehtray.exe
1704 C:\Program Files\Windows Media Player\wmpnetwk.exe
1700 C:\Program Files\FinePixViewer\QuickDCF2.exe
3168 C:\Program Files\ExitWin\ew.exe
3928 C:\Program Files\Process Explorer\procexp.exe
3552 ehmsas.exe
3368 C:\Windows\System32\svchost.exe
3384 C:\Program Files\HDDlife\HDDlifePro.exe
3712 C:\Program Files\HDDlife\HDDlifePro.exe
3104 C:\Windows\System32\svchost.exe
3388 C:\Users\User\Desktop\osam_autorun_manager_5_0_portable\osam.exe
2656 C:\Program Files\Mozilla Firefox\firefox.exe
3348 C:\Users\User\Desktop\MBRCheck.exe
4984 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`32900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000015`32a00000 (NTFS)
PhysicalDrive0 Model Number: ST3500620AS, Rev: SD25
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
nobody63 |
|
23.03.2011, 20:10
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.03.2011, 17:14
| #20 |
| | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Hallo Arne, so, nun endlich die angeforderten Logs! Hier das SuperAntiSpyware: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/24/2011 at 05:01 PM
Application Version : 4.50.1002
Core Rules Database Version : 6666
Trace Rules Database Version: 4478
Scan type : Complete Scan
Total Scan Time : 01:55:13
Memory items scanned : 700
Memory threats detected : 0
Registry items scanned : 8180
Registry threats detected : 0
File items scanned : 184124
File threats detected : 30
Adware.Tracking Cookie
C:\Users\Familie Ratai\AppData\Roaming\Microsoft\Windows\Cookies\familie_ratai@advertising[2].txt
C:\Users\Familie Ratai\AppData\Roaming\Microsoft\Windows\Cookies\familie_ratai@imrworldwide[2].txt
ads2.msads.net [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
advprotraffic.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
akamai.smartadserver.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
cdn1.eyewonder.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
cdn5.specificclick.net [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
ds.serving-sys.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
ec.www.teenmodels.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
imagesrv.adition.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
join.fuckyoucash.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
m.doubleclick.net [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
media.scanscout.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
media01.kyte.tv [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
msntest.serving-sys.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
naiadsystems.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
objects.tremormedia.eu [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
sexandsubmission.cc [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
static.pornturbo.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
static.sexsearchcom.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
track.webgains.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
vidii.hardsextube.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
www.maxporn.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
www.mofosex.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
www.naiadsystems.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
www.pornhub.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
www.porntube.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
www.secmedia.de [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
www.sexepass.tv [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
wwwstatic.megaporn.com [ C:\System Rollback Data\Restore\Current\42657\20\Target\Users\User\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KBFURL9D ]
|
|
24.03.2011, 17:21
| #21 |
| | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Das OSAM hatte ich nochmal durchgeführt, weil ich nicht sicher war, ob das gestern alles richtig geklappt hatte. OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 14:17:46 on 24.03.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Google Inc. Google Chrome 0.0.0.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Computer, Inc." - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "BackOnTrack Instant Restore Idle.job" - "Sonic Solutions" - c:\Program Files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Computer, Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\Users\FAMILI~1\AppData\Local\Temp\catchme.sys (File not found) "IEEE-1284.4 Driver HPZid412" (HPZid412) - "HP" - C:\Windows\System32\DRIVERS\HPZid412.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\Windows\System32\drivers\pfc.sys "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "SysCow" (SysCow) - "Sonic Solutions" - C:\Windows\System32\drivers\syscow32v.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {BD758015-47D9-477A-8873-4B688A2BC0E2} "hlRegister Class" - "BinarySense, Inc." - C:\Program Files\Common Files\BinarySense\hlAPP.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Google" - "Google Germany GmbH" - c:\program files\google\googletoolbar1.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} "Winamp Search Class" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_10" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1227390465593&h=80f5dd0efea1362984523e05726b4016/&filename=jinstall-6u10-windows-i586-jc.cab {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} "Java Plug-in 1.6.0_10" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_10" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_10.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? - (File not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Google" - "Google Germany GmbH" - c:\program files\google\googletoolbar1.dll <binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {0124123D-61B4-456f-AF86-78C53A0790C5} "G DATA WebFilter" - ? - (File not found | COM-object registry key not found) {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {201f27d4-3704-41d6-89c1-aa35e39143ed} "AskBar BHO" - "Ask.com" - C:\Program Files\AskBarDis\bar\bin\askBar.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\program files\google\googletoolbar1.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {C56CB6B0-0D96-11D6-8C65-B2868B609932} "NTIECatcher Class" - "Xi" - C:\Program Files\NetTransport\NTIEHelper.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - ? - (File not found) {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar Loader" - "AOL LLC." - C:\Program Files\Winamp Toolbar\winamptb.dll {0124123D-61B4-456f-AF86-78C53A0790C5} "{0124123D-61B4-456f-AF86-78C53A0790C5}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Familie Ratai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "ExifLauncher2.lnk" - "FUJIFILM Corporation" - C:\Program Files\FinePixViewer\QuickDCF2.exe (Shortcut exists | File exists) "ExitWin.lnk" - "Mirko Böer" - C:\Program Files\ExitWin\ew.exe (Shortcut exists | File exists) "PHOTOfunSTUDIO -viewer-.lnk" - "Matsushita Electric Industrial Co., Ltd." - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Shortcut exists | File exists) "PowerPro.lnk" - "RJL Software, Inc." - C:\Programme\delayexec\delayexec.exe (Shortcut exists | File exists) "Process Explorer.lnk" - "Sysinternals" - C:\Program Files\Process Explorer\procexp.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Picasa Media Detector" - "Google Inc." - C:\Program Files\Picasa2\PicasaMediaDetector.exe "SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe "EEventManager" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "Google EULA Launcher" - " " - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Computer, Inc." - "C:\Program Files\QuickTime\qttask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe" "WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "hpzlnt09" - "HP" - C:\Windows\system32\hpzlnt09.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe "BOTService" (BOTService) - "Sonic Solutions" - c:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "HDDlife HDD Access service" (HDDlife HDD Access service) - "BinarySense, Inc." - C:\Program Files\Common Files\BinarySense\hldasvc.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Roxio SAIB Service" (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - ? - c:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe "UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Und der Vollscann von AntiMalware. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6130
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
23.03.2011 22:25:04
mbam-log-2011-03-23 (22-25-04).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 297458
Laufzeit: 1 Stunde(n), 2 Minute(n), 30 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
nobody63 |
|
24.03.2011, 18:37
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2011, 18:09
| #23 |
| | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Hallo Arne, ich wollte schon antworten, dass alles okay ist, aber heute hat Antivir wieder was gefunden: Java/Exdoer.Y Anbei der Schluss vom Antivir Report (die ganze Datei ist zu groß). Code:
ATTFilter searchbox.png
Thumbs.db
C:\Program Files\Windows Sidebar\Shared Gadgets\eBaySearch.Gadget\js\
eBaySearch.js
local.js
Beginne mit der Desinfektion:
C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\
5b0c76db-75a800c1
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Exdoer.Y
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48be77d6.qua' verschoben!
Ende des Suchlaufs: Samstag, 26. März 2011 12:50
Benötigte Zeit: 59:52 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
23171 Verzeichnisse wurden überprüft
377476 Dateien wurden geprüft
8 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
116 Dateien konnten nicht durchsucht werden
377352 Dateien ohne Befall
4235 Archive wurden durchsucht
73 Warnungen
122 Hinweise
Gruß, nobody63 |
|
26.03.2011, 20:25
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Das ist nur was im java-Cache. Leere den mal zB über den CCleaner.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2011, 09:21
| #25 |
| | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Hallo Arne, habe neulich den CCleaner laufen lassen. Und nun die vergangenen 2 Tage keine Funde, Internet läuft wie gewohnt. Für mich schaut es jetzt wieder ok aus! Ist es sinnvoll hin und wieder CCleaner und /oder Malwarebytes Antimalware oder eines der anderen Programme laufen zu lassen? Grüße, nobody63 |
|
29.03.2011, 15:40
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Nö brauchste nicht unbedingt. Dann wären wir durch!  Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink: Mozilla und andere Browser => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2011, 14:28
| #27 |
| | AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 Hallo Arne, vielen Dank für die Tips! Habe den Abobe Reader gleich entsorgt und Java auch upgedatet. Danke auch für die schnelle Hilfe! Ihr macht hier einen super Job!  Ich werde mich hier im Forum öfter mal schlau machen und auf dem Laufenden halten. Grüße, nobody63 |
|
| Themen zu AVIRA AntiVir findet TR/Crypt.XPACK.Gen3 und TR/Spy.399872.36 |
| anbieter, antimalware, antivir, automatisch, avira, avira antivir, computer, data, gelöscht, geschlossen, hallo zusammen, liste, lizenz, log-datei, logdateien, malwarebytes, malwarebytes antimalware, probleme, programm, scan, security, speicher, speichern, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/spy., version, vista |
Linear-Darstellung
