| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\ProgrammeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.05.2011, 19:04
| #16 |
 |  Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 17.05.2011 19:44:48 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Koi\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 30,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 50,00 Gb Total Space | 30,35 Gb Free Space | 60,70% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 16,24 Gb Free Space | 81,17% Space Free | Partition Type: NTFS Drive E: | 6,69 Gb Total Space | 5,73 Gb Free Space | 85,72% Space Free | Partition Type: NTFS Drive F: | 15,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 7,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: KOISHI | User Name: Koi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.17 19:42:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Koi\Desktop\OTL.exe PRC - [2011.05.01 13:06:24 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.01.07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe PRC - [2011.01.07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe PRC - [2011.01.07 02:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe PRC - [2011.01.06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011.01.06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2010.12.05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe PRC - [2010.12.05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe PRC - [2010.10.22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe PRC - [2010.10.22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgcsrvx.exe PRC - [2009.12.15 18:39:02 | 000,536,576 | ---- | M] () -- C:\Programme\Mobile Partner\Mobile Partner.exe PRC - [2009.08.19 11:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.08.19 11:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2005.06.20 22:42:20 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2005.04.29 19:22:02 | 000,266,240 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe PRC - [2005.04.29 19:21:06 | 000,139,264 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe PRC - [2005.04.29 19:18:24 | 000,131,136 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe PRC - [2005.04.29 19:18:08 | 000,057,412 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe PRC - [2004.11.30 12:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe ========== Modules (SafeList) ========== MOD - [2011.05.17 19:42:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Koi\Desktop\OTL.exe MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011.03.18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011.01.06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010.10.22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2006.03.03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2005.04.29 19:21:06 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2005.04.29 19:18:24 | 000,131,136 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp) SRV - [2005.04.29 19:18:08 | 000,057,412 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog) SRV - [2004.11.30 12:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface) ========== Driver Services (SafeList) ========== DRV - [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010.12.08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010.11.12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2010.09.13 17:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2010.09.07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2010.09.07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2010.08.19 22:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2010.08.19 22:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2010.08.19 22:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2009.12.08 21:19:12 | 000,114,432 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.12.07 20:53:12 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.12 16:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2005.06.20 23:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2005.05.17 18:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005.04.06 04:22:30 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005.04.06 04:22:28 | 000,033,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005.04.06 04:22:20 | 000,100,096 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NVTCP.SYS -- (NVTCP) DRV - [2004.08.19 08:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.lycos.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100805 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG10\Firefox\ [2011.01.09 13:49:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programme\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.05.16 08:42:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.03.30 10:03:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.01 13:06:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.01 13:06:42 | 000,000,000 | ---D | M] [2010.01.01 21:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Mozilla\Extensions [2011.05.17 19:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Mozilla\Firefox\Profiles\siegrsk2.default\extensions [2010.09.21 10:23:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Mozilla\Firefox\Profiles\siegrsk2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.10 13:55:45 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Mozilla\Firefox\Profiles\siegrsk2.default\extensions\nasanightlaunch@example.com [2011.05.16 18:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.09 13:49:39 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX [2011.03.30 10:03:43 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAMME\AVG\AVG10\FIREFOX4 [2011.05.16 08:42:18 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="hxxp://www.avg.com" >) -- C:\PROGRAMME\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED [2010.01.02 21:36:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.11.05 16:14:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.11.05 16:14:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.11.05 16:14:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.11.05 16:14:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.11.05 16:14:03 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [nTrayFw] C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Koi\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.23.97.3 212.23.97.2 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Koi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Koi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.01 16:38:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.09.19 03:12:34 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{37792a50-e531-11df-8d5d-0013d4c23089}\Shell - "" = AutoRun O33 - MountPoints2\{37792a50-e531-11df-8d5d-0013d4c23089}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{37792a50-e531-11df-8d5d-0013d4c23089}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{37792a54-e531-11df-8d5d-0013d4c23089}\Shell - "" = AutoRun O33 - MountPoints2\{37792a54-e531-11df-8d5d-0013d4c23089}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{37792a54-e531-11df-8d5d-0013d4c23089}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\Shell - "" = AutoRun O33 - MountPoints2\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{86fd968e-f6e3-11de-bd62-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{86fd968e-f6e3-11de-bd62-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{86fd968e-f6e3-11de-bd62-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error. SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183584330711040) ========== Files/Folders - Created Within 30 Days ========== [2011.05.17 19:41:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Koi\Desktop\OTL.exe [2011.05.17 00:22:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Malwarebytes [2011.05.17 00:21:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.05.17 00:21:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.05.17 00:21:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.05.17 00:20:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.05.17 00:20:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.15 20:32:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\vlc [2011.05.15 20:31:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2011.05.15 20:30:09 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2011.05.01 22:16:24 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Koi\Eigene Dateien\Eigene Videos [2011.05.01 22:15:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage [2011.04.29 15:39:29 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Connect 2 [2011.04.29 15:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2011.04.29 15:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2010.11.27 22:00:17 | 021,692,416 | ---- | C] (Electronic Arts Inc.) -- C:\Programme\SimsPS.exe [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.17 19:42:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Koi\Desktop\OTL.exe [2011.05.17 14:32:20 | 115,220,127 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011.05.17 02:19:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2011.05.17 02:19:10 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011.05.17 02:18:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.17 02:18:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.16 15:48:52 | 000,005,996 | ---- | M] () -- C:\Dokumente und Einstellungen\Koi\Desktop\Scan.csv [2011.05.01 01:59:01 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.04.30 16:41:30 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2011.04.30 16:41:30 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2011.04.29 15:37:18 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2011.04.29 15:35:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.16 15:48:52 | 000,005,996 | ---- | C] () -- C:\Dokumente und Einstellungen\Koi\Desktop\Scan.csv [2011.04.29 15:35:11 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2011.04.14 15:29:50 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini [2010.11.01 21:25:37 | 000,121,183 | ---- | C] () -- C:\WINDOWS\hpoins11.dat [2010.11.01 21:25:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2010.11.01 21:24:55 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat [2010.07.02 11:50:51 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Koi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.01 21:46:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.01.01 21:44:03 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2010.01.01 21:43:55 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2010.01.01 21:43:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010.01.01 21:38:46 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010.01.01 16:41:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.01.01 16:35:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.01.01 16:24:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.01.01 16:22:58 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.02.28 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.02.28 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.02.28 14:00:00 | 000,316,594 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.02.28 14:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.02.28 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.02.28 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.02.28 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.02.28 14:00:00 | 000,048,156 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.02.28 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.02.28 14:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.02.28 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.02.28 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.02.28 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.02.28 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.02.28 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.02.28 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2011.04.26 13:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar [2010.11.11 18:01:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10 [2010.11.11 18:00:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2011.05.17 15:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2010.07.13 00:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.11.11 18:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\AVG10 [2010.01.02 21:40:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\OpenOffice.org [2010.07.11 21:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\YoudaGames [2011.05.17 02:19:15 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.02 19:47:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Adobe [2010.11.11 18:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\AVG10 [2010.01.01 18:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Identities [2010.01.02 16:52:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Macromedia [2011.05.17 00:22:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Malwarebytes [2010.12.06 03:41:28 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Microsoft [2010.01.01 21:47:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Mozilla [2010.01.02 21:40:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\OpenOffice.org [2010.08.24 17:26:26 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\SecuROM [2010.01.02 21:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Sun [2011.05.15 20:33:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\vlc [2010.11.27 22:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\WinRAR [2010.07.11 21:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\YoudaGames < %APPDATA%\*.exe /s > [2010.12.06 03:41:28 | 000,094,208 | R--- | M] () -- C:\Dokumente und Einstellungen\Koi\Anwendungsdaten\Microsoft\Installer\{E7394A0F-3F80-45B1-87FC-ABCD51893246}\python_icon.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.08.31 11:22:35 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.08.31 11:22:35 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.08.31 11:22:35 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.08.31 11:22:35 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2006.02.28 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006.02.28 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006.02.28 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll < MD5 for: NVATA.SYS > [2005.05.17 18:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvata.sys < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006.02.28 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2006.02.28 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006.02.28 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006.02.28 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2010.01.01 17:21:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.01.01 17:21:58 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.01.01 17:21:58 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < > ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0908F1AC < End of report > |
|
17.05.2011, 19:08
| #17 |
| | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 17.05.2011 19:44:48 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Koi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 30,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 50,00 Gb Total Space | 30,35 Gb Free Space | 60,70% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 16,24 Gb Free Space | 81,17% Space Free | Partition Type: NTFS
Drive E: | 6,69 Gb Total Space | 5,73 Gb Free Space | 85,72% Space Free | Partition Type: NTFS
Drive F: | 15,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 7,08 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: KOISHI | User Name: Koi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgdiagex.exe" = C:\Programme\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnose 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgnsx.exe" = C:\Programme\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgemcx.exe" = C:\Programme\AVG\AVG10\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A10DA03B-9048-48B4-00A2-A71153C3F886}" = Die Sims™ Tiergeschichten
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{E7394A0F-3F80-45B1-87FC-ABCD51893246}" = Python 2.6.4
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"Bauernhof" = Bauernhof
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SciDAVis" = SciDAVis 0.2.4
"VLC media player" = VLC media player 1.1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.03.2011 04:14:33 | Computer Name = KOISHI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Mobile Partner.exe, Version 1.0.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 28.03.2011 15:55:53 | Computer Name = KOISHI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Mobile Partner.exe, Version 1.0.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29.03.2011 16:06:42 | Computer Name = KOISHI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Mobile Partner.exe, Version 1.0.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 06.04.2011 15:50:36 | Computer Name = KOISHI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Mobile Partner.exe, Version 1.0.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.04.2011 13:03:51 | Computer Name = KOISHI | Source = ESENT | ID = 490
Description = svchost (1532) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 18.04.2011 13:03:51 | Computer Name = KOISHI | Source = ESENT | ID = 439
Description = Catalog Database (1532) Die Shadowkopfzeile für Datei C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
konnte nicht geschrieben werden. Fehler -1032.
Error - 18.04.2011 13:03:51 | Computer Name = KOISHI | Source = ESENT | ID = 473
Description = Catalog Database (1532) Datenbank C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
wurde teilweise getrennt. Fehler -1032 beim Aktualisieren der Datenbankkopfzeilen.
Error - 18.04.2011 13:59:25 | Computer Name = KOISHI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mmc.exe, Version 5.2.3790.4136, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29.04.2011 09:35:46 | Computer Name = KOISHI | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 30.04.2011 10:49:03 | Computer Name = KOISHI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung avgui.exe, Version 10.0.0.1208, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 28.04.2011 09:54:12 | Computer Name = KOISHI | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.154.87.143 für die Netzwerkkarte mit der Netzwerkadresse
001E101FDB2E wurde durch den DHCP-Server 10.164.113.185 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 29.04.2011 07:59:30 | Computer Name = KOISHI | Source = DCOM | ID = 10010
Description = Der Server "{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 08.05.2011 09:43:04 | Computer Name = KOISHI | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.138.79.121 für die Netzwerkkarte mit der Netzwerkadresse
001E101FD271 wurde durch den DHCP-Server 10.141.141.126 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 15.05.2011 16:56:48 | Computer Name = KOISHI | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.142.66.73 für die Netzwerkkarte mit der Netzwerkadresse
001E101FC547 wurde durch den DHCP-Server 10.181.116.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 16.05.2011 11:37:18 | Computer Name = KOISHI | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 16.05.2011 11:37:49 | Computer Name = KOISHI | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 16.05.2011 16:50:23 | Computer Name = KOISHI | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.182.28.1 für die Netzwerkkarte mit der Netzwerkadresse
001E101FF5B1 wurde durch den DHCP-Server 10.146.174.170 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 16.05.2011 20:19:34 | Computer Name = KOISHI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
atapi PCIIde
Error - 16.05.2011 20:26:12 | Computer Name = KOISHI | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.146.174.169 für die Netzwerkkarte mit der Netzwerkadresse
001E101FE9C7 wurde durch den DHCP-Server 10.148.232.122 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 17.05.2011 02:38:27 | Computer Name = KOISHI | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.148.232.121 für die Netzwerkkarte mit der Netzwerkadresse
001E101FE9C7 wurde durch den DHCP-Server 10.171.101.65 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
< End of report >
|
|
17.05.2011, 19:35
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.01 16:38:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.09.19 03:12:34 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{37792a50-e531-11df-8d5d-0013d4c23089}\Shell - "" = AutoRun
O33 - MountPoints2\{37792a50-e531-11df-8d5d-0013d4c23089}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{37792a50-e531-11df-8d5d-0013d4c23089}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{37792a54-e531-11df-8d5d-0013d4c23089}\Shell - "" = AutoRun
O33 - MountPoints2\{37792a54-e531-11df-8d5d-0013d4c23089}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{37792a54-e531-11df-8d5d-0013d4c23089}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\Shell - "" = AutoRun
O33 - MountPoints2\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 04:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{86fd968e-f6e3-11de-bd62-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{86fd968e-f6e3-11de-bd62-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86fd968e-f6e3-11de-bd62-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe
@Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0908F1AC
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
17.05.2011, 19:51
| #19 |
| | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme Okay, ich versuch mein Glück! Die FW lass ich oben, hoffe, das ist so richtig. Kannst du mir den näheres sagen? Also was der Trojaner schon angrichtet hat? Für mich war das einzig Interessante im xtr.txt zu finden. Die ganzen Fehlermeldungen... |
|
17.05.2011, 20:11
| #20 |
| | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme So, hab alles brav erledigt. Ja, ich habe OK geklickt und der Rechner wurd neugestartet. Hoffe, dass war richtig so. Hier das Ergebnis: ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\AUTOEXEC.BAT moved successfully. File move failed. F:\AutoRun.exe scheduled to be moved on reboot. File move failed. F:\AUTORUN.INF scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37792a50-e531-11df-8d5d-0013d4c23089}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37792a50-e531-11df-8d5d-0013d4c23089}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37792a50-e531-11df-8d5d-0013d4c23089}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37792a50-e531-11df-8d5d-0013d4c23089}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37792a50-e531-11df-8d5d-0013d4c23089}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37792a50-e531-11df-8d5d-0013d4c23089}\ not found. File move failed. F:\AutoRun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37792a54-e531-11df-8d5d-0013d4c23089}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37792a54-e531-11df-8d5d-0013d4c23089}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37792a54-e531-11df-8d5d-0013d4c23089}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37792a54-e531-11df-8d5d-0013d4c23089}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37792a54-e531-11df-8d5d-0013d4c23089}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37792a54-e531-11df-8d5d-0013d4c23089}\ not found. File move failed. F:\AutoRun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c0e7110-1b34-11e0-8d9d-0013d4c23089}\ not found. File move failed. F:\AutoRun.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86fd968e-f6e3-11de-bd62-806d6172696f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86fd968e-f6e3-11de-bd62-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86fd968e-f6e3-11de-bd62-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86fd968e-f6e3-11de-bd62-806d6172696f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86fd968e-f6e3-11de-bd62-806d6172696f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86fd968e-f6e3-11de-bd62-806d6172696f}\ not found. File F:\setup.exe not found. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0908F1AC deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 05172011_205540 Files\Folders moved on Reboot... File move failed. F:\AutoRun.exe scheduled to be moved on reboot. File move failed. F:\AUTORUN.INF scheduled to be moved on reboot. Registry entries deleted on Reboot... Kurze Frage: Den Text den ich ins Costum Field kopieren sollte, haste den selbst geschrieben? Und iwie gings da ausschließlich um meinen Surfstick. Hat der Tür und Tor geöffnet?? |
|
18.05.2011, 09:19
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme |
|
18.05.2011, 11:16
| #22 |
| | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme Danke erst einmal, für alles bisherige. Ich hab Kaspersky net aufm Rechner. Kannste mir da vllt n sicheren Link schicken? Und könntest du mir bitte n paar Hintergrund Infos geben? |
|
18.05.2011, 12:08
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme Dein Posting geht irgendvöllig an meiner Anleitung vorbei  Alles notwendige ist erklärt, bitte nur richtgi lesen und umsetzen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.05.2011, 17:00
| #24 |
| | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme Erklärt ist nicht alles! Auf meine Fragen erhalte ich nur Antworten ohne jeglichen Inhalt und die Bereinigung des Trojanes scheint hier nach dem copy paste Verfahren zu laufen.... Ich bin wirklich dankbar, unter Anleitung ein Bereinigungsverfahren an die Hand zu bekommen, aber alles was darüber hinausgeht, läßt sehr zu wünschen übrig. |
|
18.05.2011, 20:15
| #25 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\ProgrammeZitat:
Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.05.2011, 10:30
| #26 |
| | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme Das Tool hat nichts gefunden. Aber du kannst mir doch sicher sagen, was es mit deinem Code für Mobile Partner auf sich hatte. Was da los war und was gemacht wurde. |
|
19.05.2011, 13:47
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\ProgrammeZitat:
Was bitte meinst du mit "mobile partner"
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.05.2011, 13:51
| #28 | |
| | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\ProgrammeZitat:
|
|
19.05.2011, 14:41
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme Das sind mountpoints die ich gelöscht habe! Oft tummeln sich da Autorun-Würmer und weil die Mountpoints unwichtig sind, lass ich sie fast immer fixen! Poste auch das Log vom TDSS-Killer, sollte direkt auf C: liegen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.05.2011, 15:03
| #30 |
| | Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme Hmmm... Das könnte vlllt n größeres Problem sein, da der Surfstick ständig muckt, von wegen Gerät wird gesucht, Gerät nicht gefunden oder mit Warnungen wie: Sie verwenden eine falsche Sim- Karte, bitte wenden Sie sich an [...], nervt. Hier der Log, hatte nicht danach geschaut, da nichts gefunden wurde. Sry. Code:
ATTFilter 2011/05/19 11:25:22.0453 1468 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/19 11:25:23.0125 1468 ================================================================================
2011/05/19 11:25:23.0125 1468 SystemInfo:
2011/05/19 11:25:23.0125 1468
2011/05/19 11:25:23.0125 1468 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/19 11:25:23.0125 1468 Product type: Workstation
2011/05/19 11:25:23.0125 1468 ComputerName: KOISHI
2011/05/19 11:25:23.0125 1468 UserName: Koi
2011/05/19 11:25:23.0125 1468 Windows directory: C:\WINDOWS
2011/05/19 11:25:23.0125 1468 System windows directory: C:\WINDOWS
2011/05/19 11:25:23.0125 1468 Processor architecture: Intel x86
2011/05/19 11:25:23.0125 1468 Number of processors: 1
2011/05/19 11:25:23.0125 1468 Page size: 0x1000
2011/05/19 11:25:23.0125 1468 Boot type: Normal boot
2011/05/19 11:25:23.0125 1468 ================================================================================
2011/05/19 11:25:26.0156 1468 Initialize success
2011/05/19 11:25:48.0062 4956 ================================================================================
2011/05/19 11:25:48.0062 4956 Scan started
2011/05/19 11:25:48.0062 4956 Mode: Manual;
2011/05/19 11:25:48.0062 4956 ================================================================================
2011/05/19 11:25:54.0328 4956 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/19 11:25:54.0578 4956 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/19 11:25:54.0906 4956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/19 11:25:55.0031 4956 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/19 11:25:55.0593 4956 ALCXWDM (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/19 11:25:56.0609 4956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/19 11:25:56.0875 4956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/19 11:25:57.0218 4956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/19 11:25:57.0500 4956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/19 11:25:57.0953 4956 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/05/19 11:25:58.0281 4956 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/05/19 11:25:58.0500 4956 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/05/19 11:25:58.0734 4956 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/05/19 11:25:59.0031 4956 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/05/19 11:25:59.0375 4956 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/05/19 11:25:59.0484 4956 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/05/19 11:25:59.0671 4956 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/05/19 11:25:59.0968 4956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/19 11:26:00.0203 4956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/19 11:26:00.0609 4956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/19 11:26:00.0750 4956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/19 11:26:00.0921 4956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/19 11:26:01.0718 4956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/19 11:26:02.0046 4956 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/19 11:26:02.0312 4956 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/19 11:26:02.0515 4956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/19 11:26:02.0687 4956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/19 11:26:03.0078 4956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/19 11:26:03.0359 4956 ewusbnet (9a8dfbcd14a37d3139aacd671a8444a6) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
2011/05/19 11:26:04.0390 4956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/19 11:26:04.0578 4956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/19 11:26:04.0828 4956 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/19 11:26:05.0078 4956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/19 11:26:05.0281 4956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/19 11:26:05.0531 4956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/19 11:26:05.0781 4956 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/19 11:26:06.0015 4956 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/05/19 11:26:06.0250 4956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/19 11:26:06.0500 4956 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/19 11:26:07.0000 4956 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/05/19 11:26:07.0359 4956 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/05/19 11:26:07.0625 4956 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/05/19 11:26:07.0968 4956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/19 11:26:08.0218 4956 hwdatacard (93e5d34d95ff9011beed886e3627f442) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/05/19 11:26:09.0578 4956 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2011/05/19 11:26:10.0359 4956 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/19 11:26:10.0562 4956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/19 11:26:11.0250 4956 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/19 11:26:11.0437 4956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/19 11:26:11.0593 4956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/19 11:26:11.0765 4956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/19 11:26:12.0000 4956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/19 11:26:12.0171 4956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/19 11:26:12.0468 4956 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/19 11:26:12.0671 4956 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/19 11:26:12.0921 4956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/19 11:26:13.0234 4956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/19 11:26:13.0812 4956 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/05/19 11:26:13.0968 4956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/19 11:26:14.0187 4956 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/19 11:26:14.0312 4956 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/19 11:26:14.0578 4956 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/19 11:26:14.0750 4956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/19 11:26:15.0218 4956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/19 11:26:15.0421 4956 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/19 11:26:15.0734 4956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/19 11:26:16.0046 4956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/19 11:26:16.0312 4956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/19 11:26:16.0578 4956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/19 11:26:16.0828 4956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/19 11:26:17.0046 4956 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/05/19 11:26:17.0359 4956 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/19 11:26:17.0687 4956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/19 11:26:17.0968 4956 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/19 11:26:18.0218 4956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/19 11:26:18.0453 4956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/19 11:26:18.0703 4956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/19 11:26:18.0953 4956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/19 11:26:19.0281 4956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/19 11:26:19.0843 4956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/19 11:26:20.0218 4956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/19 11:26:20.0609 4956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/19 11:26:22.0453 4956 nv (a05d99cbf55eb493c9e82b4bca848ef5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/19 11:26:25.0218 4956 nvata (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/05/19 11:26:25.0453 4956 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/05/19 11:26:25.0843 4956 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/05/19 11:26:26.0171 4956 NVTCP (525799e14ad20365e61b2d93933b08c6) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
2011/05/19 11:26:27.0062 4956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/19 11:26:27.0328 4956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/19 11:26:27.0593 4956 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/19 11:26:27.0828 4956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/19 11:26:28.0031 4956 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/19 11:26:28.0187 4956 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/19 11:26:28.0609 4956 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/19 11:26:28.0718 4956 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/19 11:26:30.0484 4956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/19 11:26:30.0796 4956 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/19 11:26:31.0062 4956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/19 11:26:31.0390 4956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/19 11:26:32.0734 4956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/19 11:26:33.0109 4956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/19 11:26:33.0437 4956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/19 11:26:33.0718 4956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/19 11:26:34.0203 4956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/19 11:26:34.0578 4956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/19 11:26:34.0796 4956 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/19 11:26:35.0125 4956 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/19 11:26:35.0468 4956 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/19 11:26:35.0828 4956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/19 11:26:36.0328 4956 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/19 11:26:36.0625 4956 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/19 11:26:36.0875 4956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/19 11:26:37.0437 4956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/19 11:26:37.0687 4956 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/19 11:26:37.0953 4956 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/19 11:26:38.0375 4956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/19 11:26:38.0593 4956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/19 11:26:39.0609 4956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/19 11:26:40.0000 4956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/19 11:26:40.0390 4956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/19 11:26:40.0640 4956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/19 11:26:40.0984 4956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/19 11:26:41.0609 4956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/19 11:26:42.0156 4956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/19 11:26:42.0515 4956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/19 11:26:42.0734 4956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/19 11:26:43.0093 4956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/19 11:26:43.0656 4956 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/19 11:26:44.0031 4956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/19 11:26:44.0234 4956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/19 11:26:44.0562 4956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/19 11:26:44.0734 4956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/19 11:26:45.0203 4956 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/19 11:26:45.0484 4956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/19 11:26:45.0968 4956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/19 11:26:46.0687 4956 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/19 11:26:47.0078 4956 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/19 11:26:47.0828 4956 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/19 11:26:48.0578 4956 yukonwxp (a8d429e2268792638cffc57552c5e736) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/05/19 11:26:48.0953 4956 ================================================================================
2011/05/19 11:26:48.0953 4956 Scan finished
2011/05/19 11:26:48.0953 4956 ================================================================================
2011/05/19 11:26:57.0359 0956 Deinitialize success
Edit: Code:
ATTFilter 2011/05/19 11:26:35.0125 4956 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
RDPWD= Liest sich iwie als Read Password... Gesund oder eher ungesund? |
|
| Themen zu Trojaner: PSW.Agent.AMDQ in C:\Dokumente und Einstellungen, und C:\Programme |
| anzahl, avg, computer, datei, dvd, einstellungen, ergebnis, firefox, folge, free, gegenmaßnahmen, homepage, java, maßnahme, microsoft, mozilla, ordner, programm, programme, psw.agent, rechner, start, suche, temp, trojaner, update, virenquarantäne, wmp |
Linear-Darstellung
