| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Dropper.Gen [trojan].Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.03.2011, 13:25
| #1 |
 | ![TR/Dropper.Gen [trojan]. - Standard](images/icons/icon1.gif){kind=icon} TR/Dropper.Gen [trojan]. Hallo, Ich hab mir letztens blöderweise den TR/Dropper Gen eingefangen und hab keine Ahnung, was jetzt genau los ist. Bisher habe Ich noch keine Veränderungen im Computerbetrieb feststellen können und wollte einfach mal fragen, ob sich jemand meine Logs mal anschauen könnte und evtl. Entwarnung geben könnte. Der TR/Dropper Gen wurde von Avira erkannt und in die Quarantäne verschoben. Wenn Ich jetzt einen Systemcheck von avira machen lasse findet er auch nichts mehr. Malwarebytes hab Ich auch durchlaufen lassen, hat aber nichts gefunden. Auf jeden Fall kommen hier jetzt erst mal die drei Logs, die ich nach Anleitung angefertigt habe. OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 30.03.2011 12:20:16 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\***\Neuer Ordner Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116,44 Gb Total Space | 44,28 Gb Free Space | 38,03% Space Free | Partition Type: NTFS Drive D: | 108,63 Gb Total Space | 54,59 Gb Free Space | 50,25% Space Free | Partition Type: NTFS Computer Name: ***LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.30 12:09:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\***\Neuer Ordner\OTL.exe PRC - [2011.03.26 22:02:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.03.17 00:38:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.03 22:09:59 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 22:09:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.09.01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe ========== Modules (SafeList) ========== MOD - [2011.03.30 12:09:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\***\Neuer Ordner\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2008.01.18 23:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService) SRV - [2011.03.17 00:38:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.03 22:09:59 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) ========== Driver Services (SafeList) ========== DRV - [2011.03.17 00:38:34 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.22 16:22:10 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.05.07 09:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.03.07 13:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2007.05.14 19:37:59 | 007,115,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.03.06 20:17:03 | 001,737,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.03.06 15:15:57 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.02.16 10:50:31 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.01.24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2006.12.14 17:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.22 19:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2005.03.02 01:00:00 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: betteryoutube@ginatrapani.org:0.4.3 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.2 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.26 22:02:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.26 22:02:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008.06.23 22:27:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.09.11 19:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.30 12:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions [2011.03.17 15:35:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.02.11 02:14:26 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2008.09.11 19:18:54 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\betteryoutube@ginatrapani.org [2011.03.30 12:12:49 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\firegestures@xuldev.org [2008.07.21 13:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2008.09.11 19:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org [2009.06.14 00:50:06 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2010.10.02 22:17:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.02 22:17:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.10.02 22:17:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.02 22:17:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.02 22:17:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [fsm] File not found O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\Shell\AutoRun\command - "" = H:\setup.exe O33 - MountPoints2\{2f2285fa-2750-11de-9df7-001e8c3f040d}\Shell\AutoRun\command - "" = F:\umenu.exe O33 - MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\Shell - "" = AutoRun O33 - MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\ASScrProlog.exe () MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\ASScrPro.exe () MsConfig - StartUpReg: ASUSTPE - hkey= - key= - File not found MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: MobileConnect - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found MsConfig - StartUpReg: PowerForPhone - hkey= - key= - C:\Program Files\PowerForPhone\PowerForPhone.exe () MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) MsConfig - StartUpReg: Ulead AutoDetector - hkey= - key= - C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.) MsConfig - StartUpReg: Ulead Photo Express 5 SE Calendar Checker - hkey= - key= - C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe (Ulead Systems, Inc.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.03.30 12:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.03.30 12:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2011.03.27 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.03.27 20:00:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.27 20:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.27 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.27 20:00:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.27 20:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.03.17 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games [2011.03.04 23:34:14 | 000,559,024 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.v12.1.1.ocx [2011.03.04 23:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flv Audio Video Extractor [2011.03.04 23:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Flv Audio Video Extractor [2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.03.30 12:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8D7CCD0-48E9-49D0-B640-88CE57215E39}.job [2011.03.30 12:17:15 | 000,000,740 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.03.30 12:17:15 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.03.30 12:16:48 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.30 12:16:48 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.30 12:16:48 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.30 12:16:48 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.30 12:11:48 | 000,027,430 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2011.03.30 12:11:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.30 12:11:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.30 12:11:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.30 12:11:08 | 2012,397,568 | -HS- | M] () -- C:\hiberfil.sys [2011.03.30 12:10:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.30 11:06:39 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9E262CA9-48E4-48A3-87FB-51D343401A66}.job [2011.03.18 15:25:05 | 000,414,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.03.17 00:38:34 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.04 23:34:14 | 000,000,864 | ---- | M] () -- C:\Users\***\Desktop\Flv Audio Video Extractor.lnk [2011.03.01 22:50:59 | 000,045,056 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2011.03.30 12:17:15 | 000,000,740 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.03.30 12:17:15 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.03.17 22:36:36 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [2011.03.04 23:34:14 | 000,000,864 | ---- | C] () -- C:\Users\***\Desktop\Flv Audio Video Extractor.lnk [2010.01.25 17:00:35 | 000,030,247 | ---- | C] () -- C:\Windows\scunin.dat [2009.12.15 15:45:46 | 000,016,903 | ---- | C] () -- C:\Windows\DIIUnin.dat [2009.11.14 00:56:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.11.14 00:56:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.12 22:49:28 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.08.03 11:33:41 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2009.03.30 16:40:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.03.30 16:40:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.03.30 16:40:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2008.11.13 22:41:44 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.11.13 22:41:44 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.10.14 17:43:23 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.09.12 13:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.06.23 16:23:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.06.16 22:04:34 | 000,000,321 | ---- | C] () -- C:\Windows\ulead32.ini [2008.06.16 21:54:26 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.06.16 19:34:34 | 000,027,430 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.06.12 16:22:38 | 000,027,430 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.06.12 00:08:19 | 000,045,056 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.12 00:01:27 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2008.04.29 08:02:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2008.04.29 07:56:47 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe [2008.04.29 07:56:36 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe [2008.04.29 07:56:34 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2008.04.12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.04.12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe [2007.04.18 11:14:04 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.04.18 11:14:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.04.18 11:14:04 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.04.18 11:14:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.04.18 10:33:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.03.06 20:17:03 | 001,737,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,414,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 12:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe [2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\***\AppData\Roaming\MafiaSetup.exe ========== LOP Check ========== [2008.06.23 22:41:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2009.08.09 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2008.07.20 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDFab [2011.03.28 21:02:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager [2008.06.23 22:39:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Toolbar [2008.07.04 21:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2009.06.14 15:41:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2008.10.14 17:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2008.06.23 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Informer [2008.06.23 21:31:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2008.09.09 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone [2011.03.30 12:10:21 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.03.30 11:06:39 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9E262CA9-48E4-48A3-87FB-51D343401A66}.job [2011.03.30 12:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A8D7CCD0-48E9-49D0-B640-88CE57215E39}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.06.12 16:18:21 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.04.29 05:54:47 | 000,000,000 | ---D | M] -- C:\ADOBE [2009.12.01 10:51:08 | 000,000,000 | -HSD | M] -- C:\Boot [2008.06.23 19:55:37 | 000,000,000 | ---D | M] -- C:\CDDB [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.03.30 12:08:35 | 000,000,000 | ---D | M] -- C:\Downloads [2008.06.22 20:24:44 | 000,000,000 | ---D | M] -- C:\My Music [2008.04.29 05:51:11 | 000,000,000 | ---D | M] -- C:\NIS [2009.09.12 23:55:15 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.07.04 20:41:47 | 000,000,000 | ---D | M] -- C:\PerfLogs [2008.04.28 18:14:03 | 000,000,000 | ---D | M] -- C:\Preload [2011.03.30 12:17:14 | 000,000,000 | R--D | M] -- C:\Programme [2011.03.27 20:00:33 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.01.05 07:36:44 | 000,000,000 | ---D | M] -- C:\Programme [2011.03.30 12:21:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.06.22 20:21:11 | 000,000,000 | R--D | M] -- C:\Users [2010.08.02 16:51:48 | 000,000,000 | ---D | M] -- C:\Westwood [2011.02.23 22:51:35 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.04.29 06:32:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.04.29 06:32:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-29 14:02:52 < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.03.2011 12:20:16 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\***\Neuer Ordner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 44,28 Gb Free Space | 38,03% Space Free | Partition Type: NTFS
Drive D: | 108,63 Gb Total Space | 54,59 Gb Free Space | 50,25% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{247F3926-D08A-4CAC-A8D8-0460C36F9142}" = rport=138 | protocol=17 | dir=out | app=system |
"{264130A1-3B56-48AF-A7EF-B79D51A28B52}" = lport=139 | protocol=6 | dir=in | app=system |
"{475938AF-80CB-4A93-9292-9F81FE6F3D75}" = rport=137 | protocol=17 | dir=out | app=system |
"{580F77E8-11E2-4F13-8367-0F7E850952EA}" = lport=445 | protocol=6 | dir=in | app=system |
"{58F2B9FC-57CB-4DED-8503-8A6326B57B92}" = rport=445 | protocol=6 | dir=out | app=system |
"{6814A8CE-6AAC-4681-AD60-970BF2E10DF1}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F0967BB-B7A4-436E-B8C9-D07FA0BCF0EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BFF2201E-5FF1-4B74-AEEC-BDB6CE4963C0}" = rport=139 | protocol=6 | dir=out | app=system |
"{C7AFC9C8-A754-422A-AF00-B0DAC6347BFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D42688D0-FFCB-47CE-B836-457F21D75615}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FF959A-4D02-495F-BC6E-3A1AF8DC8A16}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{08F5D5EA-9A17-49B9-A279-12DAFC137E7A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1992F291-D0C7-4CC2-BAEE-505CEDDB0D91}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{22AA1750-67BD-4235-AF32-D481E8C7BA0F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3F509C62-0DE3-4A3F-A292-1027CB3E7DAE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5BA1DD14-D773-431D-9D4C-F0C89F3B7923}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{831616DB-AD8C-4625-B9B4-6695A0A56429}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{96B12EC4-4E18-4B02-AEDD-78186F3A0AD2}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{ADD4B7FE-5E99-46F6-A597-E3CA865EBC35}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{D133ACE8-3C03-4483-ACB4-78557C704BA6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D2AB1CBA-D791-4548-8F97-8AE77127412A}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{FC2FF3D3-BABF-49B1-B1EF-7B25E29E4046}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"TCP Query User{0CF6FD06-8256-423B-853E-90BDE1C443FE}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{10A60E74-46DD-4E0B-A797-893871D3A92E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{AFAD91B0-DEFE-493C-88E5-3CBE84021FDF}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{0842F692-1067-409F-A847-36006F67D245}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{466204E1-5227-45AE-8EEA-0C250EEAA27C}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{72668DDC-F61D-4684-AB14-4E15B7175A9D}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1A9C3B2E-360E-4353-8E17-312342E24194}" = Speed-Link SL-6535 USB Pad
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"Digital Camera Driver" = Digital Camera Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EAX Unified" = EAX Unified
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"Flv Audio Video Extractor_is1" = Flv Audio Video Extractor 2.0
"Free Download Manager_is1" = Free Download Manager 3.0
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Mp3tag" = Mp3tag v2.41
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 0.9.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.02.2011 06:25:49 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 07.02.2011 06:25:49 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 07.02.2011 06:25:50 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 09.02.2011 12:31:35 | Computer Name = ***Laptop | Source = System Restore | ID = 8193
Description =
Error - 09.02.2011 12:31:35 | Computer Name = ***Laptop | Source = System Restore | ID = 8210
Description =
Error - 09.02.2011 13:24:39 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 13.02.2011 17:47:56 | Computer Name = ***Laptop | Source = EventSystem | ID = 4622
Description =
Error - 26.02.2011 08:58:51 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 27.02.2011 11:18:08 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description =
Error - 01.03.2011 14:58:48 | Computer Name = ***Laptop | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 12ec Anfangszeit: 01cbd8380bf077e0 Zeitpunkt der Beendigung:
16
[ System Events ]
Error - 31.01.2011 18:49:46 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 08.02.2011 15:54:13 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 10.02.2011 20:13:03 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 14.02.2011 07:46:03 | Computer Name = ***Laptop | Source = Print | ID = 6161
Description = Das Dokument Das*Örtliche Telefonbuch mit Telefonnummern, Telefonauskunft
mit Stadtplan im Besitz von *** konnte nicht auf dem Drucker Canon MP540 series
Printer gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken, oder starten
Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes:
857424. Anzahl der gedruckten Bytes: 526560. Gesamtanzahl der Seiten des Dokuments:
5. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\***LAPTOP. Vom Druckprozessor
zurückgegebener Win32-Fehlercode: 1. Unzulässige Funktion.
Error - 14.02.2011 07:47:06 | Computer Name = ***Laptop | Source = Print | ID = 6161
Description = Das Dokument Das*Örtliche Telefonbuch mit Telefonnummern, Telefonauskunft
mit Stadtplan im Besitz von *** konnte nicht auf dem Drucker Canon MP540 series
Printer gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken, oder starten
Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes:
196608. Anzahl der gedruckten Bytes: 92604. Gesamtanzahl der Seiten des Dokuments:
5. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\***LAPTOP. Vom Druckprozessor
zurückgegebener Win32-Fehlercode: 1. Unzulässige Funktion.
Error - 24.02.2011 21:13:08 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 18.03.2011 16:07:27 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 23.03.2011 22:01:16 | Computer Name = ***Laptop | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Atheros AR5007EG Wireless Network Adapter" (PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&14aa9c8c&0&0068)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 29.03.2011 09:40:39 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 30.03.2011 06:09:49 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7034
Description =
< End of report >
Gmer.txt GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-30 13:05:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST9250827AS rev.3.AAA
Running: g2m3e4r.exe; Driver: C:\Users\***\AppData\Local\Temp\kxliqkow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B803340, 0x3442A7, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Hier hab Ich auch noch die Ereignisse, die Avira gemeldet hat: 21:52:54 In der Datei 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ajdm1508.default\Cache\84CEA0DCd01' wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff erlauben 21:53:51 In der Datei 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ajdm1508.default\Cache\84CEA0DCd01' wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 21:53:53 Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 59 Anzahl Verzeichnisse: 0 Anzahl Malware: 1 Anzahl Fehler: 0 21:53:53 Die Datei 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ajdm1508.default\Cache\84CEA0DCd01' enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49bcf3ae.qua' verschoben! Hoffe Ich habe alles richtig gemacht. Danke schon mal! falls nötig, kann ich auch HijackThis noch mal drüberlaufen lassen |
|
31.03.2011, 14:44
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Dropper.Gen [trojan].Zitat:
__________________ |
|
31.03.2011, 15:39
| #3 |
| | TR/Dropper.Gen [trojan]. hier der Komplett scan von Malwarebytes
__________________Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6185 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 27.03.2011 21:05:06 mbam-log-2011-03-27 (21-05-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 268080 Laufzeit: 56 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) meinst du die Pfadangaben von dem Virus? stehen die nicht in den Avira Ereignissen, die Ich ganz unten Drangesetzt habe? wenn nicht wo find Ich die denn? |
|
31.03.2011, 16:20
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.Gen [trojan].Zitat:
 Mehr steht danicht an Funden? Weitere Logs von Malwraebytes hast du nicht?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.03.2011, 17:04
| #5 |
| | TR/Dropper.Gen [trojan]. nur ein paar quick scans, in denen allerdings auch nichts gefunden wurde Ich hab eben nochmal nen quick scan durchgefürt mit dem selben Ergebnis Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6227 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 31.03.2011 18:01:03 mbam-log-2011-03-31 (18-01-03).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 144032 Laufzeit: 4 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) kann es den sein, dass Avira den Virus tatsächlich komplett abgewehrt hat? Ach so, Ich hab noch eine kurze Frage und hoffe einfach mal, dass das jetzt hier angebracht ist. Als ich vor ca. 20 min. die Trojaner board Seite Laden wollte, kam nur folgende Fehlermeldung: Schwerer Fehler: APC not installed in [path]/includes/class_datastore.php (Zeile 386) hat das irgendwas mit euren Servern zu tun oder wie kann Ich mir das erklären? Danke |
|
31.03.2011, 17:46
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.Gen [trojan]. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [fsm] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{2f2285fa-2750-11de-9df7-001e8c3f040d}\Shell\AutoRun\command - "" = F:\umenu.exe
O33 - MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> TR/Dropper.Gen [trojan]. |
|
01.04.2011, 10:51
| #7 |
| | TR/Dropper.Gen [trojan]. Hier ist das Log All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\ not found. File G:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\ not found. File H:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f2285fa-2750-11de-9df7-001e8c3f040d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f2285fa-2750-11de-9df7-001e8c3f040d}\ not found. File F:\umenu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\ not found. File F:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\ not found. File F:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\ not found. File F:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\ not found. File G:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\ not found. File F:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\ not found. File F:\setup.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\setup.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes User: Default User User: Public User: *** ->Temp folder emptied: 153563 bytes ->FireFox cache emptied: 49345589 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3286 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 47,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04012011_114034 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
01.04.2011, 14:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.Gen [trojan]. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.04.2011, 16:55
| #9 |
| | TR/Dropper.Gen [trojan]. Der Laptop ist jetzt absolut lahm und Ich komme nicht einmal mehr in den mozilla Browser rein. da kommt immer eine Meldung: Es wurde Versucht, einen Registrierungsschlüssel einemunzulässigen Vorgang zu unterziehen, der zum löschen markiert wurde. wird das wieder? Hier auf jeden Fall das Log von Cofi Combofix Logfile: Code:
ATTFilter ComboFix 11-03-31.04 - *** 01.04.2011 16:10:33.1.2 - x86
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-01 bis 2011-04-01 ))))))))))))))))))))))))))))))
.
.
2011-04-01 14:33 . 2011-04-01 14:34 -------- d-----w- c:\users\***\AppData\Local\temp
2011-04-01 14:33 . 2011-04-01 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-01 09:36 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35BCDB2D-C17B-4D03-B710-006F394C2C9E}\mpengine.dll
2011-03-30 10:17 . 2011-03-30 10:17 -------- d-----w- c:\program files\ERUNT
2011-03-27 18:00 . 2011-03-27 18:00 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-03-27 18:00 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-27 18:00 . 2011-03-27 18:00 -------- d-----w- c:\programdata\Malwarebytes
2011-03-27 18:00 . 2011-03-27 18:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-27 18:00 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 13:13 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 13:13 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 13:13 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-17 20:36 . 1999-01-21 08:00 56832 ------w- c:\windows\system32\iyvu9_32.dll
2011-03-17 20:36 . 1999-01-21 08:00 143872 ------w- c:\windows\system32\iacenc.dll
2011-03-17 20:36 . 2011-03-17 20:36 1622016 ------w- c:\program files\Microsoft Games\Age of Empires\EMPIRES.EXE
2011-03-17 20:36 . 2011-03-17 20:36 1513984 ------w- c:\program files\Microsoft Games\Age of Empires\EMPIRESX.EXE
2011-03-17 20:36 . 2011-03-17 20:36 315457 ------w- c:\program files\Microsoft Games\Age of Empires\Uninstal.Exe
2011-03-17 20:36 . 2011-03-17 20:36 2752512 ------w- c:\program files\Microsoft Games\Age of Empires\SETUPENU.DLL
2011-03-17 20:36 . 2011-03-17 20:36 211456 ------w- c:\program files\Microsoft Games\Age of Empires\language.dll
2011-03-17 20:36 . 2011-03-17 20:36 163840 ------w- c:\program files\Microsoft Games\Age of Empires\languagex.dll
2011-03-17 20:36 . 2011-03-17 20:36 29184 ------w- c:\program files\Microsoft Games\Age of Empires\data2\closedpw.exe
2011-03-17 20:35 . 2011-03-17 20:35 29184 ------w- c:\program files\Microsoft Games\Age of Empires\data\closedpw.exe
2011-03-17 20:35 . 2011-03-17 20:35 33280 ------w- c:\program files\Microsoft Games\Age of Empires\AoEHlp.dll
2011-03-17 20:35 . 2011-03-17 20:35 27648 ------w- c:\program files\Microsoft Games\Age of Empires\aelaunch.dll
2011-03-16 22:47 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-16 22:47 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-16 22:47 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-16 22:47 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-16 22:47 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-16 22:47 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-04 21:34 . 2011-03-04 21:34 -------- d-----w- c:\program files\Flv Audio Video Extractor
2011-03-04 21:34 . 2008-11-28 11:32 559024 ----a-w- c:\windows\system32\Codejock.SkinFramework.v12.1.1.ocx
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 22:38 . 2009-06-13 20:17 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 17:11 . 2009-10-02 16:37 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-11 00:25 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-11 00:25 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-11 00:25 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-11 00:25 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-11 00:25 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-11 00:25 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-11 00:25 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-11 00:25 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-11 00:25 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-11 00:25 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-11 00:25 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-11 00:25 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-11 00:25 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-11 00:25 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-11 00:25 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-11 00:25 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-11 00:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-11 00:25 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-11 00:25 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-11 00:25 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-11 00:25 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-11 00:25 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-11 00:25 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-11 00:25 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-11 00:25 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-11 00:23 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-11 00:23 292352 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-02 7518752]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-02 1833504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-04-29 05:56 37232 ----a-w- c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-04-29 05:56 33136 ----a-w- c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSTPE]
2007-01-16 23:13 106496 ----a-w- c:\windows\System32\ASUSTPE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 15:27 61440 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 21:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-05-14 17:37 81920 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-05-14 17:37 86016 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-06-26 17:10 778240 ----a-w- c:\program files\PowerForPhone\PowerForPhone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-06-02 16:29 7518752 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-06-02 16:30 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-09-03 05:29 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2003-11-19 11:03 45056 ------w- c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express 5 SE Calendar Checker]
2004-01-12 18:40 69632 ----a-w- c:\program files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVMUNET;Eumex 300 IP;c:\windows\system32\DRIVERS\avmunet.sys [2005-03-01 15104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-01 c:\windows\Tasks\User_Feed_Synchronization-{9E262CA9-48E4-48A3-87FB-51D343401A66}.job
- c:\windows\system32\msfeedssync.exe [2011-02-11 04:47]
.
2011-04-01 c:\windows\Tasks\User_Feed_Synchronization-{A8D7CCD0-48E9-49D0-B640-88CE57215E39}.job
- c:\windows\system32\msfeedssync.exe [2011-02-11 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {977D0D2C-2DDF-44A2-9997-4D7002DB00CD} = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ajdm1508.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Better YouTube: betteryoutube@ginatrapani.org - %profile%\extensions\betteryoutube@ginatrapani.org
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-01 16:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-398081310-3755098964-2632301565-1000\Software\SecuROM\License information*]
"datasecu"=hex:4a,9c,68,39,7f,bf,23,b1,65,3c,ad,1d,e4,4c,e9,2d,da,7e,2c,e0,05,
8b,fa,83,e1,bb,f7,c7,7f,cf,0a,e0,7c,46,8a,0b,4b,e4,db,f9,7c,bd,c1,89,d7,9e,\
"rkeysecu"=hex:59,2d,a5,52,3f,0b,99,07,a6,81,7e,cd,39,5a,7c,77
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-01 16:37:39
ComboFix-quarantined-files.txt 2011-04-01 14:37
.
Vor Suchlauf: 14 Verzeichnis(se), 47.298.654.208 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 47.666.827.264 Bytes frei
.
- - End Of File - - 3D47323BFCCEC44D66B56DD270E9AC9B
|
|
01.04.2011, 18:55
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.Gen [trojan]. Starte Windows neu, danach dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2011, 08:55
| #11 |
| | TR/Dropper.Gen [trojan]. tdsskiller hat nichts gefunden Hier ist der Report Danke schön 2011/04/02 09:47:35.0064 2264 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/02 09:47:35.0486 2264 ================================================================================ 2011/04/02 09:47:35.0486 2264 SystemInfo: 2011/04/02 09:47:35.0486 2264 2011/04/02 09:47:35.0486 2264 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/02 09:47:35.0486 2264 Product type: Workstation 2011/04/02 09:47:35.0486 2264 ComputerName: ***LAPTOP 2011/04/02 09:47:35.0486 2264 UserName: *** 2011/04/02 09:47:35.0486 2264 Windows directory: C:\Windows 2011/04/02 09:47:35.0486 2264 System windows directory: C:\Windows 2011/04/02 09:47:35.0486 2264 Processor architecture: Intel x86 2011/04/02 09:47:35.0486 2264 Number of processors: 2 2011/04/02 09:47:35.0486 2264 Page size: 0x1000 2011/04/02 09:47:35.0486 2264 Boot type: Normal boot 2011/04/02 09:47:35.0486 2264 ================================================================================ 2011/04/02 09:47:35.0860 2264 Initialize success 2011/04/02 09:47:47.0763 2092 ================================================================================ 2011/04/02 09:47:47.0763 2092 Scan started 2011/04/02 09:47:47.0763 2092 Mode: Manual; 2011/04/02 09:47:47.0763 2092 ================================================================================ 2011/04/02 09:47:48.0652 2092 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/02 09:47:48.0714 2092 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/02 09:47:48.0792 2092 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/04/02 09:47:48.0839 2092 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/04/02 09:47:48.0870 2092 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/04/02 09:47:49.0011 2092 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/02 09:47:49.0104 2092 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/04/02 09:47:49.0151 2092 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/02 09:47:49.0229 2092 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/04/02 09:47:49.0276 2092 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/04/02 09:47:49.0323 2092 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/04/02 09:47:49.0401 2092 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/04/02 09:47:49.0448 2092 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/04/02 09:47:49.0604 2092 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/04/02 09:47:49.0682 2092 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/04/02 09:47:49.0791 2092 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys 2011/04/02 09:47:49.0931 2092 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/02 09:47:49.0978 2092 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/04/02 09:47:50.0056 2092 athr (dcdfc3a5a8b239055aab6bd975ada889) C:\Windows\system32\DRIVERS\athr.sys 2011/04/02 09:47:50.0259 2092 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/04/02 09:47:50.0384 2092 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/02 09:47:50.0446 2092 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/02 09:47:50.0508 2092 AVMUNET (077b3692f4376d1539755761feef659a) C:\Windows\system32\DRIVERS\avmunet.sys 2011/04/02 09:47:50.0633 2092 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/02 09:47:50.0805 2092 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/02 09:47:50.0852 2092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/02 09:47:50.0898 2092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/02 09:47:50.0961 2092 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/02 09:47:50.0992 2092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/02 09:47:51.0039 2092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/02 09:47:51.0117 2092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/02 09:47:51.0148 2092 BthEnum (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/02 09:47:51.0226 2092 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/02 09:47:51.0273 2092 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/02 09:47:51.0320 2092 BTHPORT (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys 2011/04/02 09:47:51.0366 2092 BTHUSB (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/02 09:47:51.0554 2092 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/02 09:47:51.0632 2092 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/02 09:47:51.0694 2092 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/04/02 09:47:51.0756 2092 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/02 09:47:51.0897 2092 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/02 09:47:51.0959 2092 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/04/02 09:47:52.0006 2092 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/02 09:47:52.0053 2092 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/02 09:47:52.0100 2092 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/04/02 09:47:52.0224 2092 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/02 09:47:52.0396 2092 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/02 09:47:52.0490 2092 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/02 09:47:52.0583 2092 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/02 09:47:52.0661 2092 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/02 09:47:52.0770 2092 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/02 09:47:52.0880 2092 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/04/02 09:47:53.0020 2092 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/02 09:47:53.0051 2092 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/02 09:47:53.0145 2092 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/02 09:47:53.0207 2092 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/02 09:47:53.0254 2092 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/02 09:47:53.0301 2092 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/02 09:47:53.0379 2092 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/02 09:47:53.0472 2092 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/02 09:47:53.0550 2092 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/02 09:47:53.0660 2092 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 2011/04/02 09:47:53.0800 2092 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/02 09:47:53.0878 2092 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/02 09:47:53.0956 2092 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/02 09:47:53.0987 2092 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/02 09:47:54.0065 2092 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/02 09:47:54.0143 2092 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/04/02 09:47:54.0206 2092 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/04/02 09:47:54.0346 2092 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/04/02 09:47:54.0393 2092 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/04/02 09:47:54.0455 2092 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/02 09:47:54.0518 2092 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/04/02 09:47:54.0658 2092 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/02 09:47:54.0830 2092 IntcAzAudAddService (4440fd5ee670dfbbbfdb9742ea8f51e6) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/02 09:47:55.0032 2092 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2011/04/02 09:47:55.0095 2092 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/02 09:47:55.0204 2092 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/02 09:47:55.0329 2092 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/02 09:47:55.0407 2092 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/02 09:47:55.0469 2092 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/02 09:47:55.0532 2092 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/04/02 09:47:55.0594 2092 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/02 09:47:55.0641 2092 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/02 09:47:55.0688 2092 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/02 09:47:55.0750 2092 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/02 09:47:55.0828 2092 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/04/02 09:47:55.0890 2092 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys 2011/04/02 09:47:55.0984 2092 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/02 09:47:56.0078 2092 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/02 09:47:56.0202 2092 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/02 09:47:56.0249 2092 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/02 09:47:56.0312 2092 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/02 09:47:56.0358 2092 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/02 09:47:56.0452 2092 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/04/02 09:47:56.0499 2092 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/02 09:47:56.0608 2092 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys 2011/04/02 09:47:56.0686 2092 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/02 09:47:56.0733 2092 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/02 09:47:56.0795 2092 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/02 09:47:56.0873 2092 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/02 09:47:56.0936 2092 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/04/02 09:47:57.0029 2092 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/02 09:47:57.0092 2092 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/02 09:47:57.0170 2092 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/02 09:47:57.0216 2092 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/02 09:47:57.0263 2092 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/02 09:47:57.0294 2092 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/02 09:47:57.0357 2092 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/04/02 09:47:57.0388 2092 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/04/02 09:47:57.0497 2092 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/02 09:47:57.0591 2092 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/02 09:47:57.0669 2092 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/02 09:47:57.0731 2092 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/02 09:47:57.0809 2092 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/02 09:47:57.0887 2092 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/02 09:47:57.0981 2092 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/02 09:47:58.0043 2092 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/02 09:47:58.0152 2092 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys 2011/04/02 09:47:58.0230 2092 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/02 09:47:58.0308 2092 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/02 09:47:58.0386 2092 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/04/02 09:47:58.0496 2092 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/02 09:47:58.0542 2092 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/02 09:47:58.0620 2092 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/02 09:47:58.0745 2092 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/02 09:47:58.0808 2092 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/02 09:47:58.0870 2092 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/02 09:47:59.0026 2092 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/04/02 09:47:59.0104 2092 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/02 09:47:59.0213 2092 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/02 09:47:59.0276 2092 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/02 09:47:59.0369 2092 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/02 09:47:59.0463 2092 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/02 09:47:59.0510 2092 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/02 09:47:59.0619 2092 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys 2011/04/02 09:47:59.0915 2092 nvlddmkm (3dacd0610683cf966647636d3b7ae750) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/02 09:48:00.0134 2092 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/04/02 09:48:00.0196 2092 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys 2011/04/02 09:48:00.0258 2092 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/04/02 09:48:00.0352 2092 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/04/02 09:48:00.0524 2092 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/02 09:48:00.0633 2092 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/02 09:48:00.0680 2092 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/02 09:48:00.0742 2092 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/02 09:48:00.0836 2092 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/02 09:48:00.0914 2092 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/04/02 09:48:00.0976 2092 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/02 09:48:01.0085 2092 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/02 09:48:01.0241 2092 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/02 09:48:01.0304 2092 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/04/02 09:48:01.0413 2092 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/02 09:48:01.0491 2092 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/04/02 09:48:01.0584 2092 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/02 09:48:01.0662 2092 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/02 09:48:01.0709 2092 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/02 09:48:01.0787 2092 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/02 09:48:01.0881 2092 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/02 09:48:01.0928 2092 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/02 09:48:02.0006 2092 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/02 09:48:02.0052 2092 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/02 09:48:02.0130 2092 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/04/02 09:48:02.0177 2092 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/02 09:48:02.0255 2092 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/02 09:48:02.0364 2092 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/02 09:48:02.0442 2092 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/02 09:48:02.0505 2092 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/04/02 09:48:02.0567 2092 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS 2011/04/02 09:48:02.0630 2092 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/02 09:48:02.0723 2092 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys 2011/04/02 09:48:02.0786 2092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/02 09:48:02.0848 2092 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/02 09:48:02.0910 2092 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/02 09:48:02.0973 2092 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/02 09:48:03.0129 2092 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/04/02 09:48:03.0160 2092 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/02 09:48:03.0191 2092 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/02 09:48:03.0222 2092 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/04/02 09:48:03.0347 2092 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/04/02 09:48:03.0394 2092 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/04/02 09:48:03.0456 2092 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/04/02 09:48:03.0581 2092 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/02 09:48:03.0659 2092 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys 2011/04/02 09:48:03.0862 2092 SNP2UVC (e7230cdcc9e7b7559147cf7bc24a1d1d) C:\Windows\system32\DRIVERS\snp2uvc.sys 2011/04/02 09:48:03.0956 2092 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/02 09:48:04.0034 2092 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys 2011/04/02 09:48:04.0080 2092 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/02 09:48:04.0112 2092 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/02 09:48:04.0174 2092 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/02 09:48:04.0252 2092 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/02 09:48:04.0314 2092 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/02 09:48:04.0408 2092 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/02 09:48:04.0439 2092 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/02 09:48:04.0548 2092 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/02 09:48:04.0658 2092 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/04/02 09:48:04.0736 2092 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/02 09:48:04.0814 2092 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/02 09:48:04.0860 2092 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/02 09:48:04.0923 2092 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/02 09:48:04.0970 2092 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/02 09:48:05.0063 2092 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/02 09:48:05.0172 2092 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys 2011/04/02 09:48:05.0266 2092 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/02 09:48:05.0344 2092 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/02 09:48:05.0391 2092 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/02 09:48:05.0453 2092 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/04/02 09:48:05.0500 2092 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/02 09:48:05.0625 2092 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/02 09:48:05.0687 2092 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/04/02 09:48:05.0734 2092 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/02 09:48:05.0781 2092 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/02 09:48:05.0843 2092 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/02 09:48:05.0921 2092 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/02 09:48:05.0984 2092 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/02 09:48:06.0046 2092 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/02 09:48:06.0108 2092 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/02 09:48:06.0140 2092 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/04/02 09:48:06.0218 2092 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/02 09:48:06.0264 2092 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/02 09:48:06.0327 2092 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/02 09:48:06.0405 2092 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/02 09:48:06.0467 2092 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/02 09:48:06.0545 2092 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/02 09:48:06.0623 2092 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/02 09:48:06.0686 2092 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/04/02 09:48:06.0748 2092 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/04/02 09:48:06.0779 2092 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/04/02 09:48:06.0810 2092 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/02 09:48:06.0857 2092 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/02 09:48:06.0951 2092 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/02 09:48:07.0044 2092 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/04/02 09:48:07.0107 2092 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/02 09:48:07.0200 2092 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/02 09:48:07.0216 2092 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/02 09:48:07.0278 2092 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/04/02 09:48:07.0341 2092 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/02 09:48:07.0559 2092 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/04/02 09:48:07.0700 2092 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/02 09:48:07.0840 2092 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/02 09:48:07.0934 2092 ================================================================================ 2011/04/02 09:48:07.0934 2092 Scan finished 2011/04/02 09:48:07.0934 2092 ================================================================================ |
|
02.04.2011, 13:57
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.Gen [trojan]. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2011, 15:23
| #13 |
| | TR/Dropper.Gen [trojan]. GMER GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-02 16:07:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST9250827AS rev.3.AAA
Running: g2m3e4r.exe; Driver: C:\Users\***\AppData\Local\Temp\kxliqkow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B80D340, 0x3442A7, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)
---- EOF - GMER 1.0.15 ----
OSAM OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 16:14:35 on 02.04.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kxliqkow" (kxliqkow) - ? - C:\Users\***\AppData\Local\Temp\kxliqkow.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" - "ASUS" - C:\Windows\system32\TPESetting.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Program Files\Free Download Manager\iefdm2.dll {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} "PDF-XChange Viewer IE-Plugin" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Inkjet Printer/Scanner Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NMIndexingService" (NMIndexingService) - ? - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" (File not found) "spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBRCheck MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: ASUSTeK Computer Inc. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: ASUSTeK Computer Inc. System Product Name: F5N Logical Drives Mask: 0x0000005c Kernel Drivers (total 146): 0x82201000 \SystemRoot\system32\ntkrnlpa.exe 0x825BB000 \SystemRoot\system32\hal.dll 0x80404000 \SystemRoot\system32\kdcom.dll 0x8040B000 \SystemRoot\system32\PSHED.dll 0x8041C000 \SystemRoot\system32\BOOTVID.dll 0x80424000 \SystemRoot\system32\CLFS.SYS 0x80465000 \SystemRoot\system32\CI.dll 0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys 0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80604000 \SystemRoot\system32\drivers\acpi.sys 0x8064A000 \SystemRoot\system32\drivers\WMILIB.SYS 0x80653000 \SystemRoot\system32\drivers\msisadrv.sys 0x8065B000 \SystemRoot\system32\drivers\pci.sys 0x80682000 \SystemRoot\System32\drivers\partmgr.sys 0x80691000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80694000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8069E000 \SystemRoot\system32\drivers\volmgr.sys 0x806AD000 \SystemRoot\System32\drivers\volmgrx.sys 0x806F7000 \SystemRoot\system32\drivers\pciide.sys 0x806FE000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8070C000 \SystemRoot\System32\drivers\mountmgr.sys 0x8071C000 \SystemRoot\system32\drivers\atapi.sys 0x80724000 \SystemRoot\system32\drivers\ataport.SYS 0x80742000 \SystemRoot\system32\drivers\fltmgr.sys 0x80774000 \SystemRoot\system32\drivers\fileinfo.sys 0x80784000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8760F000 \SystemRoot\system32\drivers\ndis.sys 0x8771A000 \SystemRoot\system32\drivers\msrpc.sys 0x87745000 \SystemRoot\system32\drivers\NETIO.SYS 0x8780C000 \SystemRoot\System32\drivers\tcpip.sys 0x878F6000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x87A0E000 \SystemRoot\System32\Drivers\Ntfs.sys 0x87B1E000 \SystemRoot\system32\drivers\volsnap.sys 0x87B57000 \SystemRoot\System32\Drivers\spldr.sys 0x87B5F000 \SystemRoot\System32\Drivers\mup.sys 0x87B6E000 \SystemRoot\System32\drivers\ecache.sys 0x87B95000 \SystemRoot\system32\drivers\disk.sys 0x87BA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x87BC7000 \SystemRoot\system32\drivers\crcdisk.sys 0x87BF0000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x87A00000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x87911000 \SystemRoot\system32\DRIVERS\ATKACPI.sys 0x87919000 \SystemRoot\system32\DRIVERS\amdk8.sys 0x87929000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x87A09000 \SystemRoot\system32\DRIVERS\kbfiltr.sys 0x8793C000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x87947000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x87A0B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x87972000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x87BFB000 \SystemRoot\system32\DRIVERS\nvsmu.sys 0x8797D000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x87987000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x879C5000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x879D4000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8B205000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8B292000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys 0x8B608000 \SystemRoot\system32\DRIVERS\athr.sys 0x8B80D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8BED7000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8BF77000 \SystemRoot\System32\drivers\watchdog.sys 0x8BF83000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8BF87000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8BFB6000 \SystemRoot\system32\DRIVERS\storport.sys 0x8B800000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8B6CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8B6E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8B6EC000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8B70F000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8B71E000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8B732000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8B747000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8B80B000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8B757000 \SystemRoot\system32\DRIVERS\ks.sys 0x8B781000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8B78B000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8B798000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8B7CD000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8C402000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8C642000 \SystemRoot\system32\drivers\portcls.sys 0x8C66F000 \SystemRoot\system32\drivers\drmk.sys 0x8C694000 \SystemRoot\system32\DRIVERS\smserial.sys 0x8C784000 \SystemRoot\system32\drivers\modem.sys 0x8C791000 \SystemRoot\system32\drivers\MODEMCSA.sys 0x8C79B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8C7A4000 \SystemRoot\System32\Drivers\Null.SYS 0x8C7AB000 \SystemRoot\System32\Drivers\Beep.SYS 0x8C7B2000 \SystemRoot\System32\drivers\vga.sys 0x8C7BE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8C7DF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8C7E7000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8C7EF000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8B7DE000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8BFF7000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8B393000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B7EC000 \SystemRoot\system32\DRIVERS\smb.sys 0x8B3A9000 \SystemRoot\system32\drivers\afd.sys 0x87780000 \SystemRoot\System32\DRIVERS\netbt.sys 0x877B2000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8B3F1000 \SystemRoot\system32\DRIVERS\netbios.sys 0x879EC000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8C7FA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8C80A000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8C846000 \SystemRoot\system32\drivers\RTSTOR.SYS 0x8C858000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8C862000 \SystemRoot\System32\Drivers\dfsc.sys 0x8C879000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8C89F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8D00F000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x8D1B8000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x8D1C5000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x8D1CC000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8D1D9000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8D1E4000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x96C60000 \SystemRoot\System32\win32k.sys 0x8D1EC000 \SystemRoot\System32\drivers\Dxapi.sys 0x8D000000 \SystemRoot\system32\DRIVERS\monitor.sys 0x96E80000 \SystemRoot\System32\TSDDD.dll 0x96EA0000 \SystemRoot\System32\cdd.dll 0x8C8A1000 \SystemRoot\system32\drivers\luafv.sys 0x8C8BC000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8C8D1000 \SystemRoot\system32\drivers\spsys.sys 0x8C981000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8C991000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8C9BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8C9C5000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8C9D8000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys 0x9CA0B000 \SystemRoot\system32\drivers\HTTP.sys 0x9CA78000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9CA95000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9CAAE000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9CAC3000 \SystemRoot\system32\drivers\mrxdav.sys 0x9CAE4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9CB03000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9CB3C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9CB54000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9CB7C000 \SystemRoot\System32\DRIVERS\srv.sys 0x9CBCA000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 0x9DA06000 \SystemRoot\system32\drivers\peauth.sys 0x9DAE4000 \SystemRoot\System32\Drivers\fastfat.SYS 0x9DB0C000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9DB16000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9DB22000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x9DB37000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x9DB49000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x9DB5F000 \??\C:\Users\***\AppData\Local\Temp\kxliqkow.sys 0x77850000 \Windows\System32\ntdll.dll Processes (total 66): 0 System Idle Process 4 System 476 C:\Windows\System32\smss.exe 548 csrss.exe 600 C:\Windows\System32\wininit.exe 612 csrss.exe 644 C:\Windows\System32\services.exe 660 C:\Windows\System32\lsass.exe 668 C:\Windows\System32\lsm.exe 716 C:\Windows\System32\winlogon.exe 852 C:\Windows\System32\svchost.exe 936 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\svchost.exe 1072 C:\Windows\System32\svchost.exe 1100 C:\Windows\System32\svchost.exe 1136 C:\Windows\System32\svchost.exe 1232 C:\Windows\System32\audiodg.exe 1264 C:\Windows\System32\svchost.exe 1292 C:\Windows\System32\SLsvc.exe 1336 C:\Windows\System32\svchost.exe 1496 C:\Windows\System32\svchost.exe 1624 C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1652 C:\Program Files\ATKGFNEX\GFNEXSrv.exe 1768 C:\Windows\System32\spoolsv.exe 1792 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1804 C:\Windows\System32\svchost.exe 2016 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2032 C:\Windows\System32\svchost.exe 328 C:\Program Files\Canon\IJPLM\ijplmsvc.exe 336 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 848 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 792 C:\Windows\System32\svchost.exe 1144 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 1468 C:\Windows\System32\svchost.exe 1860 C:\Windows\System32\svchost.exe 2044 C:\Windows\System32\SearchIndexer.exe 2372 WUDFHost.exe 2664 C:\Windows\System32\dwm.exe 2696 C:\Windows\System32\taskeng.exe 2740 C:\Windows\explorer.exe 3048 C:\Program Files\ATK Hotkey\HControl.exe 3056 C:\Program Files\ATKOSD2\ATKOSD2.exe 3064 C:\Program Files\P4G\BatteryLife.exe 3168 C:\Windows\System32\taskeng.exe 3260 C:\Program Files\ATK Hotkey\ATKOSD.exe 3348 C:\Program Files\Windows Media Player\wmpnscfg.exe 3452 C:\Program Files\ATK Hotkey\KBFiltr.exe 3592 C:\Program Files\Windows Media Player\wmpnetwk.exe 3988 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 4020 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 4060 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE 4072 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 2144 C:\Program Files\Windows Sidebar\sidebar.exe 2316 C:\Windows\ehome\ehtray.exe 3140 C:\Windows\ehome\ehmsas.exe 1052 C:\Windows\System32\svchost.exe 3372 D:\***\Neuer Ordner\g2m3e4r.exe 3072 C:\Program Files\Mozilla Firefox\firefox.exe 288 C:\Program Files\Free Download Manager\fdm.exe 2592 D:\***\Neuer Ordner\Osam\osam_autorun_manager_5_0_portable\osam.exe 2904 C:\Program Files\Internet Explorer\ielowutil.exe 3028 C:\Windows\System32\notepad.exe 2176 C:\Windows\System32\SearchProtocolHost.exe 1176 C:\Windows\System32\SearchFilterHost.exe 1284 D:\***\Neuer Ordner\MBRCheck\MBRCheck.exe 3376 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f4100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`10700000 (NTFS) PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 16FACB29D75458833E397367B1DA17929157C2B3 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Danke |
|
03.04.2011, 13:29
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.Gen [trojan]. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2011, 22:14
| #15 |
| | TR/Dropper.Gen [trojan]. Tut mir leid, dass es ein bisschen länger gedauert hat. Ich hab auf jeden Fall die beiden scans durchgeführt und die haben beide nichts gefunden, hier sind die Logs. Malwarebytes Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6287 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 06.04.2011 20:17:43 mbam-log-2011-04-06 (20-17-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 271703 Laufzeit: 1 Stunde(n), 23 Minute(n), 48 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SUPERAntiSpyware SUPERAntiSpyware Scann-Protokoll SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generiert 04/06/2011 bei 11:08 PM Version der Applikation : 4.50.1002 Version der Kern-Datenbank : 6765 Version der Spur-Datenbank : 4577 Scan Art : kompletter Scann Totale Scann-Zeit : 02:39:11 Gescannte Speicherelemente : 629 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 7153 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 129563 Erfasste Datei-Elemente : 0 Danke, dass du das alles machst. |
|
| Themen zu TR/Dropper.Gen [trojan]. |
| 7-zip, antivir, audacity, autorun, avgntflt.sys, avira, benutzerregistrierung, bho, canon, codejock software, decrypter, desktop, error, firefox, flash player, frage, free download, grand theft auto, hijack, hijackthis, home, install.exe, installation, location, logfile, maßnahme, monitor.exe, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, oldtimer, realtek, registry, rundll, saver, scan, searchplugins, security, shell32.dll, software, start menu, studio, telefonnummer, telefonnummern, tr/drooper.gen, tracker, trojan, trojaner, usb 2.0, vista, warnung |
![TR/Dropper.Gen [trojan].](iconimages/plagegeister-aller-art-deren-bekaempfung/tr-dropper-gen-trojan_ltr.gif)
Linear-Darstellung
