|
Log-Analyse und Auswertung: TR/Spy.SpyEyes.gps von AntiVir gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.04.2011, 09:53 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
27.04.2011, 17:08 | #17 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Danke! Alles erledigt, Logs siehe unten!
__________________GMER: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net Rootkit scan 2011-04-27 17:53:57 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 Running: g2m3e4r.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\fwldapoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8324A589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8326F092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? System32\Drivers\spzy.sys Das System kann den angegebenen Pfad nicht finden. ! .text USBPORT.SYS!DllUnload 91239CA0 5 Bytes JMP 88AE81D8 .text peauth.sys A3080C9D 28 Bytes JMP 5C6427C1 .text peauth.sys A3080CC1 28 Bytes JMP 5C6427C1 PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B0455000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B0455123 629 Bytes [05, 45, B0, FE, 05, 34, 05, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 B0455399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F B04553FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B B04554AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E32494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E15624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E3250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E28573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E24D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73E266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E28819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E2907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E2E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[3636] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E24C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8597D1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{0B8F75AA-6092-423F-8182-9C35D08FA678} 88A38500 Device \Driver\volmgr \Device\VolMgrControl 859791F8 Device \Driver\usbuhci \Device\USBPDO-0 88AC9480 Device \Driver\usbuhci \Device\USBPDO-1 88AC9480 Device \Driver\usbuhci \Device\USBPDO-2 88AC9480 Device \Driver\usbehci \Device\USBPDO-3 86741500 Device \Driver\usbuhci \Device\USBPDO-4 88AC9480 Device \Driver\usbuhci \Device\USBPDO-5 88AC9480 Device \Driver\usbuhci \Device\USBPDO-6 88AC9480 Device \Driver\volmgr \Device\HarddiskVolume1 859791F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\usbehci \Device\USBPDO-7 86741500 Device \Driver\volmgr \Device\HarddiskVolume2 859791F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 88A5F1F8 Device \Driver\iaStor \Device\Ide\iaStor0 [8BA9D960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8BA9D960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8BA9D960] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\volmgr \Device\HarddiskVolume3 859791F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume4 859791F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 88A38500 Device \Driver\BTHUSB \Device\00000090 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000090 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{C01B1037-EBDE-4812-918C-42D7B7594353} 88A38500 Device \Driver\BTHUSB \Device\00000092 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000092 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{7A5F3B8D-398E-416E-83ED-75B499643A19} 88A38500 Device \Driver\usbuhci \Device\USBFDO-0 88AC9480 Device \Driver\usbuhci \Device\USBFDO-1 88AC9480 Device \Driver\usbuhci \Device\USBFDO-2 88AC9480 Device \Driver\usbehci \Device\USBFDO-3 86741500 Device \Driver\usbuhci \Device\USBFDO-4 88AC9480 Device \Driver\usbuhci \Device\USBFDO-5 88AC9480 Device \Driver\NetBT \Device\NetBT_Tcpip_{4F7CE2CD-1AA4-4E79-95F5-FAB2ED8FADF3} 88A38500 Device \Driver\usbuhci \Device\USBFDO-6 88AC9480 Device \Driver\usbehci \Device\USBFDO-7 86741500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6033cb2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0xC4 0x49 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6033cb2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0xC4 0x49 0xF4 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS 0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0 ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:01:16 on 27.04.2011 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 4.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Boot Execute] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )----- "BootExecute" - ? - C:\Windows\system32\lsdelete.exe (File found, but it contains no detailed information) [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl "vp6dec_settings.cpl" - ? - C:\Windows\system32\vp6dec_settings.cpl (File found, but it contains no detailed information) "vp7dec_settings.cpl" - ? - C:\Windows\system32\vp7dec_settings.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\********\AppData\Local\Temp\catchme.sys (File not found) "fwldapoc" (fwldapoc) - ? - C:\Users\********\AppData\Local\Temp\fwldapoc.sys (Hidden registry entry, rootkit activity | File not found) "genport" (genport) - "Wistron" - C:\Program Files\RemoteKeySrv\GenPort.sys "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File found, but it contains no detailed information) "Sound Tap Upper Class Filter Driver v2.0.0.0" (stdriver) - "NCH Software" - C:\Windows\System32\DRIVERS\stdriver32.sys "Splitcam, WDM Camera Stream Splitter" (SPLITCAM) - "LoteSoft Co." - C:\Windows\System32\DRIVERS\splitcam.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {6230EF55-8E71-4F40-861A-DBA282584FF5} "AVSVideoConverter Object" - "Online Media Technologies Ltd." - C:\PROGRA~1\AVS4YOU\AVSVID~1\AVSVID~1.DLL {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "ContextMenuHandler Class" - "Brice Lambson" - C:\Program Files\Image Resizer\ImageResizer.dll {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {E81FFB23-40E2-431C-A041-76AEA0E4B04C} "Enterprise-Projekte" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\NAMEEXT.DLL {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\Nv3DAppShExt.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7} "SafeEraseObj Class" - "O&O Software GmbH" - C:\Program Files\OO Software\SafeErase\oosesh.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) "ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {FCBCCB87-9224-4B8D-B117-F56D924BEB18} "SMTTB2009 Class" - ? - C:\Program Files\SplitCam Toolbar\tbcore3.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "RemoteKeySrv.lnk" - "Wistron Corporation" - C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe (Shortcut exists | File exists) "Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ccleaner" - "Piriform Ltd" - "C:\Program Files\CCleaner\ccleaner.exe" /AUTO -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CanonSolutionMenuEx" - "CANON INC." - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup "PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AirPrint" (AirPrint) - "Apple Inc." - C:\Program Files\AirPrint\Airprint.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft Limited" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe "RemoteKeySrv" (RemoteKeySrv) - "Wistron Corporation" - C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: MEDION BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MEDION System Product Name: P961x Logical Drives Mask: 0x0000001c Kernel Drivers (total 171): 0x83207000 \SystemRoot\system32\ntkrnlpa.exe 0x83617000 \SystemRoot\system32\halmacpi.dll 0x80BD5000 \SystemRoot\system32\kdcom.dll 0x8B422000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8B49A000 \SystemRoot\system32\PSHED.dll 0x8B4AB000 \SystemRoot\system32\BOOTVID.dll 0x8B4B3000 \SystemRoot\system32\CLFS.SYS 0x8B4F5000 \SystemRoot\system32\CI.dll 0x8B61D000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8B68E000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8B69C000 \SystemRoot\System32\Drivers\spzy.sys 0x8B78F000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8B798000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x8B5A0000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8B7BE000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8B7C6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8B7D1000 \SystemRoot\system32\DRIVERS\pci.sys 0x8B600000 \SystemRoot\System32\drivers\partmgr.sys 0x8B5E8000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8B81F000 \SystemRoot\System32\drivers\volmgrx.sys 0x8B86A000 \SystemRoot\System32\drivers\mountmgr.sys 0x8BA3C000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8BBEF000 \SystemRoot\system32\drivers\amdxata.sys 0x8BA00000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B880000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B891000 \SystemRoot\system32\DRIVERS\Lbd.sys 0x8B8A0000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B9CF000 \SystemRoot\System32\Drivers\msrpc.sys 0x8B800000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8BC20000 \SystemRoot\System32\Drivers\cng.sys 0x8BC7D000 \SystemRoot\System32\drivers\pcw.sys 0x8BC8B000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8BC94000 \SystemRoot\system32\drivers\ndis.sys 0x8BD4B000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BD89000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8BE22000 \SystemRoot\System32\drivers\tcpip.sys 0x8BF6B000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8BF9C000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8BFDB000 \SystemRoot\System32\Drivers\spldr.sys 0x8BDAE000 \SystemRoot\System32\drivers\rdyboost.sys 0x8BFE3000 \SystemRoot\System32\Drivers\mup.sys 0x8BFF3000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8C03F000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8C071000 \SystemRoot\system32\DRIVERS\disk.sys 0x8C082000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8FBDA000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8FBF9000 \SystemRoot\System32\Drivers\Null.SYS 0x8FA00000 \SystemRoot\System32\Drivers\Beep.SYS 0x8FA07000 \SystemRoot\System32\drivers\vga.sys 0x8C0B4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8C0D5000 \SystemRoot\System32\drivers\watchdog.sys 0x8C0E2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8C0EA000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8C0F2000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8C0FA000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8C105000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8C113000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8C12A000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8C135000 \SystemRoot\system32\drivers\afd.sys 0x8C18F000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8C1C1000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x8C1C8000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8C1E7000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x8C000000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8C00E000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x90E0D000 \SystemRoot\System32\drivers\truecrypt.sys 0x90E42000 \SystemRoot\system32\DRIVERS\termdd.sys 0x90E52000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x90E58000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x90E99000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90EA3000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x90EAD000 \SystemRoot\System32\drivers\discache.sys 0x90EB9000 \SystemRoot\System32\Drivers\dfsc.sys 0x90ED1000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x90EDF000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x90F05000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x90F26000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x92202000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x92B7C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x90F38000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x92B7E000 \SystemRoot\System32\drivers\dxgmms1.sys 0x92BB7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x92BD6000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x91215000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x91260000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x9126F000 \SystemRoot\system32\DRIVERS\NxpCap.sys 0x91628000 \SystemRoot\system32\DRIVERS\ks.sys 0x9165C000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x9165F000 \SystemRoot\system32\DRIVERS\stdriver32.sys 0x9166D000 \SystemRoot\system32\DRIVERS\rtl8192se.sys 0x91780000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x9178A000 \SystemRoot\system32\DRIVERS\Rt86win7.sys 0x917CF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x917D5000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x917E2000 \SystemRoot\System32\Drivers\x10hid.sys 0x917E4000 \SystemRoot\System32\Drivers\HIDCLASS.SYS 0x917F7000 \SystemRoot\System32\Drivers\HIDPARSE.SYS 0x91600000 \SystemRoot\system32\DRIVERS\splitcam.sys 0x91609000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x913EB000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x92BE1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x91617000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8BE00000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8C021000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8BDDB000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8BC00000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x91200000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x90FEF000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x91622000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8BDF2000 \SystemRoot\system32\DRIVERS\circlass.sys 0x8B400000 \SystemRoot\system32\DRIVERS\umbus.sys 0x91C2B000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x91C6F000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x91C7B000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x91C8C000 \SystemRoot\system32\drivers\nvhda32v.sys 0x91CA0000 \SystemRoot\system32\drivers\portcls.sys 0x91CCF000 \SystemRoot\system32\drivers\drmk.sys 0x93621000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x938F8000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8FA13000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x93905000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x93916000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9392D000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x9392F000 \SystemRoot\system32\DRIVERS\NW1950.sys 0x9A61A000 \SystemRoot\system32\DRIVERS\NWTransLib.sys 0x9AE83000 \SystemRoot\system32\DRIVERS\hidkmdf.sys 0x9AE84000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x98470000 \SystemRoot\System32\win32k.sys 0x9AE8F000 \SystemRoot\System32\drivers\Dxapi.sys 0x9AE99000 \SystemRoot\system32\DRIVERS\MTConfig.sys 0x9AEA1000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9AEAC000 \SystemRoot\system32\DRIVERS\monitor.sys 0x986D0000 \SystemRoot\System32\TSDDD.dll 0x9AEB7000 \SystemRoot\System32\Drivers\x10ufx2.sys 0x9AEC1000 \SystemRoot\system32\drivers\btusbflt.sys 0x9AECB000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x9AEDD000 \SystemRoot\System32\Drivers\bthport.sys 0x98700000 \SystemRoot\System32\cdd.dll 0x98720000 \SystemRoot\System32\ATMFD.DLL 0x9AF41000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x9AF65000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0x9AF72000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x9AF8D000 \SystemRoot\system32\drivers\btwavdt.sys 0x93933000 \SystemRoot\system32\drivers\btwaudio.sys 0x9A600000 \SystemRoot\system32\DRIVERS\btwl2cap.sys 0x9A60B000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0x939B4000 \SystemRoot\system32\drivers\luafv.sys 0x939CF000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x939E4000 \SystemRoot\system32\drivers\WudfPf.sys 0x93600000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x91CE8000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x93610000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x91D2E000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x91D41000 \SystemRoot\system32\drivers\HTTP.sys 0x91DC6000 \SystemRoot\system32\DRIVERS\bowser.sys 0x91DDF000 \SystemRoot\System32\drivers\mpsdrv.sys 0x91C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA300D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA3048000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA307B000 \SystemRoot\system32\drivers\peauth.sys 0xA3112000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA311C000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA313D000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA314A000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA3199000 \SystemRoot\System32\DRIVERS\srv.sys 0xA31EB000 \??\C:\Program Files\RemoteKeySrv\GenPort.sys 0xB041C000 \??\C:\Users\********\AppData\Local\Temp\fwldapoc.sys 0xB0435000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 0x77150000 \Windows\System32\ntdll.dll 0x47F30000 \Windows\System32\smss.exe 0x77390000 \Windows\System32\apisetschema.dll Processes (total 72): 0 System Idle Process 4 System 320 C:\Windows\System32\smss.exe 492 csrss.exe 560 C:\Windows\System32\wininit.exe 576 csrss.exe 624 C:\Windows\System32\services.exe 640 C:\Windows\System32\lsass.exe 648 C:\Windows\System32\lsm.exe 704 C:\Windows\System32\winlogon.exe 812 C:\Windows\System32\svchost.exe 892 C:\Windows\System32\nvvsvc.exe 932 C:\Windows\System32\svchost.exe 996 C:\Windows\System32\svchost.exe 1036 C:\Windows\System32\svchost.exe 1072 C:\Windows\System32\svchost.exe 1272 C:\Windows\System32\svchost.exe 1372 C:\Windows\System32\svchost.exe 1452 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1540 C:\Windows\System32\spoolsv.exe 1596 C:\Windows\System32\svchost.exe 1696 C:\Program Files\AirPrint\airprint.exe 1756 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1784 C:\Program Files\Bonjour\mDNSResponder.exe 1808 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 1860 C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe 1924 C:\Windows\System32\svchost.exe 2004 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 2040 C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe 440 C:\Program Files\CyberLink\Shared files\RichVideo.exe 484 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1120 C:\Windows\System32\svchost.exe 1332 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 1972 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe 2072 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 2188 unsecapp.exe 2420 WmiPrvSE.exe 2840 C:\Windows\System32\svchost.exe 3216 C:\Windows\System32\nvvsvc.exe 3252 C:\Windows\System32\wisptis.exe 3384 C:\Windows\System32\taskhost.exe 3492 C:\Windows\System32\wisptis.exe 3540 C:\Windows\System32\dwm.exe 3548 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 3636 C:\Windows\explorer.exe 3980 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 4008 C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe 2804 C:\Program Files\iTunes\iTunesHelper.exe 2944 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3088 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 2320 C:\Program Files\PDF24\pdf24.exe 2324 C:\Program Files\Windows Sidebar\sidebar.exe 3232 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 3632 C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe 248 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe 3348 C:\Windows\System32\SearchIndexer.exe 4136 C:\Program Files\iPod\bin\iPodService.exe 4580 C:\Windows\System32\svchost.exe 4720 C:\Program Files\Windows Media Player\wmpnetwk.exe 5204 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 5996 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe 776 C:\Windows\servicing\TrustedInstaller.exe 5444 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 6120 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 4592 C:\Windows\System32\conhost.exe 1900 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 4932 C:\Program Files\Avira\AntiVir Desktop\sched.exe 2784 C:\Windows\System32\audiodg.exe 2592 C:\Windows\System32\SearchProtocolHost.exe 5060 C:\Windows\System32\SearchFilterHost.exe 3472 C:\Users\********\Desktop\MBRCheck.exe 5692 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x000000de`a0b00000 (NTFS) PhysicalDrive0 Model Number: WDCWD10EARS-00Y5B1, Rev: 80.00A80 Size Device Name MBR Status -------------------------------------------- 931 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 82A2D0BCAFEAB927855773C6F130D8115D996D6C Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done! |
27.04.2011, 18:37 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
__________________Denk dran beide Tools zu updaten vor dem Scan!!
__________________ |
27.04.2011, 22:22 | #19 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Hi und danke für deine schnelle Antwort! Zunächst noch eine Frage zum Log von MBRCheck: Muss mir dies hier eigentlich irgendwie Sorgen machen? Code:
ATTFilter Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Nun die Logs wie angewiesen, zunächst Malwarebytes (offenbar nichts gefunden): Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6458 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 27.04.2011 20:28:34 mbam-log-2011-04-27 (20-28-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 296710 Laufzeit: 40 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/27/2011 at 09:56 PM Application Version : 4.51.1000 Core Rules Database Version : 6937 Trace Rules Database Version: 4749 Scan type : Complete Scan Total Scan Time : 01:17:31 Memory items scanned : 776 Memory threats detected : 0 Registry items scanned : 11224 Registry threats detected : 5 File items scanned : 142202 File threats detected : 0 Browser Hijacker.Deskbar HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32 HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version Code:
ATTFilter SUPERAntiSpyware Scann-Protokoll hxxp://www.superantispyware.com Generiert 04/27/2011 bei 11:15 PM Version der Applikation : 4.51.1000 Version der Kern-Datenbank : 6937 Version der Spur-Datenbank : 4749 Scan Art : kompletter Scann Totale Scann-Zeit : 01:15:28 Gescannte Speicherelemente : 767 Erfasste Speicher-Bedrohungen : 0 Gescannte Register-Elemente : 11228 Erfasste Register-Bedrohungen : 0 Gescannte Datei-Elemente : 142155 Erfasste Datei-Elemente : 0 |
28.04.2011, 10:37 | #20 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefundenZitat:
SASW hat da nur Überreste gefunden. Rechner sonst wieder ok?
__________________ Logfiles bitte immer in CODE-Tags posten |
28.04.2011, 16:54 | #21 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Hi, ich bemerke zumindest keine Einschränkungen. Meinst du, mein System ist jetzt komplett sauber? Haben wir im Bereinigungsprozess jetzt eigentlich den ursprünglichen "SpyEyes" eliminiert? Mir wurde vor der Bereinigung beim Online Banking dieses 20 TAN Popup angezeigt, woraufhin ich mit diesem Rechner kein Online Banking mehr durchführen möchte, bevor ich weiss dass alles OK ist... ;-) |
28.04.2011, 18:51 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Wir sollten durch sein. Oder werden die 20 TANs immer noch abgefragt?
__________________ Logfiles bitte immer in CODE-Tags posten |
28.04.2011, 19:26 | #23 | |
| TR/Spy.SpyEyes.gps von AntiVir gefundenZitat:
Ich danke dir 1000-fach für deine Hilfe!!!! Bei dem Wirrwarr, welches Tool wann und überhaupt - wer soll da noch durchblicken als Aldi-Pc-Käufer... Noch eine Frage - gibt es noch irgendwas, was ich zukünftig tun kann, um weitere Infektionen zu erschweren? AntiVir und AdAware laufen im Autostart, automatische Updates für Windows 7 auch, Flash Player und Firefox aktualisiere ich auch ständig und CCleaner läuft beim Booten mit. Gibt's noch irgendwelche Lücken, die ich schließen müsste? Danke nochmals!!! |
28.04.2011, 20:07 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.SpyEyes.gps von AntiVir gefunden Halte Dich am besten grob an diese fünf Regeln: 1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!! 2) Halte Windows und alle verwendeten Programme immer aktuell 3) Führe regelmäßig Backups auf externe Medien durch 4) Arbeite mit eingeschränkten Rechten 5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar? Edit: Für sicheres Banking empfiehlt sich eine Live-CD wie Bankinx oder Ubuntu oder Knoppix
__________________ Logfiles bitte immer in CODE-Tags posten |
28.04.2011, 20:16 | #25 |
| TR/Spy.SpyEyes.gps von AntiVir gefunden Werde ich versuchen zu beherzigen! Nochmals DANKE für deine Hilfe, wirklich ein Top-Service!!!!! |
Themen zu TR/Spy.SpyEyes.gps von AntiVir gefunden |
ad-aware, antivir, avgntflt.sys, avira, benutzerregistrierung, bho, bonjour, canon, converter, dllhost.exe, error, excel, firefox, flash player, home, install.exe, ip-adresse, jdownloader, location, locker, logfile, microsoft office word, mozilla, neu aufsetzen, ntdll.dll, nvlddmkm.sys, office 2007, oldtimer, plug-in, programm, realtek, registry, rundll, saver, scan, searchplugins, security, security update, shell32.dll, software, sptd.sys, start menu, system, trojan, usb 2.0, usbport.sys, video converter, virus, visual studio, webcheck, windows |