| |
| |||||||
Log-Analyse und Auswertung: Windows recovery trojaner weg?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.04.2011, 21:43
| #1 |
 |  Windows recovery trojaner weg? Hallo, gestern habe ich mir den Windows recovery Trojaner eingefangen.  Bin auf dieses Forum gestoßen und bin den Anleitungen gefolgt.1. rkill.exe mehrmals ausgeführt 2. vollständiger Scan mit Malwarebytes Anti-Malware 3. OTL-Scan. Bin mir nicht sicher, ob der Trojaner weg ist, denn die Ordner auf dem Desktop sind immer noch ausgewaschen, als wären sie versteckt, vorher war das nicht so  . Ehe ich nur formatieren kann, wollte ich euch fragen, ob ihr an dem Logfile seht, dass er weg ist oder nicht. Hier das Log-File,vielen Dank für das drübergucken OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.04.2011 22:21:19 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\julsch\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 31,14 Gb Free Space | 33,77% Space Free | Partition Type: NTFS Drive D: | 197,09 Gb Total Space | 130,91 Gb Free Space | 66,42% Space Free | Partition Type: NTFS Computer Name: JULSCH-PC | User Name: julsch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\julsch\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ECDeject\CDeject.exe (Dritek System Inc.) PRC - C:\Programme\ECDeject\Mngrecd.exe (Dritek System Inc.) PRC - C:\Programme\OEM\OSD_1.16\osd.exe (ODM) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\OEM\OSD_1.16\OsdService.exe (TODO: <公司名稱>) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\julsch\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (OsdService) -- C:\Programme\OEM\OSD_1.16\OsdService.exe (TODO: <公司名稱>) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ECDejectPortIO) -- C:\Programme\ECDeject\ECDejectIo.sys (Dritek System Inc.) DRV - (GpdDevDPort) -- C:\Windows\System32\directport.sys () DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (e1yexpress) Intel(R) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (GpdKbFilter) -- C:\Windows\System32\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (usb2vcom) -- C:\Windows\System32\drivers\usb2vcom.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.newversionchecker.com/?redr=www.easiestutils.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.hotmail.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.15 10:38:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.15 10:38:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.29 21:25:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.29 21:25:00 | 000,000,000 | ---D | M] [2010.08.16 15:58:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\julsch\AppData\Roaming\mozilla\Extensions [2010.08.16 15:58:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\julsch\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.04.07 20:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julsch\AppData\Roaming\mozilla\Firefox\Profiles\gn71tj6a.default\extensions [2011.04.10 22:55:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\julsch\AppData\Roaming\mozilla\Firefox\Profiles\gn71tj6a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.26 22:32:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.22 07:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.10 10:17:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.15 22:29:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2009.12.18 14:51:19 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010.04.22 07:41:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.10 10:17:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.15 22:29:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} () (No name found) -- C:\USERS\JULSCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GN71TJ6A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.03.29 21:24:53 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.29 21:24:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.29 21:24:54 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.03.29 21:24:54 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.29 21:24:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.29 21:24:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.29 21:24:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ECDeject] C:\Programme\ECDeject\CDeject.exe (Dritek System Inc.) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [OSD] C:\Programme\OEM\OSD_1.16\osd.exe (ODM) O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [TomTomHOME.exe] C:\programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Julsch Programme\Word 2002\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Julsch Programme\Word 2002\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\julsch\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\julsch\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7394b19a-1577-11df-8bbd-001644fcc8ae}\Shell - "" = AutoRun O33 - MountPoints2\{7394b19a-1577-11df-8bbd-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7394b1ba-1577-11df-8bbd-001644fcc8ae}\Shell - "" = AutoRun O33 - MountPoints2\{7394b1ba-1577-11df-8bbd-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{87124a99-05cd-11e0-a2aa-001644fcc8ae}\Shell - "" = AutoRun O33 - MountPoints2\{87124a99-05cd-11e0-a2aa-001644fcc8ae}\Shell\AutoRun\command - "" = F:\Newst.exe eMedia Guitar Method 1 v4 O33 - MountPoints2\{8f1d469e-1638-11df-9c53-001644fcc8ae}\Shell - "" = AutoRun O33 - MountPoints2\{8f1d469e-1638-11df-9c53-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8f1d46ad-1638-11df-9c53-001644fcc8ae}\Shell - "" = AutoRun O33 - MountPoints2\{8f1d46ad-1638-11df-9c53-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a18d88fb-17fd-11df-ae76-001644fcc8ae}\Shell - "" = AutoRun O33 - MountPoints2\{a18d88fb-17fd-11df-ae76-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d600466b-15a1-11df-8580-001644fcc8ae}\Shell - "" = AutoRun O33 - MountPoints2\{d600466b-15a1-11df-8580-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e3253fb9-164a-11df-9441-001644fcc8ae}\Shell - "" = AutoRun O33 - MountPoints2\{e3253fb9-164a-11df-9441-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.14 22:18:14 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\julsch\Desktop\OTL.exe [2011.04.14 18:59:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.13 18:14:16 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 18:14:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 18:14:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.13 18:14:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.13 18:14:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.13 18:14:11 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.13 18:14:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.13 18:14:11 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.13 18:14:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.13 18:14:11 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.13 18:14:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.13 18:14:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.13 18:14:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.13 18:14:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.13 18:14:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.13 18:14:11 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.13 18:14:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.13 18:14:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.13 18:14:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.13 18:13:55 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 18:13:54 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 18:13:50 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 18:13:48 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 18:13:45 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.13 18:13:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.11 00:34:43 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Users\julsch\Desktop\ccsetup305.exe [2011.04.10 23:30:14 | 000,000,000 | ---D | C] -- C:\Users\julsch\AppData\Roaming\Malwarebytes [2011.04.10 23:28:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.10 23:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.10 23:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.10 23:28:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.10 23:28:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.10 23:25:02 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\julsch\Desktop\herbertou.exe [2011.04.10 23:22:20 | 000,000,000 | ---D | C] -- C:\Users\julsch\Desktop\96741-windows-recovery-entfernen-Dateien [2011.04.05 20:19:44 | 000,000,000 | -H-D | C] -- C:\Users\julsch\Desktop\Aufnahmen AfP [2011.03.27 20:09:46 | 000,000,000 | -H-D | C] -- C:\Users\julsch\Desktop\clueso - an und für sich [2011.03.23 21:23:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 21:23:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.03.20 20:47:08 | 000,000,000 | -H-D | C] -- C:\Users\julsch\Desktop\A Rush Of Blood To The Head [2011.03.17 20:11:40 | 000,000,000 | -H-D | C] -- C:\Users\julsch\Desktop\Coldplay - X&Y [2011.03.16 21:01:32 | 000,000,000 | -H-D | C] -- C:\Users\julsch\Desktop\3 Doors Down - Away From The Sun [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [9 C:\Users\julsch\Desktop\*.tmp files -> C:\Users\julsch\Desktop\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.14 22:18:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\julsch\Desktop\OTL.exe [2011.04.14 22:10:15 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.14 22:10:15 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.14 22:10:15 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.14 22:10:15 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.14 22:06:12 | 000,237,568 | ---- | M] () -- C:\Users\julsch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.14 22:05:19 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.14 22:05:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.14 22:05:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.14 22:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.14 22:05:07 | 3178,151,936 | -HS- | M] () -- C:\hiberfil.sys [2011.04.14 22:03:34 | 000,003,525 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.14 21:46:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.14 19:23:21 | 000,321,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.12 19:05:48 | 321,924,060 | ---- | M] () -- C:\Users\julsch\Desktop\Desperate_Housewives_11.03.24_00-15_pro7_55_TVOON_DE.mpg.avi.otrkey.part [2011.04.11 00:35:09 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.11 00:34:50 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Users\julsch\Desktop\ccsetup305.exe [2011.04.10 23:32:21 | 000,033,280 | ---- | M] () -- C:\Users\julsch\Desktop\Normal.dot [2011.04.10 23:28:17 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.10 23:25:04 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\julsch\Desktop\herbertou.exe [2011.04.10 23:22:35 | 001,006,778 | ---- | M] () -- C:\Users\julsch\Desktop\rkill.com [2011.04.10 23:22:21 | 000,063,650 | ---- | M] () -- C:\Users\julsch\Desktop\96741-windows-recovery-entfernen.html [2011.04.10 22:29:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43441928 [2011.03.16 20:16:04 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [9 C:\Users\julsch\Desktop\*.tmp files -> C:\Users\julsch\Desktop\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.12 18:14:47 | 321,924,060 | ---- | C] () -- C:\Users\julsch\Desktop\Desperate_Housewives_11.03.24_00-15_pro7_55_TVOON_DE.mpg.avi.otrkey.part [2011.04.10 23:32:21 | 000,033,280 | ---- | C] () -- C:\Users\julsch\Desktop\Normal.dot [2011.04.10 23:28:17 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.10 23:22:31 | 001,006,778 | ---- | C] () -- C:\Users\julsch\Desktop\rkill.com [2011.04.10 23:22:19 | 000,063,650 | ---- | C] () -- C:\Users\julsch\Desktop\96741-windows-recovery-entfernen.html [2011.04.10 22:29:14 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43441928 [2011.03.29 21:25:01 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.17 20:57:00 | 000,647,168 | ---- | C] () -- C:\Users\julsch\Desktop\tetris.exe [2011.01.05 11:43:26 | 000,000,103 | ---- | C] () -- C:\Windows\wiso.ini [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.06.09 20:38:34 | 000,304,640 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.06.09 20:38:34 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.04.13 21:12:57 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.03.22 22:16:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.01.07 23:53:28 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.12.17 19:16:36 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.12.11 16:35:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.12.11 16:35:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.05 10:15:52 | 000,000,680 | -H-- | C] () -- C:\Users\julsch\AppData\Local\d3d9caps.dat [2009.06.20 10:30:15 | 000,030,368 | ---- | C] () -- C:\Windows\System32\drivers\usb2vcom.sys [2009.05.05 11:07:38 | 000,237,568 | ---- | C] () -- C:\Users\julsch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.29 15:36:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.04.28 22:04:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.04.25 14:36:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.04.25 14:20:09 | 000,000,622 | -H-- | C] () -- C:\Users\julsch\AppData\Roaming\wklnhst.dat [2009.04.25 14:09:54 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2009.04.25 13:58:06 | 000,003,525 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.07.30 06:34:52 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1473.dll [2008.07.30 06:34:51 | 000,100,900 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2008.06.17 21:27:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\directport.sys [2008.04.25 14:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 09:15:58 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,128,990 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.10.26 14:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,321,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2011.03.09 17:54:31 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\Buhl Data Service [2010.12.12 10:57:40 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\DAEMON Tools Lite [2009.06.18 21:30:42 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\DAEMON Tools Pro [2009.07.31 10:28:07 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\Degener [2009.07.31 10:28:20 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\Ebner [2010.12.26 21:06:14 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\EndNote [2010.04.13 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\Foxit [2010.03.21 22:24:14 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\GrabPro [2009.06.20 10:33:06 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\Nokia [2009.12.18 14:54:51 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\OpenOffice.org [2011.04.01 12:10:25 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\Orbit [2009.06.20 10:29:34 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\PC Suite [2011.04.10 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\phonostar-Player [2009.07.21 10:15:25 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\pokerth [2011.02.26 22:02:27 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\ProgSense [2009.05.23 14:47:30 | 000,000,000 | -H-D | M] -- C:\Users\julsch\AppData\Roaming\Template [2010.08.16 15:58:38 | 000,000,000 | ---D | M] -- C:\Users\julsch\AppData\Roaming\TomTom [2011.04.14 22:03:35 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > PS Habe den Eintrag des TRojaners in der Registry gelöscht, ist zwar weg, aber nicht wirklich. Auch die System Wiederherstellung hat nichts gebracht. Er muss also weiterhin auf dem System sein.  |
|
18.04.2011, 15:44
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows recovery trojaner weg?Zitat:
__________________ |
|
22.04.2011, 07:28
| #3 | |
| | Windows recovery trojaner weg?Zitat:
habe hier die beiden logs von malwarebytes: Erstes infiziert, zweites nicht. Die versteckten Ordner habe ich manuell wieder sichtbar gemacht, also Häkchen weg bei versteckt. Bis jetzt war alles unauffällig, traue dem Braten aber nicht...  Vielen Dank für die Hilfe Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6327
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
11.04.2011 00:29:46
mbam-log-2011-04-11 (00-29-46).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 268658
Laufzeit: 57 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\julsch\AppData\Local\Temp\tmp6A08.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\julsch\AppData\LocalLow\Sun\Java\deployment\cache\6.0\20\7bf546d4-5e1f57b8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\julsch\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6363
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
14.04.2011 21:28:27
mbam-log-2011-04-14 (21-28-27).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 271412
Laufzeit: 1 Stunde(n), 31 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
22.04.2011, 12:20
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows recovery trojaner weg?Zitat:
Bitte updaten und einen Vollscan machen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.04.2011, 17:34
| #5 |
| | Windows recovery trojaner weg? Hier das von heute: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6420
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
22.04.2011 18:27:24
mbam-log-2011-04-22 (18-27-24).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 273197
Laufzeit: 54 Minute(n), 45 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
23.04.2011, 14:49
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows recovery trojaner weg? Zuerst mal bitte ZoneAlarm deinstallieren, das Teil ist übelstes Schlangenöl. Verwende die Windows-Firewall. Mach danach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7394b19a-1577-11df-8bbd-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7394b19a-1577-11df-8bbd-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7394b1ba-1577-11df-8bbd-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7394b1ba-1577-11df-8bbd-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{87124a99-05cd-11e0-a2aa-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{87124a99-05cd-11e0-a2aa-001644fcc8ae}\Shell\AutoRun\command - "" = F:\Newst.exe eMedia Guitar Method 1 v4
O33 - MountPoints2\{8f1d469e-1638-11df-9c53-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8f1d469e-1638-11df-9c53-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8f1d46ad-1638-11df-9c53-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8f1d46ad-1638-11df-9c53-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a18d88fb-17fd-11df-ae76-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{a18d88fb-17fd-11df-ae76-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d600466b-15a1-11df-8580-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{d600466b-15a1-11df-8580-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e3253fb9-164a-11df-9441-001644fcc8ae}\Shell - "" = AutoRun
O33 - MountPoints2\{e3253fb9-164a-11df-9441-001644fcc8ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Files
C:\ProgramData\4*
C:\ProgramData\~*
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Windows recovery trojaner weg? |
|
24.04.2011, 08:02
| #7 |
| | Windows recovery trojaner weg? Hallo, hier das Log-file von OTL. Zonealarm habe ich zuvor deinstalliert. Antivir konnte ich nicht deaktivieren, lediglich die Antivir guard habe ich auststellen können. Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7394b19a-1577-11df-8bbd-001644fcc8ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7394b19a-1577-11df-8bbd-001644fcc8ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7394b19a-1577-11df-8bbd-001644fcc8ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7394b19a-1577-11df-8bbd-001644fcc8ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7394b1ba-1577-11df-8bbd-001644fcc8ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7394b1ba-1577-11df-8bbd-001644fcc8ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7394b1ba-1577-11df-8bbd-001644fcc8ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7394b1ba-1577-11df-8bbd-001644fcc8ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87124a99-05cd-11e0-a2aa-001644fcc8ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87124a99-05cd-11e0-a2aa-001644fcc8ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87124a99-05cd-11e0-a2aa-001644fcc8ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87124a99-05cd-11e0-a2aa-001644fcc8ae}\ not found.
File F:\Newst.exe eMedia Guitar Method 1 v4 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f1d469e-1638-11df-9c53-001644fcc8ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f1d469e-1638-11df-9c53-001644fcc8ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f1d469e-1638-11df-9c53-001644fcc8ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f1d469e-1638-11df-9c53-001644fcc8ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f1d46ad-1638-11df-9c53-001644fcc8ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f1d46ad-1638-11df-9c53-001644fcc8ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f1d46ad-1638-11df-9c53-001644fcc8ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f1d46ad-1638-11df-9c53-001644fcc8ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a18d88fb-17fd-11df-ae76-001644fcc8ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a18d88fb-17fd-11df-ae76-001644fcc8ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a18d88fb-17fd-11df-ae76-001644fcc8ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a18d88fb-17fd-11df-ae76-001644fcc8ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d600466b-15a1-11df-8580-001644fcc8ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d600466b-15a1-11df-8580-001644fcc8ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d600466b-15a1-11df-8580-001644fcc8ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d600466b-15a1-11df-8580-001644fcc8ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3253fb9-164a-11df-9441-001644fcc8ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3253fb9-164a-11df-9441-001644fcc8ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3253fb9-164a-11df-9441-001644fcc8ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e3253fb9-164a-11df-9441-001644fcc8ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
C:\ProgramData\43441928 moved successfully.
File\Folder C:\ProgramData\~* not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: julsch
->Temp folder emptied: 7719390 bytes
->Temporary Internet Files folder emptied: 65938 bytes
->Java cache emptied: 33445534 bytes
->FireFox cache emptied: 44215767 bytes
->Flash cache emptied: 5579 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 82,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04242011_085437
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
 |
|
25.04.2011, 13:48
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows recovery trojaner weg? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.04.2011, 19:04
| #9 |
| | Windows recovery trojaner weg? Hallo, hier das Log-File von Kapersky: Code:
ATTFilter 2011/04/25 19:30:42.0314 1100 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/25 19:30:42.0564 1100 ================================================================================
2011/04/25 19:30:42.0564 1100 SystemInfo:
2011/04/25 19:30:42.0564 1100
2011/04/25 19:30:42.0564 1100 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/25 19:30:42.0564 1100 Product type: Workstation
2011/04/25 19:30:42.0564 1100 ComputerName: JULSCH-PC
2011/04/25 19:30:42.0564 1100 UserName: julsch
2011/04/25 19:30:42.0564 1100 Windows directory: C:\Windows
2011/04/25 19:30:42.0564 1100 System windows directory: C:\Windows
2011/04/25 19:30:42.0564 1100 Processor architecture: Intel x86
2011/04/25 19:30:42.0564 1100 Number of processors: 2
2011/04/25 19:30:42.0564 1100 Page size: 0x1000
2011/04/25 19:30:42.0564 1100 Boot type: Normal boot
2011/04/25 19:30:42.0564 1100 ================================================================================
2011/04/25 19:30:43.0344 1100 Initialize success
2011/04/25 19:30:46.0323 2060 ================================================================================
2011/04/25 19:30:46.0323 2060 Scan started
2011/04/25 19:30:46.0323 2060 Mode: Manual;
2011/04/25 19:30:46.0323 2060 ================================================================================
2011/04/25 19:30:48.0195 2060 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/25 19:30:48.0320 2060 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/25 19:30:48.0367 2060 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/25 19:30:48.0398 2060 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/25 19:30:48.0445 2060 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/25 19:30:48.0554 2060 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/25 19:30:48.0679 2060 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/25 19:30:48.0835 2060 ahcix86s (0dee2b628d4c6e23285bb91effdabfde) C:\Windows\system32\drivers\ahcix86s.sys
2011/04/25 19:30:48.0897 2060 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/25 19:30:48.0944 2060 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/25 19:30:49.0007 2060 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/25 19:30:49.0085 2060 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/25 19:30:49.0163 2060 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/25 19:30:49.0209 2060 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/25 19:30:49.0287 2060 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/25 19:30:49.0334 2060 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/25 19:30:49.0397 2060 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/25 19:30:49.0475 2060 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/25 19:30:49.0631 2060 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/25 19:30:49.0896 2060 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/25 19:30:50.0114 2060 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/25 19:30:50.0192 2060 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/25 19:30:50.0270 2060 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/25 19:30:50.0333 2060 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/25 19:30:50.0379 2060 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/25 19:30:50.0567 2060 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/25 19:30:50.0613 2060 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/25 19:30:50.0645 2060 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/25 19:30:50.0676 2060 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/25 19:30:50.0723 2060 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/25 19:30:50.0785 2060 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/25 19:30:50.0847 2060 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/25 19:30:50.0910 2060 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/25 19:30:50.0988 2060 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/04/25 19:30:51.0050 2060 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/25 19:30:51.0097 2060 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/25 19:30:51.0175 2060 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/25 19:30:51.0222 2060 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/25 19:30:51.0284 2060 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/25 19:30:51.0393 2060 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/25 19:30:51.0425 2060 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/25 19:30:51.0565 2060 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/25 19:30:51.0721 2060 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/25 19:30:51.0752 2060 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/25 19:30:51.0830 2060 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/04/25 19:30:51.0893 2060 CVPNDRVA (8a15d7bd4cf1a8ccd7c65f7349f22e35) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/04/25 19:30:52.0049 2060 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/25 19:30:52.0127 2060 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/25 19:30:52.0205 2060 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
2011/04/25 19:30:52.0329 2060 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/25 19:30:52.0407 2060 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/25 19:30:52.0470 2060 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/25 19:30:52.0532 2060 e1yexpress (039c592148ffe479f26c418971fb8022) C:\Windows\system32\DRIVERS\e1y6032.sys
2011/04/25 19:30:52.0657 2060 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/25 19:30:52.0751 2060 ECDejectPortIO (e60b7778d9b1e9ea1ad3a1b15b0d0e64) C:\PROGRA~1\ECDeject\ECDejectIO.sys
2011/04/25 19:30:52.0938 2060 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/25 19:30:53.0000 2060 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/25 19:30:53.0109 2060 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/25 19:30:53.0156 2060 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/25 19:30:53.0203 2060 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/25 19:30:53.0250 2060 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/25 19:30:53.0281 2060 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/25 19:30:53.0328 2060 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/25 19:30:53.0390 2060 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/25 19:30:53.0468 2060 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/25 19:30:53.0499 2060 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/25 19:30:53.0593 2060 GpdDevDPort (f1785fb4b89442aac648492b35ebcdc9) C:\Windows\system32\directport.sys
2011/04/25 19:30:53.0655 2060 GpdKbFilter (e48c4e69e2126aac01888c60cc6ed966) C:\Windows\system32\kbfiltr.sys
2011/04/25 19:30:53.0780 2060 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/25 19:30:53.0843 2060 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/25 19:30:53.0905 2060 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/25 19:30:53.0936 2060 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/25 19:30:53.0999 2060 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/25 19:30:54.0061 2060 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/25 19:30:54.0123 2060 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/25 19:30:54.0248 2060 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/25 19:30:54.0342 2060 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/04/25 19:30:54.0404 2060 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/25 19:30:54.0467 2060 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/25 19:30:54.0545 2060 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
2011/04/25 19:30:54.0576 2060 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/25 19:30:54.0872 2060 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/25 19:30:55.0153 2060 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/25 19:30:55.0278 2060 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/25 19:30:55.0403 2060 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/25 19:30:55.0449 2060 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/25 19:30:55.0527 2060 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/25 19:30:55.0574 2060 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/25 19:30:55.0605 2060 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/25 19:30:55.0637 2060 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/25 19:30:55.0683 2060 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/25 19:30:55.0715 2060 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/25 19:30:55.0746 2060 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/25 19:30:55.0777 2060 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/25 19:30:55.0839 2060 JMCR (7e6a3e1cd74e8c97eed06670d2a691da) C:\Windows\system32\DRIVERS\jmcr.sys
2011/04/25 19:30:55.0886 2060 JRAID (c36f3a1a4e8416ef43f30deab7701730) C:\Windows\system32\drivers\jraid.sys
2011/04/25 19:30:55.0902 2060 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/25 19:30:55.0964 2060 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/25 19:30:56.0058 2060 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/25 19:30:56.0136 2060 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/25 19:30:56.0183 2060 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/25 19:30:56.0229 2060 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/25 19:30:56.0292 2060 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/25 19:30:56.0354 2060 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/25 19:30:56.0463 2060 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
2011/04/25 19:30:56.0541 2060 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/25 19:30:56.0588 2060 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/25 19:30:56.0635 2060 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/25 19:30:56.0682 2060 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/25 19:30:56.0729 2060 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/25 19:30:56.0994 2060 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/25 19:30:57.0041 2060 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/25 19:30:57.0134 2060 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/25 19:30:57.0181 2060 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/25 19:30:57.0243 2060 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/25 19:30:57.0275 2060 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/25 19:30:57.0337 2060 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/25 19:30:57.0399 2060 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/25 19:30:57.0462 2060 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/25 19:30:57.0571 2060 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/04/25 19:30:57.0618 2060 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/25 19:30:57.0680 2060 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/25 19:30:57.0758 2060 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/25 19:30:57.0836 2060 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/25 19:30:57.0867 2060 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/25 19:30:57.0914 2060 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/25 19:30:57.0961 2060 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/25 19:30:58.0008 2060 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/25 19:30:58.0086 2060 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/25 19:30:58.0133 2060 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/25 19:30:58.0242 2060 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/25 19:30:58.0304 2060 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/25 19:30:58.0413 2060 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/25 19:30:58.0445 2060 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/25 19:30:58.0523 2060 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/25 19:30:58.0569 2060 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/25 19:30:58.0647 2060 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/25 19:30:58.0694 2060 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/25 19:30:58.0897 2060 NETw5v32 (840d89327c45b0cb9e1ab130249046e2) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/04/25 19:30:59.0115 2060 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/25 19:30:59.0287 2060 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/25 19:30:59.0318 2060 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/25 19:30:59.0443 2060 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/25 19:30:59.0568 2060 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/25 19:30:59.0583 2060 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/25 19:30:59.0630 2060 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/25 19:30:59.0677 2060 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/25 19:30:59.0708 2060 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/25 19:30:59.0833 2060 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/25 19:30:59.0927 2060 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/25 19:31:00.0005 2060 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/25 19:31:00.0067 2060 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/25 19:31:00.0114 2060 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/25 19:31:00.0176 2060 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/25 19:31:00.0207 2060 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/25 19:31:00.0363 2060 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/25 19:31:00.0566 2060 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/25 19:31:00.0613 2060 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/25 19:31:00.0722 2060 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/25 19:31:00.0769 2060 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/25 19:31:00.0878 2060 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/25 19:31:00.0941 2060 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/25 19:31:00.0972 2060 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/25 19:31:01.0003 2060 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/25 19:31:01.0081 2060 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/25 19:31:01.0159 2060 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/25 19:31:01.0221 2060 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/25 19:31:01.0299 2060 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/25 19:31:01.0346 2060 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/25 19:31:01.0424 2060 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/25 19:31:01.0440 2060 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/25 19:31:01.0502 2060 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/25 19:31:01.0580 2060 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/25 19:31:01.0643 2060 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/25 19:31:01.0674 2060 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/25 19:31:01.0752 2060 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/25 19:31:01.0783 2060 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/25 19:31:01.0845 2060 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/25 19:31:01.0877 2060 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/25 19:31:01.0908 2060 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/25 19:31:02.0001 2060 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/25 19:31:02.0048 2060 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/25 19:31:02.0251 2060 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/25 19:31:02.0891 2060 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/25 19:31:03.0000 2060 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/25 19:31:03.0078 2060 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/25 19:31:03.0140 2060 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/25 19:31:03.0234 2060 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/25 19:31:03.0359 2060 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/25 19:31:03.0546 2060 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/25 19:31:03.0546 2060 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/25 19:31:03.0546 2060 sptd - detected Locked file (1)
2011/04/25 19:31:03.0671 2060 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/25 19:31:03.0780 2060 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/25 19:31:03.0889 2060 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/25 19:31:03.0951 2060 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/25 19:31:04.0061 2060 StarOpen (1aacd82d27a11db69bb4817927d3fbe2) C:\Windows\system32\drivers\StarOpen.sys
2011/04/25 19:31:04.0123 2060 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/25 19:31:04.0170 2060 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/25 19:31:04.0232 2060 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/25 19:31:04.0279 2060 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/25 19:31:04.0388 2060 Tcpip (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\drivers\tcpip.sys
2011/04/25 19:31:04.0466 2060 Tcpip6 (6a10afce0b38371064be41c1fbfd3c6b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/25 19:31:04.0560 2060 tcpipreg (9bf343f4c878d6ad6922b2c5a4fefe0d) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/25 19:31:04.0607 2060 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/25 19:31:04.0669 2060 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/25 19:31:04.0731 2060 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/25 19:31:04.0778 2060 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/25 19:31:04.0919 2060 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/25 19:31:04.0981 2060 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/25 19:31:05.0043 2060 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/25 19:31:05.0075 2060 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/25 19:31:05.0137 2060 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/25 19:31:05.0231 2060 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/25 19:31:05.0277 2060 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/25 19:31:05.0324 2060 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/25 19:31:05.0402 2060 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/25 19:31:05.0433 2060 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/25 19:31:05.0511 2060 usb2vcom (66276112dc7089d2d9e58c7cbf0855c1) C:\Windows\system32\Drivers\usb2vcom.sys
2011/04/25 19:31:05.0589 2060 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/25 19:31:05.0683 2060 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/25 19:31:05.0745 2060 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/25 19:31:05.0808 2060 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/25 19:31:05.0901 2060 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/25 19:31:05.0948 2060 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/25 19:31:06.0011 2060 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/25 19:31:06.0073 2060 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/25 19:31:06.0135 2060 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/25 19:31:06.0229 2060 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/25 19:31:06.0276 2060 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/25 19:31:06.0369 2060 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/25 19:31:06.0432 2060 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/25 19:31:06.0463 2060 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/25 19:31:06.0510 2060 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/25 19:31:06.0541 2060 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/25 19:31:06.0588 2060 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/25 19:31:06.0681 2060 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/25 19:31:06.0822 2060 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/25 19:31:06.0947 2060 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/25 19:31:07.0056 2060 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/25 19:31:07.0103 2060 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 19:31:07.0134 2060 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 19:31:07.0181 2060 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/25 19:31:07.0227 2060 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/25 19:31:07.0415 2060 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/25 19:31:07.0555 2060 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/25 19:31:07.0617 2060 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/25 19:31:07.0742 2060 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/25 19:31:08.0413 2060 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/04/25 19:31:08.0507 2060 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/04/25 19:31:08.0585 2060 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/04/25 19:31:08.0709 2060 ================================================================================
2011/04/25 19:31:08.0709 2060 Scan finished
2011/04/25 19:31:08.0709 2060 ================================================================================
2011/04/25 19:31:08.0725 3900 Detected object count: 1
2011/04/25 19:31:52.0577 3900 Locked file(sptd) - User select action: Skip
Anabasis |
|
25.04.2011, 20:42
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows recovery trojaner weg? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2011, 15:00
| #11 |
| | Windows recovery trojaner weg? Hier das Log-file von combofix: Code:
ATTFilter ComboFix 11-04-25.02 - julsch 26.04.2011 13:24:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3032.1893 [GMT 2:00]
ausgeführt von:: c:\users\julsch\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-26 bis 2011-04-26 ))))))))))))))))))))))))))))))
.
.
2011-04-26 11:28 . 2011-04-26 11:28 -------- d-----w- c:\users\julsch\AppData\Local\temp
2011-04-26 11:28 . 2011-04-26 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-25 17:23 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F638301-4229-42BD-B55C-54EB1AE0594E}\mpengine.dll
2011-04-24 06:54 . 2011-04-24 06:54 -------- d-----w- C:\_OTL
2011-04-24 06:41 . 2011-04-24 06:41 -------- d-----w- c:\windows\Internet Logs
2011-04-16 17:56 . 2010-01-05 09:31 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-04-16 17:56 . 2010-01-05 09:31 114688 ----a-w- c:\windows\system32\drivers\ZTEusbnet.sys
2011-04-16 17:56 . 2010-01-05 09:31 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-04-16 17:56 . 2010-01-05 09:31 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-04-16 17:56 . 2010-01-05 09:31 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-04-16 17:56 . 2011-04-16 17:56 -------- d-----w- c:\windows\system32\SupportAppCB
2011-04-16 17:56 . 2011-04-16 17:57 -------- d-----w- c:\program files\Join Air
2011-04-15 06:55 . 2011-04-15 06:56 -------- d-----w- C:\temp
2011-04-13 16:13 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-10 21:30 . 2011-04-10 21:30 -------- d-----w- c:\users\julsch\AppData\Roaming\Malwarebytes
2011-04-10 21:28 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-10 21:28 . 2011-04-10 21:28 -------- d-----w- c:\programdata\Malwarebytes
2011-04-10 21:28 . 2011-04-10 22:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-10 21:28 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-29 19:24 . 2011-03-29 19:24 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-29 19:24 . 2011-03-29 19:24 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-29 19:24 . 2011-03-29 19:24 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-29 19:24 . 2011-03-29 19:24 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-29 19:24 . 2011-03-29 19:24 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-29 19:24 . 2011-03-29 19:24 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-29 19:24 . 2011-03-29 19:24 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-29 19:24 . 2011-03-29 19:24 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 18:16 . 2009-06-19 10:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-22 14:13 . 2011-03-23 19:23 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 19:23 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 19:23 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 16:11 . 2009-12-11 13:37 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-29 19:24 . 2011-03-29 19:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-28 16:47 . 2010-07-28 16:47 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECDeject"="c:\progra~1\ECDeject\CDeject.exe" [2008-07-01 371208]
"FSCRecovery"="c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe" [2008-06-18 268096]
"OSD"="c:\program files\OEM\OSD_1.16\osd.exe" [2008-06-18 376832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2010-03-11 208528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2010-04-27 138072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - d:\julsch programme\Word 2002\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-28 16:47 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarAgent]
2009-05-13 16:33 98304 ----a-w- c:\program files\phonostar\ps_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
2009-05-13 16:35 126976 ----a-w- c:\program files\phonostar\ps_timer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-28 15:32 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c7585d398cd5;Google Update Service (gupdate1c9c7585d398cd5);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-05 9216]
R3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys [2006-07-17 30368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 zlportio;zlportio;c:\program files\UltraStar Deluxe\zlportio.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-12 691696]
S1 ECDejectPortIO;ECS ECDeject Port I/O;c:\progra~1\ECDeject\ECDejectIO.sys [2008-06-30 20104]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 OsdService;OSD Service;c:\program files\OEM\OSD_1.16\OsdService.exe [2008-02-22 94208]
S2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [2010-04-27 247152]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-04-15 224384]
S3 GpdDevDPort;GpdDevDPort;c:\windows\system32\directport.sys [2008-06-17 7168]
S3 GpdKbFilter;GpdKbFilter;c:\windows\system32\kbfiltr.sys [2008-03-31 8192]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-07 85136]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 16:50]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 16:50]
.
2011-02-26 c:\windows\Tasks\Norton Security Scan for julsch.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-15 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.newversionchecker.com/?redr=www.easiestutils.com
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft &Excel exportieren - d:\julsch~1\WORD20~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\julsch\AppData\Roaming\Mozilla\Firefox\Profiles\gn71tj6a.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-fsc-reg - c:\fsc-reg\fscreg.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-26 13:28
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4277230104-2431832393-3335920314-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:0a,9b,aa,9f,bc,61,04,0d,6a,10,e4,8c,79,63,58,eb,d7,97,ca,36,ff,
b0,0d,9b,56,41,ea,e3,9c,f1,6e,34,0e,b4,43,31,1f,a1,db,94,e4,f9,5c,bd,81,66,\
"rkeysecu"=hex:10,d6,b9,9f,b0,e6,f4,e7,2a,be,dc,26,c8,10,a4,d0
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0a768961-f322-4e8b-9c44-cc27116f4786}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:100016ea
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{40685c80-81aa-45fd-b5c8-48f188fd03fb}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:17020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5a88f94d-5c63-4254-9338-8de99611111a}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:15001644
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8420a3ba-d7cd-420a-af1c-d7c06c0dc783}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d00030d
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-26 13:30:50
ComboFix-quarantined-files.txt 2011-04-26 11:30
.
Vor Suchlauf: 24 Verzeichnis(se), 42.194.718.720 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 42.120.085.504 Bytes frei
.
- - End Of File - - AECE0D4CA49F5FD64A1A212198865298
|
|
26.04.2011, 17:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows recovery trojaner weg? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2011, 07:55
| #13 |
| | Windows recovery trojaner weg? Hallo cosinus, vielen Dank für Deine Mühen und Respekt, dass Du für die Laien im Forum Deine Freizeit opferst. Hier die unterschiedlichen logs: Nach zwei Fehlversuchen ist er beim dritten Mal durchgekommen (Windows Firewall und Antivir-Guard waren dabei aus): GMER: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-27 08:37:22
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: x25y5w5z.exe; Driver: C:\Users\julsch\AppData\Local\Temp\pfliqpoc.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 8706BBF8
INT 0x82 ? 8706BBF8
INT 0x92 ? 8706BBF8
INT 0xA2 ? 8532BBF8
INT 0xA2 ? 8532BBF8
INT 0xA2 ? 8532BBF8
INT 0xA2 ? 8706BBF8
INT 0xA2 ? 8706BBF8
INT 0xA2 ? 8532ABF8
INT 0xA2 ? 8532ABF8
INT 0xA2 ? 8532ABF8
INT 0xA2 ? 8706BBF8
INT 0xA2 ? 8532BBF8
INT 0xB2 ? 8706BBF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spfh.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8B38041B 5 Bytes JMP 8706B1D8
.text a3hba094.SYS 8B3A7000 22 Bytes [82, 13, 1C, 83, 6C, 12, 1C, ...]
.text a3hba094.SYS 8B3A7017 137 Bytes [00, 32, C7, 78, 80, 3D, C5, ...]
.text a3hba094.SYS 8B3A70A1 43 Bytes JMP E4867482
.text a3hba094.SYS 8B3A70CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text a3hba094.SYS 8B3A70DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806906D6] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80690042] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80690800] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806900C0] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069013E] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069FB90] \SystemRoot\System32\Drivers\spfh.sys
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortWritePortUchar] 838B3CDF
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8B3CB0
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortRequestCallback] [8B55CC00] \SystemRoot\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortMoveMemory] [8B108910] \SystemRoot\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\a3hba094.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 860EF1F8
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 kbfiltr.sys
Device \Driver\volmgr \Device\VolMgrControl 8532D1F8
Device \Driver\usbuhci \Device\USBPDO-0 870D91F8
Device \Driver\usbuhci \Device\USBPDO-1 870D91F8
Device \Driver\usbuhci \Device\USBPDO-2 870D91F8
Device \Driver\usbehci \Device\USBPDO-3 870DD1F8
Device \Driver\PCI_PNP9219 \Device\00000054 spfh.sys
Device \Driver\usbuhci \Device\USBPDO-4 870D91F8
Device \Driver\usbuhci \Device\USBPDO-5 870D91F8
Device \Driver\usbuhci \Device\USBPDO-6 870D91F8
Device \Driver\volmgr \Device\HarddiskVolume1 8532D1F8
Device \Driver\usbehci \Device\USBPDO-7 870DD1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8532D1F8
Device \Driver\cdrom \Device\CdRom0 870821F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 860ED1F8
Device \Driver\atapi \Device\Ide\IdePort0 860ED1F8
Device \Driver\atapi \Device\Ide\IdePort1 860ED1F8
Device \Driver\atapi \Device\Ide\IdePort2 860ED1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 860ED1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 860EE1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 860EE1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 860EE1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8532D1F8
Device \Driver\cdrom \Device\CdRom1 870821F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8AB8F3D0
Device \Driver\Smb \Device\NetbiosSmb 8AD851F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0A768961-F322-4E8B-9C44-CC27116F4786} 8AB8F3D0
Device \Driver\sptd \Device\426591231 spfh.sys
Device \Driver\iScsiPrt \Device\RaidPort0 8725D1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{8420A3BA-D7CD-420A-AF1C-D7C06C0DC783} 8AB8F3D0
Device \Driver\usbuhci \Device\USBFDO-0 870D91F8
Device \Driver\usbuhci \Device\USBFDO-1 870D91F8
Device \Driver\usbuhci \Device\USBFDO-2 870D91F8
Device \Driver\usbehci \Device\USBFDO-3 870DD1F8
Device \Driver\usbuhci \Device\USBFDO-4 870D91F8
Device \Driver\netbt \Device\NetBT_Tcpip_{5A88F94D-5C63-4254-9338-8DE99611111A} 8AB8F3D0
Device \Driver\usbuhci \Device\USBFDO-5 870D91F8
Device \Driver\usbuhci \Device\USBFDO-6 870D91F8
Device \Driver\usbehci \Device\USBFDO-7 870DD1F8
Device \Driver\a3hba094 \Device\Scsi\a3hba0941 87343500
Device \Driver\a3hba094 \Device\Scsi\a3hba0941Port7Path0Target0Lun0 87343500
Device \Driver\JMCR \Device\Scsi\JMCR1 870C71F8
Device \Driver\JMCR \Device\Scsi\JMCR2 870C71F8
Device \Driver\JMCR \Device\Scsi\JMCR3 870C71F8
Device \FileSystem\cdfs \Cdfs 90C211F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001644fcc8ae
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001644fcc8ae@0018af6e0087 0xF1 0xEB 0xFA 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001644fcc8ae@00265f4856d4 0xCF 0xDD 0xE1 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE3 0xF3 0xC4 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0x68 0x82 0x23 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0x23 0x73 0x73 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x5B 0xAC 0x54 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0a768961-f322-4e8b-9c44-cc27116f4786}@Dhcpv6Iaid 268441322
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0a768961-f322-4e8b-9c44-cc27116f4786}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{40685c80-81aa-45fd-b5c8-48f188fd03fb}@Dhcpv6Iaid 386007124
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{40685c80-81aa-45fd-b5c8-48f188fd03fb}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5a88f94d-5c63-4254-9338-8de99611111a}@Dhcpv6Iaid 352327236
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{5a88f94d-5c63-4254-9338-8de99611111a}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{8420a3ba-d7cd-420a-af1c-d7c06c0dc783}@Dhcpv6Iaid 218104589
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{8420a3ba-d7cd-420a-af1c-d7c06c0dc783}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6Iaid 201331746
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6Iaid 234886178
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\BTHPORT\Parameters\Keys\001644fcc8ae
Reg HKLM\SYSTEM\ControlSet107\Services\BTHPORT\Parameters\Keys\001644fcc8ae@0018af6e0087 0xF1 0xEB 0xFA 0x35 ...
Reg HKLM\SYSTEM\ControlSet107\Services\BTHPORT\Parameters\Keys\001644fcc8ae@00265f4856d4 0xCF 0xDD 0xE1 0xCB ...
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE3 0xF3 0xC4 0x59 ...
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0x68 0x82 0x23 ...
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x12 0x23 0x73 0x73 ...
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet107\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x72 0x5B 0xAC 0x54 ...
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{0a768961-f322-4e8b-9c44-cc27116f4786}@Dhcpv6Iaid 268441322
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{0a768961-f322-4e8b-9c44-cc27116f4786}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{40685c80-81aa-45fd-b5c8-48f188fd03fb}@Dhcpv6Iaid 386007124
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{40685c80-81aa-45fd-b5c8-48f188fd03fb}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{5a88f94d-5c63-4254-9338-8de99611111a}@Dhcpv6Iaid 352327236
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{5a88f94d-5c63-4254-9338-8de99611111a}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{8420a3ba-d7cd-420a-af1c-d7c06c0dc783}@Dhcpv6Iaid 218104589
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{8420a3ba-d7cd-420a-af1c-d7c06c0dc783}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6Iaid 201331746
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6Iaid 234886178
Reg HKLM\SYSTEM\ControlSet107\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}@Dhcpv6State 0
---- EOF - GMER 1.0.15 ----
Hier das OSAM-Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 08:45:16 on 27.04.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Norton Security Scan for julsch.job" - "Symantec Corporation" - C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a3hba094" (a3hba094) - "Microsoft Corporation" - C:\Windows\system32\drivers\a3hba094.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\julsch\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "ECS ECDeject Port I/O" (ECDejectPortIO) - "Dritek System Inc." - C:\PROGRA~1\ECDeject\ECDejectIO.sys "GpdDevDPort" (GpdDevDPort) - ? - C:\Windows\system32\directport.sys (File found, but it contains no detailed information) "GpdKbFilter" (GpdKbFilter) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\kbfiltr.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "pfliqpoc" (pfliqpoc) - ? - C:\Users\julsch\AppData\Local\Temp\pfliqpoc.sys (Hidden registry entry, rootkit activity | File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "USB to Serial Bridge Controller" (usb2vcom) - ? - C:\Windows\System32\Drivers\usb2vcom.sys "zlportio" (zlportio) - ? - C:\Program Files\UltraStar Deluxe\zlportio.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Julsch Programme\Word 2002\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - D:\JULSCH~1\WORD20~1\OFFICE11\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll <binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\julsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - D:\Julsch Programme\Word 2002\Office10\OSA.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "TomTomHOME.exe" - "TomTom" - "C:\programme\TomTom HOME 2\TomTomHOMERunner.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "ECDeject" - "Dritek System Inc." - C:\PROGRA~1\ECDeject\CDeject.exe "FSCRecovery" - "Fujitsu Siemens Computers GmbH" - c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe "OSD" - "ODM" - C:\Program Files\OEM\OSD_1.16\osd.exe "PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "UIExec" - ? - "C:\Program Files\Join Air\UIExec.exe" (File found, but it contains no detailed information) [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9c7585d398cd5)" (gupdate1c9c7585d398cd5) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "OSD Service" (OsdService) - "TODO: <公司名稱>" - C:\Program Files\OEM\OSD_1.16\OsdService.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\programme\TomTom HOME 2\TomTomHOMEService.exe "UI Assistant Service" (UI Assistant Service) - ? - C:\Program Files\Join Air\AssistantServices.exe (File found, but it contains no detailed information) ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Si 3655
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 153):
0x82E00000 \SystemRoot\system32\ntkrnlpa.exe
0x831BA000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047C000 \SystemRoot\system32\PSHED.dll
0x8048D000 \SystemRoot\system32\BOOTVID.dll
0x80495000 \SystemRoot\system32\CLFS.SYS
0x804D6000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\System32\Drivers\spfh.sys
0x80781000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8078A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807B0000 \SystemRoot\system32\drivers\acpi.sys
0x807F6000 \SystemRoot\system32\drivers\msisadrv.sys
0x805B6000 \SystemRoot\system32\drivers\pci.sys
0x805DD000 \SystemRoot\System32\drivers\partmgr.sys
0x80600000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x805EC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AE0C000 \SystemRoot\system32\drivers\volmgr.sys
0x8AE1B000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AE65000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AE75000 \SystemRoot\system32\drivers\atapi.sys
0x8AE7D000 \SystemRoot\system32\drivers\ataport.SYS
0x8AE9B000 \SystemRoot\system32\drivers\msahci.sys
0x8AEA5000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AEB3000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AEE5000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AEF5000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8AEFE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B003000 \SystemRoot\system32\drivers\ndis.sys
0x8B10E000 \SystemRoot\system32\drivers\msrpc.sys
0x8B139000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B20E000 \SystemRoot\System32\drivers\tcpip.sys
0x8B2FB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B405000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B515000 \SystemRoot\system32\drivers\volsnap.sys
0x8B54E000 \SystemRoot\System32\Drivers\spldr.sys
0x8B556000 \SystemRoot\System32\Drivers\mup.sys
0x8B565000 \SystemRoot\System32\drivers\ecache.sys
0x8B58C000 \SystemRoot\system32\drivers\disk.sys
0x8B59D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B5BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B5E9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8F20D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8FB2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FBCA000 \SystemRoot\System32\drivers\watchdog.sys
0x8B316000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x8FBD6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B350000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FBE1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AF6F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FE08000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x9018F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x9019F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x901AD000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x901C2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x901DC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x901E0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x901F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FBF0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B38E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B3A6000 \SystemRoot\System32\Drivers\a3hba094.SYS
0x8B3DF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B174000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8B192000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9040A000 \SystemRoot\system32\DRIVERS\storport.sys
0x9044B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90456000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x9046D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90478000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9049B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x904AA000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x904BE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x904D3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x904E3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x904E5000 \SystemRoot\system32\DRIVERS\ks.sys
0x9050F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90519000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90526000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9055B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90603000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9088C000 \SystemRoot\system32\drivers\portcls.sys
0x908B9000 \SystemRoot\system32\drivers\drmk.sys
0x908DE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x908E7000 \SystemRoot\System32\Drivers\Null.SYS
0x908EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x908FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90905000 \SystemRoot\System32\drivers\vga.sys
0x90911000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90932000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9093A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90942000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9094D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x9095B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90964000 \SystemRoot\system32\DRIVERS\tdx.sys
0x905EC000 \SystemRoot\system32\DRIVERS\smb.sys
0x90E0D000 \SystemRoot\system32\drivers\afd.sys
0x90E55000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90E87000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90E9D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90EAB000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x90EAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90EC0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90EC6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90F02000 \??\C:\PROGRA~1\ECDeject\ECDejectIO.sys
0x90F06000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90F10000 \SystemRoot\System32\Drivers\dfsc.sys
0x90F27000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90F4D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x90F4F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90F5C000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90F67000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x98CF0000 \SystemRoot\System32\win32k.sys
0x90F71000 \SystemRoot\System32\drivers\Dxapi.sys
0x90F7B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98F10000 \SystemRoot\System32\TSDDD.dll
0x98F30000 \SystemRoot\System32\cdd.dll
0x90F8A000 \SystemRoot\system32\drivers\luafv.sys
0x90FA5000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x81609000 \SystemRoot\system32\drivers\spsys.sys
0x816B9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x816C9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x816F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x816FD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81710000 \SystemRoot\system32\drivers\HTTP.sys
0x8177D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8179A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x817B3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x817C8000 \SystemRoot\system32\drivers\mrxdav.sys
0x90FBA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8B1C1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x90FD9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAD80C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD834000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD883000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xAD913000 \SystemRoot\system32\drivers\peauth.sys
0xAD9F1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAD800000 \SystemRoot\System32\drivers\tcpipreg.sys
0x817E9000 \??\C:\Windows\system32\directport.sys
0x817F1000 \??\C:\Windows\system32\kbfiltr.sys
0x8B5C7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9097A000 \??\C:\Users\julsch\AppData\Local\Temp\pfliqpoc.sys
0x90FF1000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x9056C000 \SystemRoot\System32\Drivers\bthport.sys
0xAD9FB000 \SystemRoot\System32\Drivers\USBD.SYS
0x90993000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x90E00000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x909BC000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x909D6000 \SystemRoot\system32\DRIVERS\bthmodem.sys
0x909E5000 \SystemRoot\system32\drivers\modem.sys
0x77460000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
Processes (total 62):
0 System Idle Process
4 System
540 C:\Windows\System32\smss.exe
608 csrss.exe
652 C:\Windows\System32\wininit.exe
660 csrss.exe
696 C:\Windows\System32\services.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\winlogon.exe
928 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1312 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\SLsvc.exe
1384 C:\Windows\System32\svchost.exe
1556 C:\Windows\System32\svchost.exe
1796 C:\Windows\System32\spoolsv.exe
1828 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1840 C:\Windows\System32\svchost.exe
2016 C:\Windows\System32\dwm.exe
392 C:\Windows\explorer.exe
484 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
588 C:\Windows\System32\svchost.exe
724 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
936 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
1544 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
792 C:\Program Files\OEM\OSD_1.16\OsdService.exe
2120 C:\Windows\System32\IoctlSvc.exe
2180 C:\Windows\System32\svchost.exe
2244 C:\Windows\System32\svchost.exe
2276 C:\Windows\System32\taskeng.exe
2288 C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
2304 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
2384 C:\Program Files\Join Air\AssistantServices.exe
2400 C:\Windows\System32\svchost.exe
2424 C:\Windows\System32\SearchIndexer.exe
2764 C:\Windows\System32\taskeng.exe
3228 C:\Program Files\ECDeject\CDeject.exe
3244 C:\Program Files\OEM\OSD_1.16\osd.exe
3252 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3276 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3448 C:\Windows\System32\hkcmd.exe
3472 C:\Windows\System32\igfxsrvc.exe
3500 C:\Windows\System32\igfxpers.exe
3556 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3584 C:\Program Files\Join Air\UIExec.exe
3596 C:\Windows\ehome\ehtray.exe
3624 C:\Program Files\Windows Media Player\wmpnscfg.exe
3736 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3792 C:\Windows\ehome\ehmsas.exe
3864 C:\Program Files\Windows Media Player\wmpnetwk.exe
712 C:\Program Files\ECDeject\Mngrecd.exe
2100 C:\Windows\System32\svchost.exe
4064 C:\Windows\System32\SearchProtocolHost.exe
3900 C:\Windows\System32\SearchFilterHost.exe
1344 C:\Users\julsch\Desktop\MBRCheck.exe
3604 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`32900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`3fc00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
 |
|
27.04.2011, 10:48
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows recovery trojaner weg? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2011, 16:29
| #15 |
| |  Windows recovery trojaner weg? Hallo cosinus, es wurde leider noch was gefunden. Hier die logs: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/27/2011 at 04:07 PM
Application Version : 4.51.1000
Core Rules Database Version : 6933
Trace Rules Database Version: 4745
Scan type : Complete Scan
Total Scan Time : 01:24:44
Memory items scanned : 612
Memory threats detected : 0
Registry items scanned : 9291
Registry threats detected : 0
File items scanned : 130822
File threats detected : 2
Trojan.Agent/Gen-FakeAV
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX
Trojan.Agent/Gen-HackPatch
D:\VON C\DESKTOP\PPT 2 DVD 4.6.0.6\CRACK\WONDERSHARE.PPT2DVD.4.6.0.6-PATCH.EXE
und Nummer 2: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6456
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
27.04.2011 17:01:09
mbam-log-2011-04-27 (17-01-08).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 271904
Laufzeit: 46 Minute(n), 3 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu Windows recovery trojaner weg? |
| .dll, 0x00000001, adobe, antivir, avgntflt.sys, avira, bho, ccsetup, defender, desktop, downloader, error, excel, excel.exe, explorer, firefox, frage, helper, home, intranet, location, log-file, logfile, mozilla, nicht sicher, oldtimer, otl.exe, pdf, plug-in, registry, scan, sched.exe, searchplugins, software, sptd.sys, staropen, start menu, system wiederherstellung, trojaner, vista, windows |
Linear-Darstellung
