| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy.mekml.1 ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.04.2011, 21:16
| #1 |
| |  TR/Kazy.mekml.1 ? Also ich habe ein ähnliches problem wie einige meiner vorgänger. ich hatte auf einmal kaum noch icons auf meinem deskop. habe dann systemwiederherstellung gemacht, die icons waren wieder da, aber der inhalt (dateien) eben nicht. ich bekam immer die nachricht das nicht auf meinen RAM speicher zugegriffen werden kann. habe mir durch belesen auch schon malwarebytes - anti-malware gedownloadet und den quickscann gemacht und alles infizierte gelöscht. folgendes steht im log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6474 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 29.04.2011 21:57:36 mbam-log-2011-04-29 (21-57-36).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 174250 Laufzeit: 5 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 21 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9EE2330AE5F4470CAC801BAAC83818C9 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267ACFC5644DAB06F058006DDBAE3 (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F158A1E-A687-4A11-9679-B3AC64B86A1C} (Adware.Seekmo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\InstIE.HbInstObj (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Toolbar.HtmlMenuUI (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} (Trojan.Vundo) -> Value: {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} (Trojan.Vundo) -> Value: {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: kann mir bitte jemand weiter helfen?? danke schonmal habe mittlerweile auch OTL durchlaufen lassen.OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.04.2011 00:03:13 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Köhny\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 582,00 Mb Available Physical Memory | 57,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,52 Gb Total Space | 5,26 Gb Free Space | 7,05% Space Free | Partition Type: NTFS Computer Name: CHRISTOPHER | User Name: Köhny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Köhny\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe (Olivetti) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Köhny\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.) MOD - C:\WINDOWS\system32\mlang.dll (Microsoft Corporation) MOD - C:\Programme\SweetIM\Messenger\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AppMgmt) -- File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (olMntrService) -- C:\Programme\Olivetti\ANY_WAY\olMntrService.exe (Olivetti) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (tmnsusbser) -- C:\WINDOWS\system32\drivers\tmnsusbser.sys (Wireless Device) DRV - (tmusbnet) -- C:\WINDOWS\system32\drivers\tmusbnet.sys (QUALCOMM Incorporated) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbfake) -- C:\WINDOWS\system32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG) DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (Applied Networking Inc.) DRV - (PDNMp50) -- C:\WINDOWS\system32\drivers\PDNMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PDNSp50) -- C:\WINDOWS\system32\drivers\PDNSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (PDDSLADP) -- C:\WINDOWS\system32\drivers\PDDSLADP.SYS (ProDyne) DRV - (PDDSLHND) -- C:\WINDOWS\System32\drivers\PDDSLHND.SYS (ProDyne) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.) DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology) DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology) DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.26 23:33:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.26 23:33:03 | 000,000,000 | ---D | M] [2009.01.18 15:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Extensions [2011.04.29 21:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions [2009.10.12 22:50:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.30 16:46:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.04.12 20:00:14 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.04.12 19:59:45 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.02.16 18:56:40 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2011.04.12 20:00:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\extensions\engine@conduit.com [2008.02.17 23:39:15 | 000,001,878 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\aolsearch.xml [2009.02.09 18:56:09 | 000,000,681 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\ask.xml [2009.10.10 17:37:59 | 000,002,163 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\bing.xml [2011.04.06 10:55:46 | 000,000,931 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\conduit.xml [2011.04.24 23:44:44 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-1.xml [2009.10.10 20:20:32 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-10.xml [2009.10.30 00:20:36 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-11.xml [2009.12.17 20:24:15 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-12.xml [2010.01.21 19:04:23 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-13.xml [2010.02.19 15:08:28 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-14.xml [2010.04.06 19:24:05 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-15.xml [2010.07.04 20:16:22 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-16.xml [2010.12.14 21:39:29 | 000,000,961 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-17.xml [2008.09.03 01:12:41 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-2.xml [2008.10.25 22:18:41 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-3.xml [2008.12.12 00:47:41 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-4.xml [2009.01.18 15:26:32 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-5.xml [2009.07.18 18:50:33 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-6.xml [2009.07.19 10:49:38 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-7.xml [2009.07.24 17:08:58 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-8.xml [2009.08.06 18:15:16 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin-9.xml [2010.06.21 16:35:24 | 000,001,042 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\icqplugin.xml [2010.02.02 01:13:35 | 000,003,915 | -H-- | M] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\searchplugins\sweetim.xml [2010.06.26 13:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.03.28 00:42:43 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-gzfb@partners.mozilla.com File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KöHNY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BC46LH50.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KöHNY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BC46LH50.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KöHNY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BC46LH50.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KöHNY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BC46LH50.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\KöHNY\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\BC46LH50.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM [2010.08.25 12:19:48 | 001,459,712 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv530.dll [2009.11.22 21:09:36 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2011.03.26 23:32:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.26 23:32:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.26 23:32:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.26 23:32:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.26 23:32:56 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.03.31 13:33:44 | 000,229,080 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.139mm.com O1 - Hosts: 8058 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {93959911-3E86-0BF5-66FB-C0A9FD9E227F} - No CLSID value found. O2 - BHO: (no name) - {B9422987-4FBC-47D0-8A71-C096DD77B16F} - No CLSID value found. O2 - BHO: (no name) - {c6dc57b4-6606-4754-92b7-6972322be124} - No CLSID value found. O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OlStatusMon] C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe (Olivetti) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Belkin Dienstprogramm für kabellose Netzwerke.lnk = C:\Programme\Belkin\F6D4050\v1\Belkinwcui.exe (Belkin International, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: alice-dsl.de ([]http in Trusted sites) O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class) O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab (InstallerBehaviorFactory Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1150810486718 (WUWebControl Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://gamenextde.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\awtsRiii: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Köhny\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Köhny\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkJyYqq.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.06.20 15:02:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell - "" = AutoRun O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell - "" = AutoRun O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell - "" = AutoRun O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell\AutoRun\command - "" = H:\.\autorun.exe O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell - "" = AutoRun O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.29 21:49:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Malwarebytes [2011.04.29 21:49:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.04.29 21:49:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.04.29 21:49:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.04.29 21:49:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.25 10:20:53 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011.04.25 10:20:12 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Köhny\Recent [2011.04.12 21:13:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Köhny\Desktop\Youtube conv [2011.04.12 19:59:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.04.12 19:59:17 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Köhny\Eigene Dateien\DVDVideoSoft [2011.04.12 19:54:47 | 022,229,776 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Dokumente und Einstellungen\Köhny\Desktop\FreeYouTubeToMp3Converter_3.9.35.exe [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.30 00:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.04.29 23:56:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.29 23:56:01 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.04.29 23:53:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.29 23:17:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.04.29 21:49:31 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.18 19:04:12 | 000,107,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.17 22:54:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.04.17 22:52:13 | 000,459,600 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.04.17 22:52:13 | 000,441,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.17 22:52:13 | 000,085,120 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.04.17 22:52:13 | 000,071,820 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.12 19:59:50 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Köhny\Desktop\DVDVideoSoft Free Studio.lnk [2011.04.12 19:59:04 | 000,001,023 | ---- | M] () -- C:\Dokumente und Einstellungen\Köhny\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.12 19:58:11 | 022,229,776 | ---- | M] (DVDVideoSoft Limited. ) -- C:\Dokumente und Einstellungen\Köhny\Desktop\FreeYouTubeToMp3Converter_3.9.35.exe [2011.04.06 16:51:42 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.29 21:49:31 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.12 19:59:19 | 000,000,906 | ---- | C] () -- C:\Dokumente und Einstellungen\Köhny\Desktop\DVDVideoSoft Free Studio.lnk [2011.04.12 19:59:04 | 000,001,023 | ---- | C] () -- C:\Dokumente und Einstellungen\Köhny\Desktop\Free YouTube to MP3 Converter.lnk [2011.02.06 16:43:42 | 000,695,578 | ---- | C] () -- C:\WINDOWS\unins000.exe [2011.02.06 16:43:42 | 000,000,922 | ---- | C] () -- C:\WINDOWS\unins000.dat [2010.12.14 23:37:18 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\usrdpa32.dll [2010.06.26 13:18:45 | 000,000,264 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2010.06.26 12:30:42 | 000,015,312 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2010.03.02 17:14:37 | 000,083,968 | ---- | C] () -- C:\WINDOWS\UnGins.exe [2010.03.02 17:14:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll [2010.03.02 17:14:05 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll [2009.03.21 00:25:02 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2008.11.03 18:12:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI [2008.05.19 13:05:25 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008.03.31 14:16:58 | 000,002,043 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008.03.28 21:55:33 | 000,003,751 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008.03.27 21:58:13 | 001,583,881 | -HS- | C] () -- C:\WINDOWS\System32\jaltpntr.ini [2008.03.27 21:54:58 | 000,161,954 | -HS- | C] () -- C:\WINDOWS\System32\qqYyJkkj.ini2 [2008.03.27 21:54:56 | 000,161,954 | -HS- | C] () -- C:\WINDOWS\System32\qqYyJkkj.ini [2008.03.04 22:35:14 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini [2008.01.25 18:17:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007.12.24 19:14:15 | 000,000,354 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2007.12.24 18:55:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.12.17 22:01:31 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys [2007.07.03 13:00:38 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2006.11.19 20:42:00 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2006.11.19 20:41:56 | 000,568,850 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2006.11.19 20:41:55 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2006.11.19 20:41:55 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006.11.19 20:41:54 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006.11.19 20:41:52 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2006.08.10 18:05:48 | 000,000,687 | ---- | C] () -- C:\WINDOWS\eReg.dat [2006.08.06 14:38:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006.08.01 17:38:58 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT [2006.07.23 13:45:11 | 000,072,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Köhny\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.07.07 17:26:54 | 000,192,789 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2006.07.06 12:27:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\suecmdial.dll [2006.07.06 11:54:33 | 000,042,982 | ---- | C] () -- C:\WINDOWS\System32\PDDSLADP.DLL [2006.06.21 14:49:58 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2006.06.21 14:47:09 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2006.06.21 12:41:49 | 000,000,077 | ---- | C] () -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\sversion.ini [2006.06.21 12:41:48 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\Köhny\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.06.20 16:39:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.06.20 15:54:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.06.20 15:53:51 | 000,107,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.06.20 15:34:11 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.06.20 15:27:16 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006.06.20 15:27:10 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.06.20 15:26:59 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini [2006.06.20 15:22:05 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006.06.20 15:14:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\uinst001.exe [2006.06.20 15:04:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.06.20 14:59:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.03.09 15:29:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.03.09 15:29:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.03.09 15:29:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.03.09 15:29:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.03.09 15:29:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.03.09 15:29:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2006.03.09 15:29:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.03.09 15:29:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.03.09 15:29:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.03.09 15:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005.08.30 01:00:00 | 000,781,312 | ---- | C] () -- C:\WINDOWS\System32\RGSS102J.dll [2005.08.30 01:00:00 | 000,778,752 | ---- | C] () -- C:\WINDOWS\System32\RGSS102E.dll [2005.08.30 01:00:00 | 000,771,584 | ---- | C] () -- C:\WINDOWS\System32\RGSS100J.dll [2002.12.31 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002.12.31 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002.12.31 14:00:00 | 000,459,600 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2002.12.31 14:00:00 | 000,441,884 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002.12.31 14:00:00 | 000,308,736 | ---- | C] () -- C:\WINDOWS\System32\WGET.EXE [2002.12.31 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002.12.31 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2002.12.31 14:00:00 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\CSCZIP.DLL [2002.12.31 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002.12.31 14:00:00 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\CSCZIP.EXE [2002.12.31 14:00:00 | 000,085,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2002.12.31 14:00:00 | 000,071,820 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002.12.31 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002.12.31 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2002.12.31 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002.12.31 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2002.12.31 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002.12.31 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002.12.31 14:00:00 | 000,001,257 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2002.12.31 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1998.10.11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2008.11.02 21:27:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Activision [2007.02.26 21:18:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOLT SEEK DEAD GREY [2010.10.30 16:46:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2007.10.10 21:20:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS [2008.02.17 23:14:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OrbNetworks [2009.11.22 21:10:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files [2010.02.02 01:13:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM [2008.05.05 17:33:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2008.05.06 14:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.12.14 18:38:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2008.03.28 01:05:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\1190071992=0 [2008.11.02 21:27:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Activision [2006.11.26 18:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\AmenTick [2009.01.14 00:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Azureus [2008.10.17 14:53:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Download Master [2011.04.12 19:59:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.01.22 16:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\FOG Downloader [2011.03.28 23:05:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\ICQ [2007.03.07 14:32:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\ICQ Toolbar [2006.08.13 17:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\ICQLite [2008.11.08 20:48:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Leadertech [2008.08.16 13:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien [2006.07.06 13:04:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\MSNInstaller [2008.03.04 22:35:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\ppstream [2008.12.16 02:01:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Teeworlds [2008.03.25 23:47:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\THIRDBIN [2010.02.21 21:21:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\TS3Client [2008.05.06 14:24:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\TuneUp Software [2010.12.14 18:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Vodafone [2010.12.15 22:18:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Vodafone Mobile Connect [2008.10.17 14:53:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Yandex [2011.04.30 00:00:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3866B2EB < End of report > bitte bitte helft mir  warum schreibt denn keiner waas dazu??? |
|
05.05.2011, 19:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Kazy.mekml.1 ? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
05.05.2011, 20:17
| #3 |
| | TR/Kazy.mekml.1 ? Malwarebytes' Anti-Malware 1.50.1.1100
__________________www.malwarebytes.org Datenbank Version: 6474 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 29.04.2011 23:51:48 mbam-log-2011-04-29 (23-51-48).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 302556 Laufzeit: 1 Stunde(n), 13 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programme\daemon tools\setupdtsb.exe (Adware.WhenU) -> Quarantined and deleted successfully. c:\programme\Gamers.IRC\bin\dll\nhtmln_2.95.dll (Trojan.Agent) -> Quarantined and deleted successfully. c:\programme\gemeinsame dateien\1190071992=0\strpmon.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully. c:\system volume information\_restore{bb36cb04-f538-4b94-8c92-7574e1c5bdc4}\RP418\A0083986.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\system32\hmswpiex\1.exe (Trojan.Dropper) -> Quarantined and deleted successfully. das kam beim vollscan raus, habe nur 2 logs in den logdateien, der erste post, ist halt vom quickscann und der jetztige vom vollscan, wie auch schon zu entnehmen ist |
|
06.05.2011, 08:15
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 ? Die Scans sind schon etwas her. Bitte Malwarebytes updaten und einen neuen Vollscan machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2011, 15:20
| #5 |
| | TR/Kazy.mekml.1 ? so mein scan von vor 5 minuten mittlerweile zeigt er kein viren mehr an warum auch immer  Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6583 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 15.05.2011 16:15:22 mbam-log-2011-05-15 (16-15-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 312518 Laufzeit: 1 Stunde(n), 53 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und nun=???, also wie gehabt kann ich auf meine dateien nicht zugreifen |
|
15.05.2011, 15:35
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 ? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\jkkJyYqq.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.20 15:02:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\Shell\AutoRun\command - "" = H:\.\autorun.exe
O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell - "" = AutoRun
O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\Shell\AutoRun\command - "" = J:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
[2007.02.26 21:18:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOLT SEEK DEAD GREY
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3866B2EB
[2008.10.17 14:53:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Yandex
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> TR/Kazy.mekml.1 ? |
|
15.05.2011, 16:01
| #7 |
| | TR/Kazy.mekml.1 ? ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\jkkJyYqq.dll deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2199651e-0954-11e0-8bea-00138f8a1b86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2199651e-0954-11e0-8bea-00138f8a1b86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2199651e-0954-11e0-8bea-00138f8a1b86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2199651e-0954-11e0-8bea-00138f8a1b86}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b55c996-0951-11e0-8be9-00138f8a1b86}\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a59bbcc0-27f6-11e0-8c0a-00138f8a1b86}\ not found. File H:\.\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e01060ec-0954-11e0-8beb-00138f8a1b86}\ not found. File J:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\setup_vmc_lite.exe /checkApplicationPresence not found. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOLT SEEK DEAD GREY folder moved successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP  FC5A2B2 deleted successfully.ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3866B2EB deleted successfully. C:\Dokumente und Einstellungen\Köhny\Anwendungsdaten\Yandex folder moved successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 05152011_170004 wie du gesgat hast habe ich dieses getan, das ist der ergebnis gruß chrisopher |
|
15.05.2011, 16:33
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 ? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2011, 16:52
| #9 |
| | TR/Kazy.mekml.1 ? alles cool, unhide.exe ausgeführt, dateien auch wieder sichtbar kaspersky gezogen, aber er öffnet das programm irgendwie nicht |
|
15.05.2011, 16:53
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 ? Dann bitte jetzt CF ausführen, den tdsskiller probieren wir danach nochmal. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2011, 17:44
| #11 |
| | TR/Kazy.mekml.1 ? Combofix Logfile: Code:
ATTFilter ComboFix 11-05-14.03 - Köhny 15.05.2011 18:19:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.659 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Köhny\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00FB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00FC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-00FD-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD2B8-FFA4-010C-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {81F60000-FFA4-00EB-0D24-347CA8A3377C}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\admintxt.txt
c:\windows\system32\jaltpntr.ini
c:\windows\system32\qqYyJkkj.ini
c:\windows\system32\qqYyJkkj.ini2
c:\windows\system32\rnaph.dll
c:\windows\system32\sysprep.exe
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_OULTRAF
-------\Legacy_WINDOWS_LOG
-------\Service_oUltraf
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-15 bis 2011-05-15 ))))))))))))))))))))))))))))))
.
.
2011-05-15 15:59 . 2011-05-15 16:00 -------- dc----w- C:\32788R22FWJFW.0.tmp
2011-05-15 15:00 . 2011-05-15 15:00 -------- dc----w- C:\_OTL
2011-05-08 19:28 . 2011-05-08 19:28 85465960 ----a-w- c:\programme\Gemeinsame Dateien\Windows Live\.cache\wlc19C.tmp
2011-04-29 19:49 . 2011-04-29 19:49 -------- d-----w- c:\dokumente und einstellungen\Köhny\Anwendungsdaten\Malwarebytes
2011-04-29 19:49 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-29 19:49 . 2011-04-29 19:49 -------- dc----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-04-29 19:49 . 2011-04-29 19:49 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-04-25 08:21 . 2011-04-25 08:21 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:51 . 2010-06-26 11:42 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2006-06-20 13:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:44 . 2002-12-31 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2002-12-31 12:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 18:56 . 2002-12-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 18:56 . 2002-12-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-17 18:56 . 2002-12-31 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 18:56 . 2002-12-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2002-12-31 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2002-12-31 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2002-12-31 12:00 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2002-12-31 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\programme\Pando Networks\Media Booster\PMB.exe" [2009-11-22 2923192]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
"OlStatusMon"="c:\programme\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-07-26 106496]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
.
c:\dokumente und einstellungen\Rdiger\Startmen\Programme\Autostart\
OpenOffice.org 1.1.4.lnk - c:\programme\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 61440]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Belkin Dienstprogramm fr kabellose Netzwerke.lnk - c:\programme\Belkin\F6D4050\v1\BelkinWCUI.exe [2010-6-26 1077248]
.
c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\
OpenOffice.org 1.1.4.lnk - c:\programme\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 61440]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Administrator^Startmenü^Programme^Autostart^OpenOffice.org 1.1.4.lnk]
path=c:\dokumente und einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 1.1.4.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.4.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Köhny^Startmenü^Programme^Autostart^OpenOffice.org 1.1.4.lnk]
path=c:\dokumente und einstellungen\Köhny\Startmenü\Programme\Autostart\OpenOffice.org 1.1.4.lnk
backup=c:\windows\pss\OpenOffice.org 1.1.4.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Köhny^Startmenü^Programme^Autostart^Xfire.lnk]
path=c:\dokumente und einstellungen\Köhny\Startmenü\Programme\Autostart\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2006-11-12 10:48 157592 ----a-w- c:\programme\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-05-15 14:55 1057328 ----a-w- c:\programme\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\programme\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2007-12-26 12:26 249856 ----a-w- c:\programme\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ----a-w- c:\programme\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-04 23:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-04 23:41 81920 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-12-04 23:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OlStatusMon]
2006-07-26 14:20 106496 ----a-w- c:\programme\Olivetti\ANY_WAY\olDvcStatus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-01-07 20:02 495616 ----a-w- c:\programme\Winamp Remote\bin\OrbTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ----a-w- c:\programme\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-05-15 14:55 1628208 ----a-w- c:\programme\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-22 08:42 90112 ----a-r- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-09-21 14:34 1242448 ----a-w- c:\programme\Valve\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-15 02:23 75520 ----a-w- c:\programme\Java\jre1.5.0_11\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 22:54 37376 ----a-w- c:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 08:56 204288 ----a-w- c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"RichVideo"=2 (0x2)
"olMntrService"=2 (0x2)
"NVSvc"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Warcraft III\\Warcraft III.exe"=
"c:\\Programme\\GameSpy Arcade\\Aphex.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Gamers.IRC\\mirc.exe"=
"c:\\Programme\\HLSW\\hlsw.exe"=
"c:\\Programme\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonUS\\NGM\\NGM.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Valve\\Steam\\Steam.exe"=
"c:\\Programme\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Programme\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\German\\setup.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\koehny\\team fortress 2\\hl2.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\koehny\\counter-strike\\hl.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58207:TCP"= 58207:TCP:Pando Media Booster
"58207:UDP"= 58207:UDP:Pando Media Booster
.
R0 PDDSLHND;PDDSLHND;c:\windows\system32\drivers\PDDSLHND.SYS [06.07.2006 11:54 15187]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18.01.2007 17:05 639224]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [26.06.2010 13:43 136360]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [02.07.2008 12:15 247096]
R3 PDDSLADP;ProDyne DSL Adapter;c:\windows\system32\drivers\PDDSLADP.SYS [06.07.2006 11:54 15571]
R3 tmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCTTomato;c:\windows\system32\drivers\tmnsusbser.sys [21.04.2010 16:40 108160]
R3 tmusbnet;Wireless Data Device driver for usb ethernet adapter;c:\windows\system32\drivers\tmusbnet.sys [20.04.2010 08:07 109568]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [14.10.2010 13:12 136176]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [14.12.2010 18:42 112640]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [14.10.2010 13:12 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [15.12.2010 21:53 102656]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 22:46 28224]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 22:46 27072]
S4 olMntrService;olMntrService;c:\programme\Olivetti\ANY_WAY\olMntrService.exe [24.07.2006 12:02 86016]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-15 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2008\OneClickStarter.exe [2008-09-29 07:58]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-10-14 11:12]
.
2011-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-10-14 11:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://alice.aol.de
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Köhny\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Çàêà÷àòü ÂÑÅ ïðè ïîìîùè Download Master
IE: Çàêà÷àòü ïðè ïîìîùè Download Master
Trusted Zone: alice-dsl.de
TCP: {FA859454-9066-43AF-B0F2-D35A2B76F3F1} = 213.191.92.84,213.191.92.82
FF - ProfilePath - c:\dokumente und einstellungen\Köhny\Anwendungsdaten\Mozilla\Firefox\Profiles\bc46lh50.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DVDVideoSoftTB Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: DVDVideoSoftTB Community Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{93959911-3E86-0BF5-66FB-C0A9FD9E227F} - (no file)
BHO-{B9422987-4FBC-47D0-8A71-C096DD77B16F} - (no file)
BHO-{c6dc57b4-6606-4754-92b7-6972322be124} - (no file)
HKU-Default-Run-swg - c:\programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
Notify-awtsRiii - (no file)
MSConfigStartUp- - c:\windows\system\smss.exe
MSConfigStartUp-1190071992=0 - c:\programme\1190071992=0\SysRep.exe
MSConfigStartUp-84694f55 - c:\windows\system32\rtnptlaj.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-balm list - c:\dokume~1\KHNY~1\ANWEND~1\THIRDBIN\DaleJugs.exe
MSConfigStartUp-BM875a7cc9 - c:\windows\system32\txudpfab.dll
MSConfigStartUp-dead grey balm debug - c:\dokumente und einstellungen\All Users\Anwendungsdaten\BOLT SEEK DEAD GREY\Size Setup.exe
MSConfigStartUp-Google Desktop Search - c:\programme\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ICQ Lite - c:\programme\ICQLite\ICQLite.exe
MSConfigStartUp-ISTray - c:\programme\Spyware Doctor\pctsTray.exe
MSConfigStartUp-LogitechVideoRepair - c:\programme\Logitech\Video\ISStart.exe
MSConfigStartUp-LogitechVideoTray - c:\programme\Logitech\Video\LogiTray.exe
MSConfigStartUp-LVCOMSX - c:\windows\system32\LVCOMSX.EXE
MSConfigStartUp-MSN Messenger - live.messenger.com
MSConfigStartUp-MsnMsgr - ~c:\programme\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-NetPumper - c:\programme\NetPumper\NetPumperIEProxy.exe
MSConfigStartUp-SeekmoOE - c:\programme\Seekmo\bin\10.0.406.0\OEAddOn.exe
MSConfigStartUp-SeekmoSA - c:\programme\Seekmo\bin\10.0.406.0\SeekmoSA.exe
MSConfigStartUp-Skype - c:\programme\Skype\Phone\Skype.exe
MSConfigStartUp-svchost - c:\windows\system32\hmswpiex\svchost.exe
MSConfigStartUp-SweetIM - c:\programme\Macrogaming\SweetIM\SweetIM.exe
MSConfigStartUp-swg - c:\programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-ucookw - c:\progra~1\119007~1\ucookw.exe
MSConfigStartUp-updateMgr - c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Windows Registry Repair Pro - c:\programme\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
AddRemove-bird 4 scr - c:\dokume~1\KHNY~1\ANWEND~1\THIRDBIN\DaleJugs.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-15 18:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(1472)
c:\programme\SweetIM\Messenger\mgAdaptersProxy.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Windows Media Player\WMPNetwk.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-15 18:39:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-05-15 16:39
.
Vor Suchlauf: 6.262.927.360 Bytes frei
Nach Suchlauf: 7.061.848.064 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3B3F1C8BE29A780993A6830F814F4C47
das ist der log von combofix |
|
15.05.2011, 18:23
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 ? Dann jetzt nochmal den TDSS-Killer probieren
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2011, 18:31
| #13 |
| | TR/Kazy.mekml.1 ? 2011/05/15 19:27:05.0625 0768 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/15 19:27:07.0625 0768 ================================================================================ 2011/05/15 19:27:07.0625 0768 SystemInfo: 2011/05/15 19:27:07.0625 0768 2011/05/15 19:27:07.0625 0768 OS Version: 5.1.2600 ServicePack: 3.0 2011/05/15 19:27:07.0625 0768 Product type: Workstation 2011/05/15 19:27:07.0625 0768 ComputerName: CHRISTOPHER 2011/05/15 19:27:07.0625 0768 UserName: Köhny 2011/05/15 19:27:07.0625 0768 Windows directory: C:\WINDOWS 2011/05/15 19:27:07.0625 0768 System windows directory: C:\WINDOWS 2011/05/15 19:27:07.0625 0768 Processor architecture: Intel x86 2011/05/15 19:27:07.0625 0768 Number of processors: 1 2011/05/15 19:27:07.0625 0768 Page size: 0x1000 2011/05/15 19:27:07.0625 0768 Boot type: Normal boot 2011/05/15 19:27:07.0625 0768 ================================================================================ 2011/05/15 19:27:07.0890 0768 Initialize success 2011/05/15 19:28:35.0531 2228 ================================================================================ 2011/05/15 19:28:35.0531 2228 Scan started 2011/05/15 19:28:35.0531 2228 Mode: Manual; 2011/05/15 19:28:35.0531 2228 ================================================================================ 2011/05/15 19:28:37.0906 2228 ACEDRV05 (0a1e97197609f92d2425b67da0bb0a7f) C:\WINDOWS\system32\drivers\ACEDRV05.sys 2011/05/15 19:28:38.0312 2228 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/05/15 19:28:38.0453 2228 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/05/15 19:28:38.0687 2228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/05/15 19:28:38.0875 2228 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/05/15 19:28:39.0046 2228 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys 2011/05/15 19:28:39.0609 2228 ALCXWDM (93f93a8e3e14cbbf1ce9a5af1a70c095) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2011/05/15 19:28:40.0500 2228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/05/15 19:28:40.0640 2228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/05/15 19:28:40.0875 2228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/05/15 19:28:41.0046 2228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/05/15 19:28:41.0187 2228 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys 2011/05/15 19:28:41.0343 2228 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2011/05/15 19:28:41.0531 2228 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2011/05/15 19:28:41.0734 2228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/05/15 19:28:41.0953 2228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/05/15 19:28:42.0171 2228 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/05/15 19:28:42.0406 2228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/05/15 19:28:42.0546 2228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/05/15 19:28:42.0687 2228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/05/15 19:28:43.0453 2228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/05/15 19:28:43.0656 2228 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2011/05/15 19:28:43.0875 2228 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2011/05/15 19:28:44.0062 2228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/05/15 19:28:44.0296 2228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/05/15 19:28:44.0546 2228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/05/15 19:28:44.0781 2228 EIO (59d74c7b787aa3dda0948986403cea55) C:\WINDOWS\system32\drivers\EIO.sys 2011/05/15 19:28:44.0906 2228 ewusbnet (13d0f39d356e70f0a5e80d7771382245) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys 2011/05/15 19:28:45.0093 2228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/05/15 19:28:45.0343 2228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/05/15 19:28:45.0515 2228 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2011/05/15 19:28:45.0687 2228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/05/15 19:28:45.0859 2228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/05/15 19:28:46.0062 2228 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 2011/05/15 19:28:46.0265 2228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/05/15 19:28:46.0437 2228 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/05/15 19:28:46.0640 2228 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2011/05/15 19:28:46.0796 2228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/05/15 19:28:46.0953 2228 hamachi (43ae2f414fbccd7287389e7b908a4745) C:\WINDOWS\system32\DRIVERS\hamachi.sys 2011/05/15 19:28:47.0062 2228 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/05/15 19:28:47.0359 2228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/05/15 19:28:47.0546 2228 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 2011/05/15 19:28:47.0687 2228 hwusbfake (83026e41d9960430491432dbd6af969a) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys 2011/05/15 19:28:48.0015 2228 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/05/15 19:28:48.0234 2228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/05/15 19:28:48.0390 2228 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\WINDOWS\system32\drivers\InCDFs.sys 2011/05/15 19:28:48.0578 2228 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\WINDOWS\system32\drivers\InCDPass.sys 2011/05/15 19:28:48.0718 2228 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\WINDOWS\system32\drivers\InCDrec.sys 2011/05/15 19:28:48.0796 2228 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\WINDOWS\system32\drivers\InCDRm.sys 2011/05/15 19:28:49.0234 2228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/05/15 19:28:49.0406 2228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/05/15 19:28:49.0500 2228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/05/15 19:28:49.0640 2228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/05/15 19:28:49.0796 2228 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 2011/05/15 19:28:49.0953 2228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/05/15 19:28:50.0109 2228 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys 2011/05/15 19:28:50.0312 2228 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/05/15 19:28:50.0500 2228 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/05/15 19:28:50.0671 2228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/05/15 19:28:50.0859 2228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/05/15 19:28:51.0343 2228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/05/15 19:28:51.0515 2228 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2011/05/15 19:28:51.0671 2228 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/05/15 19:28:51.0859 2228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/05/15 19:28:52.0171 2228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/05/15 19:28:52.0375 2228 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/05/15 19:28:52.0593 2228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/05/15 19:28:52.0781 2228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/05/15 19:28:52.0953 2228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/05/15 19:28:53.0156 2228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/05/15 19:28:53.0312 2228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/05/15 19:28:53.0468 2228 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/05/15 19:28:53.0625 2228 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 2011/05/15 19:28:53.0796 2228 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/05/15 19:28:53.0984 2228 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/05/15 19:28:54.0218 2228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/05/15 19:28:54.0375 2228 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/05/15 19:28:54.0484 2228 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/05/15 19:28:54.0609 2228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/05/15 19:28:54.0765 2228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/05/15 19:28:54.0906 2228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/05/15 19:28:55.0000 2228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/05/15 19:28:55.0156 2228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/05/15 19:28:55.0390 2228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/05/15 19:28:55.0546 2228 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys 2011/05/15 19:28:55.0703 2228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/05/15 19:28:55.0890 2228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/05/15 19:28:56.0296 2228 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/05/15 19:28:56.0828 2228 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/05/15 19:28:57.0015 2228 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/05/15 19:28:57.0187 2228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/05/15 19:28:57.0375 2228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/05/15 19:28:57.0562 2228 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/05/15 19:28:57.0734 2228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/05/15 19:28:57.0906 2228 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/05/15 19:28:58.0078 2228 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/05/15 19:28:58.0328 2228 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/05/15 19:28:58.0484 2228 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/05/15 19:28:58.0718 2228 PDDSLADP (ab6f9ee08b82a46f2b4f0ab909f1fad9) C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS 2011/05/15 19:28:58.0875 2228 PDDSLHND (49e3fa74798f192d4a6b299ee0b8e5f3) C:\WINDOWS\system32\drivers\PDDSLHND.sys 2011/05/15 19:28:59.0062 2228 PDNMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\drivers\PDNMp50.sys 2011/05/15 19:28:59.0234 2228 PDNSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\drivers\PDNSp50.sys 2011/05/15 19:29:00.0046 2228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/05/15 19:29:00.0218 2228 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/05/15 19:29:00.0390 2228 prodrv06 (f2e3c8f1eb6ba0733e0a1f6373df7957) C:\WINDOWS\System32\drivers\prodrv06.sys 2011/05/15 19:29:00.0625 2228 prohlp02 (150307b52807d0c493c605ab913038ad) C:\WINDOWS\system32\drivers\prohlp02.sys 2011/05/15 19:29:00.0781 2228 prosync1 (f3471e7971ee62420451d958da635064) C:\WINDOWS\system32\drivers\prosync1.sys 2011/05/15 19:29:00.0953 2228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/05/15 19:29:01.0078 2228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/05/15 19:29:01.0234 2228 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/05/15 19:29:01.0906 2228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/05/15 19:29:02.0109 2228 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 2011/05/15 19:29:02.0296 2228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/05/15 19:29:02.0468 2228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/05/15 19:29:02.0640 2228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/05/15 19:29:02.0812 2228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/05/15 19:29:02.0984 2228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/05/15 19:29:03.0125 2228 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/05/15 19:29:03.0312 2228 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/05/15 19:29:03.0531 2228 rt2870 (65a31e0eeaacc22871fe97c5ac23156c) C:\WINDOWS\system32\DRIVERS\rt2870.sys 2011/05/15 19:29:03.0781 2228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/05/15 19:29:03.0953 2228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/05/15 19:29:04.0078 2228 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/05/15 19:29:04.0296 2228 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys 2011/05/15 19:29:04.0468 2228 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys 2011/05/15 19:29:04.0625 2228 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys 2011/05/15 19:29:04.0796 2228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/05/15 19:29:04.0968 2228 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys 2011/05/15 19:29:05.0203 2228 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/05/15 19:29:05.0500 2228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/05/15 19:29:05.0671 2228 sptd (4e3c4ffcb2c95c2ec1fa04a6f4531533) C:\WINDOWS\system32\Drivers\sptd.sys 2011/05/15 19:29:05.0671 2228 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 4e3c4ffcb2c95c2ec1fa04a6f4531533 2011/05/15 19:29:05.0687 2228 sptd - detected LockedFile.Multi.Generic (1) 2011/05/15 19:29:05.0875 2228 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/05/15 19:29:06.0078 2228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/05/15 19:29:06.0281 2228 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2011/05/15 19:29:06.0421 2228 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/05/15 19:29:06.0578 2228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/05/15 19:29:06.0718 2228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/05/15 19:29:07.0343 2228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/05/15 19:29:07.0515 2228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/05/15 19:29:07.0703 2228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/05/15 19:29:07.0859 2228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/05/15 19:29:08.0015 2228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/05/15 19:29:08.0218 2228 tmnsusbser (744ade3286c0f11ea2b034236f6e3868) C:\WINDOWS\system32\DRIVERS\tmnsusbser.sys 2011/05/15 19:29:08.0390 2228 tmusbnet (d17bfc64a6eead338bab3271af296c6d) C:\WINDOWS\system32\DRIVERS\tmusbnet.sys 2011/05/15 19:29:08.0671 2228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/05/15 19:29:08.0906 2228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/05/15 19:29:09.0109 2228 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/05/15 19:29:09.0281 2228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/05/15 19:29:09.0437 2228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/05/15 19:29:09.0656 2228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/05/15 19:29:09.0828 2228 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/05/15 19:29:10.0000 2228 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/05/15 19:29:10.0171 2228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/05/15 19:29:10.0328 2228 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/05/15 19:29:10.0531 2228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/05/15 19:29:10.0781 2228 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/05/15 19:29:10.0953 2228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/05/15 19:29:11.0203 2228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/05/15 19:29:11.0453 2228 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2011/05/15 19:29:11.0625 2228 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/05/15 19:29:11.0828 2228 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/05/15 19:29:12.0015 2228 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/05/15 19:29:12.0171 2228 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/05/15 19:29:12.0406 2228 ================================================================================ 2011/05/15 19:29:12.0406 2228 Scan finished 2011/05/15 19:29:12.0406 2228 ================================================================================ 2011/05/15 19:29:12.0421 1344 Detected object count: 1 2011/05/15 19:30:31.0125 1344 LockedFile.Multi.Generic(sptd) - User select action: Skip das der report von kaspersky |
|
15.05.2011, 19:19
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekml.1 ? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2011, 19:55
| #15 |
| | TR/Kazy.mekml.1 ? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-15 20:54:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BB-00JHC0 rev.05.01C05
Running: khrbr443.exe; Driver: C:\DOKUME~1\KHNY~1\LOKALE~1\Temp\kgryraod.sys
---- System - GMER 1.0.15 ----
SSDT F7BE36E6 ZwCreateKey
SSDT F7BE36DC ZwCreateThread
SSDT F7BE36EB ZwDeleteKey
SSDT F7BE36F5 ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xF72F984E]
SSDT sptd.sys ZwEnumerateValueKey [0xF72F9BEE]
SSDT F7BE36FA ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xF72F4090]
SSDT F7BE36C8 ZwOpenProcess
SSDT F7BE36CD ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF72F9CC6]
SSDT sptd.sys ZwQueryValueKey [0xF72F9B46]
SSDT F7BE3704 ZwReplaceKey
SSDT F7BE36FF ZwRestoreKey
SSDT F7BE36F0 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6247380, 0x346307, 0xE8000020]
.text USBPORT.SYS!DllUnload F62138AC 5 Bytes JMP 86CF61B8
? System32\Drivers\aag979c8.SYS Das System kann den angegebenen Pfad nicht finden. !
.text C:\WINDOWS\system32\drivers\ACEDRV05.sys section is writeable [0xBA715000, 0x30A4A, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xBA757000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV05.sys unknown last section [0xBA772000, 0x8E, 0x42000040]
? C:\ComboFix\catchme.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Pando Networks\Media Booster\PMB.exe[2928] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72F4ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72F4C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72F4B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72F572E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72F5604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7307A9A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRequest] [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRequest] [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRequest] [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRequest] [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRequest] [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRequest] [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRequest] [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F78E04FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F78E052C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRequest] [F78E054E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F78E020E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F78E0256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86F631D8
AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
Device \Driver\usbohci \Device\USBPDO-0 86CF51D8
Device \Driver\usbehci \Device\USBPDO-1 86CE91D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D5350F5B-9D0B-4755-8BEB-CC73C7CCD96D} 860FF980
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\prodrv06 \Device\ProDrv06 E1C7D828
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD21D8
Device \Driver\Cdrom \Device\CdRom0 86CFA1D8
Device \Driver\atapi \Device\Ide\IdePort0 [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 [F726DB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom1 86CFA1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FA859454-9066-43AF-B0F2-D35A2B76F3F1} 860FF980
Device \Driver\Cdrom \Device\CdRom2 86CFA1D8
Device \Driver\Cdrom \Device\CdRom3 86CFA1D8
Device \Driver\prohlp02 \Device\ProHlp02 E1777740
Device \Driver\NetBT \Device\NetBt_Wins_Export 860FF980
Device \Driver\NetBT \Device\NetbiosSmb 860FF980
Device \Driver\00000043 \Device\0000005b sptd.sys
Device \Driver\usbohci \Device\USBFDO-0 86CF51D8
Device \Driver\usbehci \Device\USBFDO-1 86CE91D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 860C71D8
Device 860C71D8
Device \Driver\Ftdisk \Device\FtControl 86FD21D8
Device \Driver\aag979c8 \Device\Scsi\aag979c81 86C16808
Device \Driver\aag979c8 \Device\Scsi\aag979c81Port4Path0Target1Lun0 86C16808
Device \Driver\aag979c8 \Device\Scsi\aag979c81Port4Path0Target0Lun0 86C16808
Device * Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 86D843F0
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -698154437
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1117098950
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0xE8 0xEA 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD0 0x3F 0xD5 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8F 0x72 0xC8 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0xE8 0xEA 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD0 0x3F 0xD5 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8F 0x72 0xC8 0xD5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0xE8 0xEA 0xC5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD0 0x3F 0xD5 0x34 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8F 0x72 0xC8 0xD5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0xE8 0xEA 0xC5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD0 0x3F 0xD5 0x34 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x8F 0x72 0xC8 0xD5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xE8 0x0A 0x14 0xF8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xE8 0x0A 0x14 0xF8 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:51:38 on 15.05.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.5.19 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "1-Klick-Wartung.job" - ? - C:\Programme\TuneUp Utilities 2008\OneClickStarter.exe (File found, but it contains no detailed information) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "alsndmgr.cpl" - ? - C:\WINDOWS\system32\alsndmgr.cpl (File signed by Microsoft | File found, but it contains no detailed information) "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl (File not found) "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aag979c8" (aag979c8) - ? - C:\WINDOWS\system32\drivers\aag979c8.sys (Hidden registry entry, rootkit activity | File not found) "ACEDRV05" (ACEDRV05) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV05.sys "ACEDRV07" (ACEDRV07) - ? - C:\WINDOWS\system32\drivers\ACEDRV07.sys (File not found) "AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\AegisP.sys "avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys (File not found) "EIO" (EIO) - "ASUSTeK Computer Inc." - C:\WINDOWS\system32\drivers\EIO.sys "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys "Hamachi Network Interface" (hamachi) - "Applied Networking Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "InCD File System" (InCDfs) - "Nero AG" - C:\WINDOWS\System32\drivers\InCDFs.sys "InCD Reader" (incdrm) - "Nero AG" - C:\WINDOWS\System32\drivers\InCDRm.sys "InCDPass" (InCDPass) - "Nero AG" - C:\WINDOWS\System32\drivers\InCDPass.sys "InCDrec" (InCDrec) - "Nero AG" - C:\WINDOWS\system32\drivers\InCDrec.sys "kgryraod" (kgryraod) - ? - C:\DOKUME~1\KHNY~1\LOKALE~1\Temp\kgryraod.sys (Hidden registry entry, rootkit activity | File not found) "Labtec WebCam(PID_08A0)" (PID_08A0) - ? - C:\WINDOWS\System32\DRIVERS\LV302AV.SYS (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Logitech USB Monitor Filter" (LVUSBSta) - ? - C:\WINDOWS\System32\drivers\lvusbsta.sys (File not found) "mbr" (mbr) - ? - C:\DOKUME~1\KHNY~1\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npptNT2.sys "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDDSLHND" (PDDSLHND) - "ProDyne" - C:\WINDOWS\system32\drivers\PDDSLHND.sys "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\drivers\PDNMp50.sys "PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\drivers\PDNSp50.sys "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "ProDyne DSL Adapter" (PDDSLADP) - "ProDyne" - C:\WINDOWS\System32\DRIVERS\PDDSLADP.SYS "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfdrv01.sys "StarForce Protection Environment Driver v6" (prodrv06) - "Protection Technology" - C:\WINDOWS\System32\drivers\prodrv06.sys "StarForce Protection Helper Driver" (sfhlp01) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfhlp02.sys "StarForce Protection Helper Driver v2" (prohlp02) - "Protection Technology" - C:\WINDOWS\System32\drivers\prohlp02.sys "StarForce Protection Synchronization Driver v1" (prosync1) - "Protection Technology" - C:\WINDOWS\System32\drivers\prosync1.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\WINDOWS\System32\drivers\sfvfs02.sys "Volume Adapter" (pepifilter) - ? - C:\WINDOWS\System32\DRIVERS\lv302af.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found) {CAE3251E-9B15-4810-B268-852AD9792A59} "InCDShellExt Class" - "Nero AG" - C:\Programme\Nero\Nero 7\InCD\InCDshx.dll {B3D9AEDE-B2C3-406d-A254-6BE07767B08B} "InCDUdfPerm Class" - "Nero AG" - C:\Programme\Nero\Nero 7\InCD\InCDUP.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice Property Sheet Handler" - ? - C:\Programme\OpenOffice.org1.1.4\program\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "SweetIM For Internet Explorer" - ? - (File not found | COM-object registry key not found) <binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll <binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - ? - (File not found | COM-object registry key not found) <binary data> "{0E1230F8-EA50-42A9-983C-D22ABC2EED3C}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} "SweetIM For Internet Explorer" - ? - (File not found | COM-object registry key not found) {EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {00B71CFB-6864-4346-A978-C0A14556272C} "Checkers Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} "InstallerBehaviorFactory Class" - "Microsoft Corp." - C:\WINDOWS\Downloaded Program Files\MsnInstC.dll / https://signup.msn.com/pages/MsnInstC.cab {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.5.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_07\bin\npjpi150_07.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "Java Plug-in 1.5.0_10" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab {4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://gamenextde.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe (File not found) "ICQ7.2" - "ICQ, LLC." - C:\Programme\ICQ7.2\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll "PartyPoker.com" - ? - C:\Programme\PartyGaming\PartyPoker\RunApp.exe (File not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Programme\ICQ6Toolbar\ICQToolBar.dll <binary data> "SweetIM For Internet Explorer" - ? - (File not found | COM-object registry key not found) <binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll {EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} "{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}" - ? - (File not found | COM-object registry key not found) {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "Belkin Dienstprogramm für kabellose Netzwerke.lnk" - "Belkin International, Inc." - C:\Programme\Belkin\F6D4050\v1\Belkinwcui.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Köhny\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Pando Media Booster" - ? - C:\Programme\Pando Networks\Media Booster\PMB.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "OlStatusMon" - "Olivetti" - "C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize "SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "ICQ Service" (ICQ Service) - ? - C:\Programme\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des "TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll "TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\WINDOWS\System32\TuneUpDefragService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000007d Kernel Drivers (total 139): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D1000 \WINDOWS\system32\hal.dll 0xF79CB000 \WINDOWS\system32\KDCOM.DLL 0xF78DB000 \WINDOWS\system32\BOOTVID.dll 0xF72F3000 sptd.sys 0xF79CD000 \WINDOWS\System32\Drivers\WMILIB.SYS 0xF72DB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xF72AC000 ACPI.sys 0xF729B000 pci.sys 0xF74CB000 isapnp.sys 0xF7A93000 pciide.sys 0xF774B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF74DB000 MountMgr.sys 0xF727C000 ftdisk.sys 0xF7753000 PartMgr.sys 0xF74EB000 VolSnap.sys 0xF7264000 atapi.sys 0xF74FB000 disk.sys 0xF750B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF7244000 fltmgr.sys 0xF7232000 sr.sys 0xF751B000 PxHelp20.sys 0xF721B000 KSecDD.sys 0xF7208000 WudfPf.sys 0xF717B000 Ntfs.sys 0xF714E000 NDIS.sys 0xF713B000 sfvfs02.sys 0xF775B000 sfhlp02.sys 0xF79CF000 sfhlp01.sys 0xF7129000 sfdrv01.sys 0xF79D1000 prosync1.sys 0xF710D000 prohlp02.sys 0xF70F3000 Mup.sys 0xF78DF000 PDDSLHND.sys 0xF6247000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xF6233000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF7853000 \SystemRoot\system32\DRIVERS\fdc.sys 0xF621F000 \SystemRoot\system32\DRIVERS\parport.sys 0xF70CB000 \SystemRoot\system32\DRIVERS\gameenum.sys 0xF757B000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xF785B000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF7863000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF758B000 \SystemRoot\system32\DRIVERS\serial.sys 0xF70C7000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF786B000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xF61FB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7873000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF759B000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF75AB000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF61D8000 \SystemRoot\system32\DRIVERS\ks.sys 0xF787B000 \SystemRoot\system32\drivers\InCDPass.sys 0xF75BB000 \SystemRoot\system32\drivers\InCDRm.sys 0xF75CB000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF5E49000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xF5E0A000 \SystemRoot\system32\drivers\portcls.sys 0xF75DB000 \SystemRoot\system32\drivers\drmk.sys 0xF70B3000 \SystemRoot\system32\DRIVERS\nvnetbus.sys 0xF5DC0000 \SystemRoot\system32\DRIVERS\NVNRM.SYS 0xF5D89000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS 0xF5D3F000 \SystemRoot\System32\Drivers\aag979c8.SYS 0xF75EB000 \SystemRoot\system32\DRIVERS\processr.sys 0xF7BF7000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF78CB000 \SystemRoot\system32\DRIVERS\rasirda.sys 0xF78D3000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF75FB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF7087000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF5D28000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF760B000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF761B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF5D17000 \SystemRoot\system32\DRIVERS\psched.sys 0xF762B000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF778B000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF7793000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF798F000 \SystemRoot\system32\DRIVERS\PDDSLADP.SYS 0xF763B000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF7A07000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF5CB9000 \SystemRoot\system32\DRIVERS\update.sys 0xF7993000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF765B000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF766B000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7A0B000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF6A66000 \SystemRoot\system32\DRIVERS\NVENETFD.sys 0xF77A3000 \SystemRoot\system32\DRIVERS\flpydisk.sys 0xF7A0F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7B33000 \SystemRoot\System32\Drivers\Null.SYS 0xF7A11000 \SystemRoot\System32\Drivers\Beep.SYS 0xF77B3000 \SystemRoot\System32\drivers\vga.sys 0xF7A13000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7A15000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF695F000 \SystemRoot\System32\Drivers\InCDrec.SYS 0xF3B44000 \SystemRoot\system32\drivers\InCDFs.sys 0xF77BB000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF77C3000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF79AF000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xF3B09000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xF3AB0000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xF3A88000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF3A66000 \SystemRoot\System32\drivers\afd.sys 0xF6A46000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF77CB000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xF3A3B000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xF3A27000 \SystemRoot\System32\drivers\prodrv06.sys 0xF39B7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xF6A36000 \SystemRoot\System32\Drivers\Fips.SYS 0xF3991000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xF6A26000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF396B000 \SystemRoot\system32\DRIVERS\avipbb.sys 0xF77DB000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0xF7A1F000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys 0xF394C000 \SystemRoot\system32\DRIVERS\tmusbnet.sys 0xF3931000 \SystemRoot\system32\DRIVERS\tmnsusbser.sys 0xF6A06000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF38F1000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF7A23000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xF799F000 \SystemRoot\System32\drivers\Dxapi.sys 0xF77E3000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF7AC8000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBF594000 \SystemRoot\System32\ATMFD.DLL 0xBA773000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xBA714000 \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys 0xF77F3000 \SystemRoot\system32\DRIVERS\AegisP.sys 0xF35D8000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys 0xBA5BE000 \SystemRoot\system32\DRIVERS\irda.sys 0xBA6FC000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xBA3B1000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF7A8D000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xBA4B6000 \??\C:\WINDOWS\system32\drivers\EIO.sys 0xBA2F8000 \SystemRoot\System32\Drivers\HTTP.sys 0xF35C8000 \SystemRoot\system32\DRIVERS\secdrv.sys 0xBA188000 \SystemRoot\system32\DRIVERS\srv.sys 0xB9E03000 \SystemRoot\system32\drivers\wdmaud.sys 0xBA6B4000 \SystemRoot\system32\drivers\sysaudio.sys 0xF78BB000 \??\C:\ComboFix\catchme.sys 0xF79D5000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xB8E4F000 \??\C:\DOKUME~1\KHNY~1\LOKALE~1\Temp\kgryraod.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 39): 0 System Idle Process 4 System 868 C:\WINDOWS\system32\smss.exe 944 csrss.exe 968 C:\WINDOWS\system32\winlogon.exe 1012 C:\WINDOWS\system32\services.exe 1024 C:\WINDOWS\system32\lsass.exe 1192 C:\WINDOWS\system32\svchost.exe 1252 svchost.exe 1396 C:\WINDOWS\system32\svchost.exe 1440 C:\WINDOWS\system32\svchost.exe 1592 svchost.exe 1732 svchost.exe 1916 C:\WINDOWS\system32\spoolsv.exe 1964 C:\Programme\Avira\AntiVir Desktop\sched.exe 2016 svchost.exe 216 C:\Programme\Avira\AntiVir Desktop\avguard.exe 312 C:\WINDOWS\system32\svchost.exe 348 C:\Programme\ICQ6Toolbar\ICQ Service.exe 628 C:\WINDOWS\system32\svchost.exe 724 C:\Programme\Avira\AntiVir Desktop\avshadow.exe 308 wmpnetwk.exe 2288 alg.exe 2420 C:\WINDOWS\system32\rundll32.exe 2456 C:\Programme\Olivetti\ANY_WAY\olDvcStatus.exe 2544 C:\Programme\SweetIM\Messenger\SweetIM.exe 2864 C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe 2912 C:\Programme\Avira\AntiVir Desktop\avgnt.exe 2928 C:\Programme\Pando Networks\Media Booster\PMB.exe 3112 C:\Programme\Windows Media Player\wmpnscfg.exe 3364 C:\Programme\Belkin\F6D4050\v1\Belkinwcui.exe 2940 C:\WINDOWS\system32\wuauclt.exe 1472 C:\WINDOWS\explorer.exe 2604 C:\WINDOWS\system32\ctfmon.exe 2704 C:\Dokumente und Einstellungen\Köhny\Eigene Dateien\Downloads\khrbr443.exe 1372 C:\Programme\Mozilla Firefox\firefox.exe 3540 C:\Programme\WinRAR\WinRAR.exe 4028 C:\DOKUME~1\KHNY~1\LOKALE~1\temp\Rar$EX04.156\osam.exe 3608 C:\Dokumente und Einstellungen\Köhny\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: WDCWD800BB-00JHC0, Rev: 05.01C05 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done! so alles wie gehabt wie erwünscht  |
|
Linear-Darstellung
