| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-DateienWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.04.2011, 19:49
| #1 |
 |  TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien Hallo zusammen! Gestern habe ich mir, wie viele andere, den Trojaner Kazy.mekml.1 eingefangen. Nachdem ich rausgefunden hatte, dass sämtliche Dateien unsichtbar sind, habe ich mir diese anzeigen lassen und die von AntiVir als Trojaner benannte Exe-Datei gelöscht. Außerdem ist mir noch ein Programm aufgefallen (WinTrustloader oder ähnlich hieß das), welches zum Trojaner zu gehören schien. Das konnte ich zunächst nicht löschen, weil dieses gerade ausgeführt wurde und mein Taskmanager nicht mehr aufrufbar war. Ich habe mich dann im Netz schlau gemacht wie ich diesen wieder öffnen kann, habe die Registry entsprechend verändert, den Prozess von dem vermeintlichen Trojaner beendet und die dazugehörige Exe gelöscht. Seitdem läuft mein Rechner eigentlich wie gewohnt. Als nächstes habe ich AntiVir eine Systemprüfung machen lassen - ohne Fund. Ich persönlich habe leider wenig Ahnung von sowas, aber ich schätze, dass sich der Trojaner wohl so leicht nicht beseitigen lässt. (Zumal ich z.B. meinen Bildschirmhintergrund nicht einstellen konnte). Nachdem ich dann hier ein bisschen durch die Threads zum Thema gelesen hatte, habe ich Malwarebytes durchlaufen lassen und die Funde entfernen lassen (Jetzt kann ich zumindest schonmal den Bildschirmhintergrund ändern). Ich hoffe, dass Ihr mir hier im Forum mit Hilfe der Log-Files sagen könnt, inwiefern mein Pc noch infiziert ist und wie ich näher an den Zustand vor der Infizierung kommen kann (war leider so dämlich und habe kein Systemabbild gemacht bzw. kann die CD vom Auslieferungszustand nicht wiederfinden). Ich bedanke mich schonmal dafür, dass ihr euch mit meinem Problem beschäftigt! OTL.txt Code:
ATTFilter OTL logfile created on: 22.04.2011 20:08:35 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Marco\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 75,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 318,92 Gb Total Space | 76,00 Gb Free Space | 23,83% Space Free | Partition Type: NTFS Drive D: | 300,29 Gb Total Space | 300,18 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 23,43 Gb Free Space | 47,99% Space Free | Partition Type: NTFS Drive H: | 20,07 Gb Total Space | 8,04 Gb Free Space | 40,05% Space Free | Partition Type: NTFS Drive I: | 29,29 Gb Total Space | 29,12 Gb Free Space | 99,41% Space Free | Partition Type: NTFS Drive J: | 41,19 Gb Total Space | 41,10 Gb Free Space | 99,78% Space Free | Partition Type: NTFS Drive K: | 4,20 Gb Total Space | 4,10 Gb Free Space | 97,55% Space Free | Partition Type: NTFS Drive L: | 152,83 Gb Total Space | 118,20 Gb Free Space | 77,34% Space Free | Partition Type: NTFS Drive M: | 15,89 Gb Total Space | 15,58 Gb Free Space | 98,04% Space Free | Partition Type: NTFS Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Safari\Safari.exe (Apple Inc.) PRC - C:\Users\Marco\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Marco\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (jumi) -- C:\Windows\SysNative\drivers\jumi.sys (Windows (R) Codename Longhorn DDK provider) DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys () DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys () DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (TTUSB2BDA_NTAMD64) -- C:\Windows\SysNative\drivers\ttusb2bda_amd64.sys (TechnoTrend AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.14 [2010.09.29 21:47:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\chstc42q.default\extensions [2010.02.05 18:07:32 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\chstc42q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.29 21:47:00 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\chstc42q.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.02.05 18:07:32 | 000,000,000 | -H-D | M] (Live HTTP Headers) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\chstc42q.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2010.08.06 18:58:32 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\chstc42q.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.10.08 16:17:46 | 000,002,399 | -H-- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\chstc42q.default\searchplugins\daemon-search.xml File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\MARCOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CHSTC42Q.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} File not found (No name found) -- C:\USERS\MARCOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CHSTC42Q.DEFAULT\EXTENSIONS\{8F8FE09B-0BD3-4470-BC1B-8CAD42B8203A} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [WinampAgent] File not found O4 - HKCU..\Run: [JumiController] File not found O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [uvEWQXCeAJwf] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{007f07b4-dde2-11df-a0b7-00241d10f52a}\Shell - "" = AutoRun O33 - MountPoints2\{007f07b4-dde2-11df-a0b7-00241d10f52a}\Shell\AutoRun\command - "" = Q:\pushinst.exe O33 - MountPoints2\{5f6d0b43-11c4-11df-81d3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5f6d0b43-11c4-11df-81d3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 19:55:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe [2011.04.22 19:52:34 | 000,000,000 | ---D | C] -- C:\Users\Marco\AppData\Roaming\Malwarebytes [2011.04.22 19:52:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.04.22 19:52:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.22 19:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.22 19:52:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.04.22 19:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.04.20 00:08:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.20 00:08:31 | 000,000,000 | -H-D | C] -- C:\Programme\iTunes [2011.04.20 00:08:31 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\iTunes [2011.04.20 00:08:31 | 000,000,000 | -H-D | C] -- C:\Programme\iPod [2011.04.20 00:07:41 | 000,000,000 | -H-D | C] -- C:\Programme\Bonjour [2011.04.20 00:07:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Bonjour [2011.04.20 00:07:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.19 19:15:20 | 000,000,000 | -H-D | C] -- C:\Users\Marco\Desktop\Mottowoche [2011.04.17 19:55:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTH [2011.04.17 19:55:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\PokerTH-0.8.3 [2011.04.15 13:54:10 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.04.15 13:54:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.15 13:54:10 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011.04.15 13:54:07 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011.04.15 13:54:07 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011.04.15 13:54:06 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.15 13:54:06 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.15 13:54:05 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011.04.15 13:54:05 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.15 13:54:05 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011.04.15 13:54:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.15 13:53:58 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.04.15 13:53:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.15 13:53:58 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.04.15 13:53:57 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.04.15 13:53:57 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.15 13:53:57 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.04.15 13:53:57 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.15 13:53:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.04.15 13:53:57 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.04.15 13:53:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.15 13:53:57 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.04.15 13:53:57 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.04.15 13:53:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.04.15 13:53:57 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.04.15 13:53:44 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011.04.15 13:53:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011.04.15 13:53:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011.04.15 13:53:41 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011.04.15 13:53:41 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011.04.15 13:53:41 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011.04.15 13:53:41 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011.04.15 13:53:41 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011.04.15 13:53:41 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011.04.15 13:53:41 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011.04.15 13:53:39 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011.04.12 18:37:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 [2011.04.12 18:37:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Google [2011.04.06 16:26:58 | 000,119,584 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe [2011.04.06 16:26:58 | 000,096,544 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll [2011.04.06 16:20:16 | 000,107,808 | -H-- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe [2011.04.06 16:20:16 | 000,091,424 | -H-- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll [2011.03.26 01:48:06 | 004,284,416 | -H-- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Marco\Documents\*.tmp files -> C:\Users\Marco\Documents\*.tmp -> ] [1 C:\Users\Marco\Desktop\*.tmp files -> C:\Users\Marco\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.22 20:06:36 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 20:06:36 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.22 20:03:54 | 001,480,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.22 20:03:54 | 000,647,138 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.22 20:03:54 | 000,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.22 20:03:54 | 000,127,198 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.22 20:03:54 | 000,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.22 19:58:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.22 19:58:42 | 535,531,519 | -HS- | M] () -- C:\hiberfil.sys [2011.04.22 19:52:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 20:46:19 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43310856r [2011.04.21 20:46:19 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~43310856 [2011.04.21 20:27:31 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~44293896r [2011.04.21 20:27:31 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~44293896 [2011.04.21 20:09:39 | 000,271,360 | -H-- | M] () -- C:\Users\Marco\Documents\archive.pst [2011.04.20 00:11:56 | 000,002,503 | -H-- | M] () -- C:\Users\Marco\Desktop\Safari.lnk [2011.04.20 00:09:17 | 000,002,491 | -H-- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011.04.20 00:08:40 | 000,001,783 | -H-- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.17 20:43:00 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Marco.job [2011.04.17 13:10:30 | 000,002,116 | -H-- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.04.17 13:10:29 | 000,001,609 | -H-- | M] () -- C:\Users\Marco\Desktop\DivX Movies.lnk [2011.04.16 13:26:23 | 000,416,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.12 18:43:59 | 000,001,106 | -H-- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2011.04.06 16:26:58 | 000,119,584 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe [2011.04.06 16:26:58 | 000,096,544 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll [2011.04.06 16:20:16 | 000,107,808 | -H-- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe [2011.04.06 16:20:16 | 000,091,424 | -H-- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll [2011.03.31 12:25:11 | 000,000,068 | -H-- | M] () -- C:\Users\Marco\Desktop\YouTube - League of Legends Kog'Maw [13] [HD].URL [2011.03.26 01:48:06 | 004,284,416 | -H-- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Marco\Documents\*.tmp files -> C:\Users\Marco\Documents\*.tmp -> ] [1 C:\Users\Marco\Desktop\*.tmp files -> C:\Users\Marco\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.22 19:52:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 20:46:19 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43310856r [2011.04.21 20:46:18 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~43310856 [2011.04.21 20:27:31 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~44293896r [2011.04.21 20:27:31 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~44293896 [2011.04.20 00:11:56 | 000,002,503 | -H-- | C] () -- C:\Users\Marco\Desktop\Safari.lnk [2011.04.20 00:08:40 | 000,001,783 | -H-- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.17 13:10:30 | 000,002,116 | -H-- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2011.04.17 13:10:29 | 000,001,609 | -H-- | C] () -- C:\Users\Marco\Desktop\DivX Movies.lnk [2011.04.12 18:43:59 | 000,001,106 | -H-- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2011.03.31 12:25:11 | 000,000,068 | -H-- | C] () -- C:\Users\Marco\Desktop\YouTube - League of Legends Kog'Maw [13] [HD].URL [2011.01.21 17:46:51 | 000,137,216 | -H-- | C] () -- C:\Windows\epuninstall.exe [2010.09.10 22:15:42 | 000,005,632 | -H-- | C] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.14 19:07:47 | 000,139,432 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.07.05 20:40:43 | 000,000,000 | -H-- | C] () -- C:\Users\Marco\AppData\Roaming\chrtmp [2010.05.15 21:35:13 | 001,499,556 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.04.06 23:28:49 | 000,088,891 | -H-- | C] () -- C:\Windows\War3Unin.dat [2010.04.03 03:44:20 | 000,000,141 | -H-- | C] () -- C:\Windows\SysWow64\AU8Settings.ini [2010.02.14 16:53:48 | 000,110,592 | -H-- | C] () -- C:\Windows\SysWow64\AegisI5.exe [2010.02.14 16:53:48 | 000,086,016 | -H-- | C] () -- C:\Windows\SysWow64\install2500USB.dll [2010.02.14 16:53:48 | 000,045,056 | -H-- | C] () -- C:\Windows\SysWow64\DEDriverDLL.dll [2010.02.14 16:53:48 | 000,032,768 | -H-- | C] () -- C:\Windows\SysWow64\SmartInstallCfg2.dll [2010.02.14 16:53:48 | 000,028,672 | -H-- | C] () -- C:\Windows\SysWow64\CCS2500USB.exe [2010.02.14 16:53:47 | 000,036,864 | -H-- | C] () -- C:\Windows\SysWow64\WRLSetup.exe [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010.11.30 17:29:24 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\360desktop [2010.08.11 04:12:59 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\Amazon [2010.05.13 17:58:44 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\Bump Technologies, Inc [2011.04.13 10:55:02 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\Canon [2010.08.06 18:58:32 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.29 17:34:33 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\ICQ [2011.02.25 15:28:09 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\LolClient [2010.06.18 22:34:09 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\Miranda Fusion [2010.10.08 15:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\pokerth [2010.07.12 15:41:47 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\runic games [2010.09.13 20:14:37 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\SharePod [2010.09.07 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\Stardock [2010.02.05 16:36:52 | 000,000,000 | -H-D | M] -- C:\Users\Marco\AppData\Roaming\TechnoTrend [2011.03.01 14:50:10 | 000,032,640 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 20:08:35 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Marco\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 75,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 318,92 Gb Total Space | 76,00 Gb Free Space | 23,83% Space Free | Partition Type: NTFS
Drive D: | 300,29 Gb Total Space | 300,18 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 23,43 Gb Free Space | 47,99% Space Free | Partition Type: NTFS
Drive H: | 20,07 Gb Total Space | 8,04 Gb Free Space | 40,05% Space Free | Partition Type: NTFS
Drive I: | 29,29 Gb Total Space | 29,12 Gb Free Space | 99,41% Space Free | Partition Type: NTFS
Drive J: | 41,19 Gb Total Space | 41,10 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive K: | 4,20 Gb Total Space | 4,10 Gb Free Space | 97,55% Space Free | Partition Type: NTFS
Drive L: | 152,83 Gb Total Space | 118,20 Gb Free Space | 77,34% Space Free | Partition Type: NTFS
Drive M: | 15,89 Gb Total Space | 15,58 Gb Free Space | 98,04% Space Free | Partition Type: NTFS
Computer Name: MARCO-PC | User Name: Marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{56F26668-13DA-497A-883F-61434A10CBAB}" = MobileMe Control Panel
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{FF83E766-F1F7-4DAC-A8E1-135EE68B65CB}" = TT MCE-Tools
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3648DB03-30F4-4383-95AC-AE793825184C}" = TT-Media Center
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{E06F91DB-9DA5-41F9-9941-6B0802236A44}" = RUBICon
"{F1692C91-2400-4223-BD5E-69AB99C84C64}" = Sphairon USB Wireless LAN Card
"{F1E34A5C-3559-4F66-9008-DD7B84A96B57}" = TT-BDA Data
"A woman undressing outside Screen Saver" = A woman undressing outside Screen Saver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Auto Shutdown_is1" = Auto Shutdown 8.11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CamStudio" = CamStudio
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Delphi 7 Second Edition v7.2_is1" = Delphi 7 Second Edition
"DivX Setup.divx.com" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.4
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"ICQToolbar" = ICQ Toolbar
"Kalender-Excel_is1" = Kalender-Excel-8.7
"KaloMa_is1" = KaloMa 4.91
"Living Waterfalls Screensaver" = Living Waterfalls Screensaver
"Logic Fun 4.8" = Logic Fun 4.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MirandaFusion" = Miranda Fusion 2.0.25
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MyCamera" = Canon Utilities MyCamera
"NSS" = Norton Security Scan
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PokerTH 0.8.3" = PokerTH
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Replay Explorer_is1" = Replay Explorer 2
"RocketDock_is1" = RocketDock 1.3.5
"Technotrend Viewer_is1" = Technotrend Viewer
"UltraDefrag" = Ultra Defragmenter
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinCorder" = WinCorder
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra WebStart" = GeoGebra WebStart
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.04.2011 01:40:42 | Computer Name = Marco-PC | Source = System Restore | ID = 8193
Description =
Error - 19.04.2011 07:06:16 | Computer Name = Marco-PC | Source = System Restore | ID = 8193
Description =
Error - 19.04.2011 07:40:44 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 20.04.2011 09:04:27 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.04.2011 07:25:55 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.04.2011 07:49:25 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.04.2011 09:05:31 | Computer Name = Marco-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 22.04.2011 09:28:03 | Computer Name = Marco-PC | Source = System Restore | ID = 8193
Description =
Error - 22.04.2011 09:58:03 | Computer Name = Marco-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Marco\Downloads\SoftonicDownloader37983.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 22.04.2011 10:46:09 | Computer Name = Marco-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Safari.exe, Version: 5.33.21.1, Zeitstempel:
0x4d8810be Name des fehlerhaften Moduls: WebKit.dll, Version: 5.33.21.1, Zeitstempel:
0x4d87e897 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a8a0e ID des fehlerhaften Prozesses:
0x664 Startzeit der fehlerhaften Anwendung: 0x01cc00f2d316913c Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Safari\Safari.exe Pfad des fehlerhaften Moduls:
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.dll Berichtskennung:
41f7564e-6cef-11e0-a8fa-00241d10f52a
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6420
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22.04.2011 19:57:09
mbam-log-2011-04-22 (19-57-09).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 167545
Laufzeit: 2 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\Users\Marco\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Users\Marco\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Marco\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
|
|
25.04.2011, 14:45
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-DateienZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
25.04.2011, 15:08
| #3 |
| | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-DateienCode:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6420
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
23.04.2011 15:09:26
mbam-log-2011-04-23 (15-09-26).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 499651
Laufzeit: 1 Stunde(n), 16 Minute(n), 13 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Edit: Lasse jetzt nochmal durchlaufen mit heute aktualisierter Version 6440. |
|
25.04.2011, 16:24
| #4 |
| | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien Hier das Ergebnis des erneuten Durchlaufs: Code:
ATTFilter www.malwarebytes.org
Datenbank Version: 6440
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
25.04.2011 17:20:49
mbam-log-2011-04-25 (17-20-49).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 488059
Laufzeit: 1 Stunde(n), 10 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files\WinRAR\Zip.SFX (Malware.Packer.Gen) -> Quarantined and deleted successfully.
|
|
25.04.2011, 20:06
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{007f07b4-dde2-11df-a0b7-00241d10f52a}\Shell - "" = AutoRun
O33 - MountPoints2\{007f07b4-dde2-11df-a0b7-00241d10f52a}\Shell\AutoRun\command - "" = Q:\pushinst.exe
O33 - MountPoints2\{5f6d0b43-11c4-11df-81d3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f6d0b43-11c4-11df-81d3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O4 - HKCU..\Run: [uvEWQXCeAJwf] File not found
:Files
C:\ProgramData\~*
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.04.2011, 09:57
| #6 |
| | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien Bin direkt nach dem Start von OTL auf "Bereinigen" gekommen und hab da den Neustart abgebrochen und dann dann Text eingefügt und "Fix" geklickt =/ Hoffe das hat jetzt nichts versaut oder so. Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{007f07b4-dde2-11df-a0b7-00241d10f52a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{007f07b4-dde2-11df-a0b7-00241d10f52a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{007f07b4-dde2-11df-a0b7-00241d10f52a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{007f07b4-dde2-11df-a0b7-00241d10f52a}\ not found.
File Q:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f6d0b43-11c4-11df-81d3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f6d0b43-11c4-11df-81d3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f6d0b43-11c4-11df-81d3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f6d0b43-11c4-11df-81d3-806e6f6e6963}\ not found.
File E:\start.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uvEWQXCeAJwf deleted successfully.
========== FILES ==========
C:\ProgramData\~43310856 moved successfully.
C:\ProgramData\~43310856r moved successfully.
C:\ProgramData\~44293896 moved successfully.
C:\ProgramData\~44293896r moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marco
->Temp folder emptied: 90406415 bytes
->Temporary Internet Files folder emptied: 2265951762 bytes
->Java cache emptied: 14383524 bytes
->FireFox cache emptied: 62038618 bytes
->Apple Safari cache emptied: 87390208 bytes
->Flash cache emptied: 42914 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52118 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.404,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04262011_104657
Files\Folders moved on Reboot...
File move failed. C:\Users\Marco\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
26.04.2011, 12:19
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2011, 13:30
| #8 |
| | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien Hier das Kaspersky-Log Code:
ATTFilter 2011/04/26 14:26:46.0276 2120 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/26 14:26:46.0432 2120 ================================================================================
2011/04/26 14:26:46.0432 2120 SystemInfo:
2011/04/26 14:26:46.0432 2120
2011/04/26 14:26:46.0432 2120 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/26 14:26:46.0432 2120 Product type: Workstation
2011/04/26 14:26:46.0432 2120 ComputerName: MARCO-PC
2011/04/26 14:26:46.0432 2120 UserName: Marco
2011/04/26 14:26:46.0432 2120 Windows directory: C:\Windows
2011/04/26 14:26:46.0432 2120 System windows directory: C:\Windows
2011/04/26 14:26:46.0432 2120 Running under WOW64
2011/04/26 14:26:46.0432 2120 Processor architecture: Intel x64
2011/04/26 14:26:46.0432 2120 Number of processors: 8
2011/04/26 14:26:46.0432 2120 Page size: 0x1000
2011/04/26 14:26:46.0432 2120 Boot type: Normal boot
2011/04/26 14:26:46.0432 2120 ================================================================================
2011/04/26 14:26:46.0853 2120 Initialize success
2011/04/26 14:26:50.0800 3808 ================================================================================
2011/04/26 14:26:50.0800 3808 Scan started
2011/04/26 14:26:50.0800 3808 Mode: Manual;
2011/04/26 14:26:50.0800 3808 ================================================================================
2011/04/26 14:26:52.0266 3808 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/26 14:26:52.0282 3808 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/26 14:26:52.0313 3808 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/26 14:26:52.0360 3808 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/26 14:26:52.0391 3808 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/26 14:26:52.0407 3808 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/26 14:26:52.0454 3808 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/26 14:26:52.0469 3808 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/26 14:26:52.0500 3808 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/26 14:26:52.0532 3808 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/26 14:26:52.0563 3808 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/26 14:26:52.0578 3808 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/26 14:26:52.0625 3808 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/26 14:26:52.0641 3808 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/26 14:26:52.0672 3808 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/26 14:26:52.0719 3808 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/26 14:26:52.0750 3808 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/26 14:26:52.0781 3808 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/26 14:26:52.0812 3808 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/26 14:26:52.0828 3808 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/26 14:26:52.0875 3808 atksgt (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/26 14:26:52.0937 3808 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/26 14:26:52.0968 3808 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/26 14:26:53.0000 3808 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/26 14:26:53.0031 3808 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/26 14:26:53.0062 3808 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/26 14:26:53.0109 3808 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/26 14:26:53.0124 3808 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/26 14:26:53.0156 3808 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/26 14:26:53.0187 3808 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/26 14:26:53.0202 3808 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/26 14:26:53.0249 3808 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/26 14:26:53.0265 3808 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/26 14:26:53.0296 3808 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/26 14:26:53.0343 3808 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/26 14:26:53.0358 3808 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/26 14:26:53.0390 3808 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/26 14:26:53.0452 3808 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/26 14:26:53.0468 3808 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/26 14:26:53.0483 3808 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/26 14:26:53.0514 3808 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/26 14:26:53.0530 3808 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/26 14:26:53.0561 3808 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/26 14:26:53.0577 3808 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/26 14:26:53.0624 3808 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/04/26 14:26:53.0655 3808 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/26 14:26:53.0670 3808 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/26 14:26:53.0686 3808 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/26 14:26:53.0733 3808 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/26 14:26:53.0764 3808 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/26 14:26:53.0842 3808 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/26 14:26:53.0904 3808 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/26 14:26:53.0936 3808 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/26 14:26:53.0982 3808 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/26 14:26:53.0998 3808 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/26 14:26:54.0029 3808 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/26 14:26:54.0045 3808 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/26 14:26:54.0076 3808 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/26 14:26:54.0092 3808 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/26 14:26:54.0107 3808 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/26 14:26:54.0138 3808 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/26 14:26:54.0154 3808 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/26 14:26:54.0185 3808 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/26 14:26:54.0201 3808 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/26 14:26:54.0248 3808 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/26 14:26:54.0279 3808 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/26 14:26:54.0326 3808 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/26 14:26:54.0357 3808 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/26 14:26:54.0388 3808 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/26 14:26:54.0404 3808 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/26 14:26:54.0435 3808 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/26 14:26:54.0466 3808 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/26 14:26:54.0482 3808 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/26 14:26:54.0528 3808 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/26 14:26:54.0544 3808 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/26 14:26:54.0560 3808 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/26 14:26:54.0606 3808 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/26 14:26:54.0669 3808 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/26 14:26:54.0700 3808 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/26 14:26:54.0731 3808 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/26 14:26:54.0747 3808 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/26 14:26:54.0794 3808 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/26 14:26:54.0809 3808 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/26 14:26:54.0825 3808 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/26 14:26:54.0856 3808 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/26 14:26:54.0872 3808 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/26 14:26:54.0918 3808 jumi (ccb39c7006d436d238ac75d2abfde1fe) C:\Windows\system32\DRIVERS\jumi.sys
2011/04/26 14:26:54.0950 3808 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/26 14:26:54.0950 3808 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/26 14:26:54.0981 3808 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/26 14:26:55.0012 3808 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/26 14:26:55.0028 3808 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/26 14:26:55.0090 3808 lirsgt (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/26 14:26:55.0121 3808 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/26 14:26:55.0152 3808 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/26 14:26:55.0184 3808 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/26 14:26:55.0199 3808 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/26 14:26:55.0230 3808 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/26 14:26:55.0246 3808 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/26 14:26:55.0262 3808 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/26 14:26:55.0293 3808 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/26 14:26:55.0324 3808 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/26 14:26:55.0355 3808 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/26 14:26:55.0371 3808 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/26 14:26:55.0402 3808 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/26 14:26:55.0433 3808 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/26 14:26:55.0433 3808 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/26 14:26:55.0464 3808 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/26 14:26:55.0480 3808 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/26 14:26:55.0511 3808 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/26 14:26:55.0542 3808 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/26 14:26:55.0558 3808 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/26 14:26:55.0574 3808 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/26 14:26:55.0589 3808 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/26 14:26:55.0605 3808 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/26 14:26:55.0620 3808 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/26 14:26:55.0636 3808 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/26 14:26:55.0667 3808 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/26 14:26:55.0683 3808 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/26 14:26:55.0698 3808 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/26 14:26:55.0730 3808 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/26 14:26:55.0761 3808 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/26 14:26:55.0776 3808 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/26 14:26:55.0808 3808 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/26 14:26:55.0823 3808 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/26 14:26:55.0870 3808 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/26 14:26:55.0901 3808 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/26 14:26:55.0917 3808 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/26 14:26:55.0948 3808 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/26 14:26:55.0995 3808 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/26 14:26:56.0010 3808 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/26 14:26:56.0042 3808 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/26 14:26:56.0073 3808 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/26 14:26:56.0104 3808 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/26 14:26:56.0151 3808 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/26 14:26:56.0166 3808 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/26 14:26:56.0182 3808 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/26 14:26:56.0229 3808 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/26 14:26:56.0260 3808 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/26 14:26:56.0447 3808 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/26 14:26:56.0510 3808 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/26 14:26:56.0525 3808 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/26 14:26:56.0541 3808 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/26 14:26:56.0572 3808 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/26 14:26:56.0619 3808 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/26 14:26:56.0650 3808 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/26 14:26:56.0666 3808 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/26 14:26:56.0681 3808 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/26 14:26:56.0712 3808 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/26 14:26:56.0728 3808 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/26 14:26:56.0759 3808 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/26 14:26:56.0837 3808 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/26 14:26:56.0853 3808 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/26 14:26:56.0884 3808 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/26 14:26:56.0931 3808 pwdrvio (9e97e62098fa1238d189181aab13c402) C:\Windows\system32\pwdrvio.sys
2011/04/26 14:26:56.0962 3808 pwdspio (1a8011b9bd9b5cb53783e7f91109b946) C:\Windows\system32\pwdspio.sys
2011/04/26 14:26:57.0009 3808 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/26 14:26:57.0040 3808 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/26 14:26:57.0071 3808 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/26 14:26:57.0087 3808 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/26 14:26:57.0118 3808 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/26 14:26:57.0134 3808 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/26 14:26:57.0165 3808 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/26 14:26:57.0180 3808 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/26 14:26:57.0212 3808 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/26 14:26:57.0227 3808 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/26 14:26:57.0243 3808 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/26 14:26:57.0274 3808 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/04/26 14:26:57.0305 3808 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/26 14:26:57.0321 3808 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/26 14:26:57.0352 3808 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/26 14:26:57.0368 3808 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/26 14:26:57.0414 3808 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/26 14:26:57.0461 3808 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/26 14:26:57.0492 3808 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/26 14:26:57.0524 3808 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/26 14:26:57.0555 3808 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/26 14:26:57.0586 3808 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/26 14:26:57.0617 3808 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/26 14:26:57.0633 3808 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/26 14:26:57.0664 3808 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/26 14:26:57.0695 3808 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/26 14:26:57.0726 3808 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/26 14:26:57.0726 3808 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/26 14:26:57.0758 3808 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/26 14:26:57.0773 3808 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/26 14:26:57.0804 3808 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/26 14:26:57.0820 3808 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/26 14:26:57.0836 3808 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/26 14:26:57.0882 3808 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/04/26 14:26:57.0898 3808 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/26 14:26:57.0914 3808 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/26 14:26:57.0960 3808 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/26 14:26:57.0992 3808 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/26 14:26:58.0007 3808 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/26 14:26:58.0038 3808 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/26 14:26:58.0101 3808 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/26 14:26:58.0163 3808 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/26 14:26:58.0179 3808 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/26 14:26:58.0210 3808 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/26 14:26:58.0241 3808 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/26 14:26:58.0272 3808 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/26 14:26:58.0288 3808 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/26 14:26:58.0319 3808 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/26 14:26:58.0382 3808 TTUSB2BDA_NTAMD64 (9d676a692bfc058d47d19b2cf9d4be10) C:\Windows\system32\DRIVERS\ttusb2bda_amd64.sys
2011/04/26 14:26:58.0413 3808 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/26 14:26:58.0428 3808 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/26 14:26:58.0460 3808 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/26 14:26:58.0491 3808 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/26 14:26:58.0506 3808 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/26 14:26:58.0522 3808 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/26 14:26:58.0584 3808 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/04/26 14:26:58.0600 3808 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/26 14:26:58.0631 3808 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/26 14:26:58.0647 3808 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/26 14:26:58.0678 3808 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/26 14:26:58.0678 3808 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/26 14:26:58.0709 3808 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/26 14:26:58.0740 3808 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/26 14:26:58.0756 3808 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/26 14:26:58.0787 3808 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/26 14:26:58.0803 3808 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/26 14:26:58.0834 3808 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/26 14:26:58.0850 3808 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/26 14:26:58.0865 3808 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/26 14:26:58.0896 3808 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/26 14:26:58.0928 3808 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/26 14:26:58.0943 3808 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/26 14:26:58.0974 3808 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/26 14:26:58.0990 3808 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/26 14:26:59.0006 3808 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/26 14:26:59.0037 3808 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/26 14:26:59.0052 3808 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/04/26 14:26:59.0084 3808 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/26 14:26:59.0099 3808 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/26 14:26:59.0115 3808 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/26 14:26:59.0130 3808 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/26 14:26:59.0162 3808 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/26 14:26:59.0193 3808 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/26 14:26:59.0224 3808 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/26 14:26:59.0271 3808 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/26 14:26:59.0302 3808 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/26 14:26:59.0349 3808 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/26 14:26:59.0380 3808 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/26 14:26:59.0411 3808 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/26 14:26:59.0458 3808 ================================================================================
2011/04/26 14:26:59.0458 3808 Scan finished
2011/04/26 14:26:59.0458 3808 ================================================================================
|
|
26.04.2011, 13:49
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2011, 18:04
| #10 |
| | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien CCleaner, wie beschrieben, genutzt. Hier das Ergebnis von Combofix: Code:
ATTFilter ComboFix 11-04-25.03 - Marco 26.04.2011 18:53:55.1.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.6142.4469 [GMT 2:00]
ausgeführt von:: c:\users\Marco\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marco\AppData\Roaming\chrtmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-26 bis 2011-04-26 ))))))))))))))))))))))))))))))
.
.
2011-04-26 16:58 . 2011-04-26 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-26 13:46 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{230C5E2D-C0B6-4B02-B80C-86D1FC542A6C}\mpengine.dll
2011-04-26 08:46 . 2011-04-26 08:46 -------- d-----w- C:\_OTL
2011-04-22 17:52 . 2011-04-22 17:52 -------- d-----w- c:\users\Marco\AppData\Roaming\Malwarebytes
2011-04-22 17:52 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-22 17:52 . 2011-04-22 17:52 -------- d-----w- c:\programdata\Malwarebytes
2011-04-22 17:52 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-22 17:52 . 2011-04-22 17:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-19 22:08 . 2011-04-19 22:08 -------- d-----w- c:\program files\iTunes
2011-04-19 22:08 . 2011-04-19 22:08 -------- d-----w- c:\program files (x86)\iTunes
2011-04-19 22:08 . 2011-04-19 22:08 -------- d-----w- c:\program files\iPod
2011-04-19 22:07 . 2011-04-19 22:07 -------- d-----w- c:\program files\Bonjour
2011-04-19 22:07 . 2011-04-19 22:07 -------- d-----w- c:\program files (x86)\Bonjour
2011-04-17 17:55 . 2011-04-17 17:55 -------- d-----w- c:\program files (x86)\PokerTH-0.8.3
2011-04-12 16:37 . 2011-04-12 16:37 -------- d-----w- c:\program files (x86)\Google
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-25 23:48 . 2011-03-25 23:48 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-02-18 15:36 . 2011-02-18 15:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 16:11 . 2010-02-04 20:24 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TTUSB2BDA_NTAMD64;TTUSB2BDA USB 2.0 Driver AMD64;c:\windows\system32\DRIVERS\ttusb2bda_amd64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-25 c:\windows\Tasks\Norton Security Scan for Marco.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.6.13\Nss.exe [2011-02-26 17:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-JumiController - c:\program files (x86)\Jumi\jumi.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
AddRemove-GeoGebra WebStart - c:\windows\system32\javaws.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-26 18:59:59
ComboFix-quarantined-files.txt 2011-04-26 16:59
.
Vor Suchlauf: 12 Verzeichnis(se), 83.678.228.480 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 83.027.259.392 Bytes frei
.
- - End Of File - - E8F10555B14B20A5A6E1661DB6AC540A
|
|
26.04.2011, 18:51
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2011, 19:13
| #12 |
| | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien GMER habe ich zwei mal ausgeführt. Hat zwei mal nichts gefunden und das Log war irgendwie leer. Hier das Log von OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:08:27 on 27.04.2011 OS: Windows 7 (Build 7600), 64-bit Default Browser: Apple Inc. Safari 5.0.5 (7533.21.1) Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Norton Security Scan for Marco.job" - "Symantec Corporation" - C:\Program Files (x86)\Norton Security Scan\Engine\2.7.6.13\Nss.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL "Pando" - "Pando Networks" - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "pwdrvio" (pwdrvio) - ? - C:\Windows\system32\pwdrvio.sys (File found, but it contains no detailed information) "pwdspio" (pwdspio) - ? - C:\Windows\system32\pwdspio.sys (File found, but it contains no detailed information) "TTUSB2BDA USB 2.0 Driver AMD64" (TTUSB2BDA_NTAMD64) - "TechnoTrend AG" - C:\Windows\System32\DRIVERS\ttusb2bda_amd64.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\SysWow64\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll Locked "Locked" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RocketDock" - ? - "C:\Program Files (x86)\RocketDock\RocketDock.exe" (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files (x86)\Bonjour\mDNSResponder.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: EX58-UD4P
Logical Drives Mask: 0x00001ffc
Kernel Drivers (total 146):
0x02C0C000 \SystemRoot\system32\ntoskrnl.exe
0x031E9000 \SystemRoot\system32\hal.dll
0x00B9C000 \SystemRoot\system32\kdcom.dll
0x00C4E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C92000 \SystemRoot\system32\PSHED.dll
0x00CA6000 \SystemRoot\system32\CLFS.SYS
0x00D04000 \SystemRoot\system32\CI.dll
0x00E02000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EB5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F0C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F15000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F1F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F52000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F5F000 \SystemRoot\System32\drivers\partmgr.sys
0x00F74000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F89000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FE5000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FEC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DC4000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DDE000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C2A000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00C35000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0104F000 \SystemRoot\system32\drivers\fltmgr.sys
0x0109B000 \SystemRoot\system32\drivers\fileinfo.sys
0x01257000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010AF000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0110D000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01405000 \SystemRoot\system32\drivers\ndis.sys
0x014F7000 \SystemRoot\system32\drivers\NETIO.SYS
0x01557000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x01582000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015CC000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01180000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015DC000 \SystemRoot\System32\Drivers\spldr.sys
0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
0x015E4000 \SystemRoot\System32\Drivers\mup.sys
0x015F6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0182E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01868000 \SystemRoot\system32\DRIVERS\disk.sys
0x0187E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018E6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01910000 \SystemRoot\System32\Drivers\Null.SYS
0x01919000 \SystemRoot\System32\Drivers\Beep.SYS
0x01920000 \SystemRoot\System32\drivers\vga.sys
0x0192E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01953000 \SystemRoot\System32\drivers\watchdog.sys
0x01963000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0196C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01975000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0197E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01989000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0199A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019B8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CF9000 \SystemRoot\system32\drivers\afd.sys
0x02D83000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DC8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DD1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C2A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C3E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C8F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C9B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02CA6000 \SystemRoot\System32\drivers\discache.sys
0x040F3000 \SystemRoot\system32\drivers\csc.sys
0x04176000 \SystemRoot\System32\Drivers\dfsc.sys
0x04194000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x041A5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x041CB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04890000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0423D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04331000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04377000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04384000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x043DA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04200000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05398000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04224000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04231000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x043EB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x053D6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04824000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04830000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0485F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04000000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04021000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0487A000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x053EC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0403B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0404A000 \SystemRoot\system32\DRIVERS\ks.sys
0x0408D000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0582F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05889000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0589E000 \SystemRoot\system32\drivers\HdAudio.sys
0x058FA000 \SystemRoot\system32\drivers\portcls.sys
0x05937000 \SystemRoot\system32\drivers\drmk.sys
0x05959000 \SystemRoot\system32\drivers\ksthunk.sys
0x0595F000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0596D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05979000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x05984000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x05997000 \SystemRoot\System32\drivers\Dxapi.sys
0x01E94000 \SystemRoot\system32\DRIVERS\ttusb2bda_amd64.sys
0x01F4A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x01F4C000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x01F50000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x01F6D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x01F7B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x01F94000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x01F9D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x01FAB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x01FB8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x01FC6000 \SystemRoot\system32\drivers\luafv.sys
0x01E00000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x01E1B000 \SystemRoot\system32\drivers\WudfPf.sys
0x01E3C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x01E51000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06617000 \SystemRoot\system32\drivers\HTTP.sys
0x066DF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x066FD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06715000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06742000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06790000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06C5B000 \SystemRoot\system32\drivers\peauth.sys
0x06D01000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06D0C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06D39000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06D4B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06E16000 \SystemRoot\System32\DRIVERS\srv.sys
0x06F1C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x06F27000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x77740000 \Windows\System32\ntdll.dll
0x47A90000 \Windows\System32\smss.exe
0xFFA60000 \Windows\System32\apisetschema.dll
0xFF5C0000 \Windows\System32\autochk.exe
Processes (total 55):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
376 csrss.exe
460 C:\Windows\System32\wininit.exe
484 csrss.exe
520 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
548 C:\Windows\System32\lsm.exe
656 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\winlogon.exe
924 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
512 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\spoolsv.exe
1184 C:\Windows\System32\svchost.exe
1212 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1340 C:\Windows\System32\svchost.exe
1508 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1532 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1568 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1632 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
1732 C:\Windows\System32\svchost.exe
2344 C:\Windows\System32\taskhost.exe
2404 C:\Windows\System32\dwm.exe
2420 C:\Windows\explorer.exe
2528 C:\Program Files (x86)\RocketDock\RocketDock.exe
2544 C:\Program Files\Windows Sidebar\sidebar.exe
2580 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
2648 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2664 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2708 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2716 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3040 C:\Windows\System32\SearchIndexer.exe
2748 C:\Program Files\iPod\bin\iPodService.exe
3544 C:\Windows\System32\svchost.exe
3584 C:\Program Files\Windows Media Player\wmpnetwk.exe
3080 C:\Windows\System32\svchost.exe
2608 C:\Program Files (x86)\Safari\Safari.exe
3608 C:\Windows\System32\audiodg.exe
3952 C:\Program Files (x86)\iTunes\iTunes.exe
3292 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
3776 C:\Windows\System32\conhost.exe
2840 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
2856 C:\Windows\System32\conhost.exe
4032 C:\Users\Marco\Desktop\osam_autorun_manager_5_0_portable\osam.exe
1744 C:\Users\Marco\Desktop\osam_autorun_manager_5_0_portable\osam.exe
3400 C:\Windows\System32\SearchProtocolHost.exe
2728 C:\Windows\System32\SearchFilterHost.exe
3404 C:\Windows\System32\dllhost.exe
3088 C:\Users\Marco\Desktop\MBRCheck.exe
3792 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000077`98b00000 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x0000004f`bab5be00 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x0000005b`efa88a00 (NTFS)
\\.\I: --> \\.\PhysicalDrive0 at offset 0x00000065`f9a07e00 (NTFS)
\\.\J: --> \\.\PhysicalDrive0 at offset 0x0000006d`4c665e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive0 at offset 0x00000064`ecf63600 (NTFS)
\\.\L: --> \\.\PhysicalDrive0 at offset 0x000000c2`ab6d2400 (NTFS)
\\.\M: --> \\.\PhysicalDrive0 at offset 0x00000060`f4270200 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
27.04.2011, 19:35
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.04.2011, 16:48
| #14 |
| | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien SASW: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/30/2011 at 05:41 PM
Application Version : 4.51.1000
Core Rules Database Version : 6943
Trace Rules Database Version: 4755
Scan type : Complete Scan
Total Scan Time : 02:30:25
Memory items scanned : 568
Memory threats detected : 0
Registry items scanned : 14174
Registry threats detected : 0
File items scanned : 331758
File threats detected : 1
Adware.Tracking Cookie
C:\Users\Marco\AppData\Roaming\Microsoft\Windows\Cookies\marco@yadro[2].txt
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6477
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
30.04.2011 15:08:29
mbam-log-2011-04-30 (15-08-29).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|)
Durchsuchte Objekte: 488195
Laufzeit: 1 Stunde(n), 12 Minute(n), 57 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
01.05.2011, 13:49
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Kazy.mekml.1 - Grad der Infizierung nach Löschung zweier Trojaner-Exe-Dateien |
| 64-bit, antivir, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, conduit, disabletaskmgr, entfernen, error, excel, exe-datei, firefox, flash player, google, langs, league of legends, location, logfile, microsoft office word, mozilla, office 2007, oldtimer, picasa, plug-in, problem, programm, prozess, realtek, registry, richtlinie, saver, scan, sched.exe, searchplugins, security, security scan, security update, senden, shell32.dll, shortcut, software, start menu, systemabbild, syswow64, taskmanager, trojan.fakeav, trojaner, webcheck, wenig ahnung, windows, ändern |
Linear-Darstellung
