|
Log-Analyse und Auswertung: Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.05.2011, 14:50 | #16 |
| Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. so habe ich gemacht, nach dem neustart war dann dieses fenster offen. Code:
ATTFilter ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-982778272-3740993981-3889600570-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found. Registry value HKEY_USERS\S-1-5-21-982778272-3740993981-3889600570-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. Registry value HKEY_USERS\S-1-5-21-982778272-3740993981-3889600570-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A51A36E6-31E7-4838-9FF7-76298B527EC0} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A51A36E6-31E7-4838-9FF7-76298B527EC0}\ not found. Registry value HKEY_USERS\S-1-5-21-982778272-3740993981-3889600570-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CtrlVol deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LaunchAp deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wbutton deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender deleted successfully. File move failed. C:\Program Files\Windows Defender\MSASCui.exe scheduled to be moved on reboot. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\PcSync deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\PcSync not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e8012b0-42d7-11df-9395-0016d38c2282}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e8012b0-42d7-11df-9395-0016d38c2282}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e8012b0-42d7-11df-9395-0016d38c2282}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e8012b0-42d7-11df-9395-0016d38c2282}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3248e16a-3687-11e0-a014-a33012342dbf}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248e16a-3687-11e0-a014-a33012342dbf}\ not found. File F:\InstallTomTomHOME.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50210559-ac31-11dc-99c0-0016d38c2282}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50210559-ac31-11dc-99c0-0016d38c2282}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50210559-ac31-11dc-99c0-0016d38c2282}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50210559-ac31-11dc-99c0-0016d38c2282}\ not found. File F:\pushinst.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e43b64bc-55dd-11de-a9e4-0016d38c2282}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e43b64bc-55dd-11de-a9e4-0016d38c2282}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e43b64bc-55dd-11de-a9e4-0016d38c2282}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e43b64bc-55dd-11de-a9e4-0016d38c2282}\ not found. File G:\LaunchU3.exe -a not found. C:\ProgramData\32366368 moved successfully. C:\ProgramData\30924576 moved successfully. C:\ProgramData\31973152 moved successfully. C:\ProgramData\33546016 moved successfully. C:\ProgramData\31186720 moved successfully. C:\Users\Necki\AppData\Roaming\ICQ Toolbar folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.22.3 log created on 05192011_154307 Files\Folders moved on Reboot... File move failed. C:\Program Files\Windows Defender\MSASCui.exe scheduled to be moved on reboot. Registry entries deleted on Reboot... |
19.05.2011, 15:02 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
19.05.2011, 15:09 | #18 |
| Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. so gemacht, nichts gefunden schrieb er,
__________________auf meine datein kann ich wieder zugreifen ist soweit i das einschätzen kann alles wieder da. Code:
ATTFilter 2011/05/19 16:05:01.0881 3952 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29 2011/05/19 16:05:02.0102 3952 ================================================================================ 2011/05/19 16:05:02.0102 3952 SystemInfo: 2011/05/19 16:05:02.0102 3952 2011/05/19 16:05:02.0102 3952 OS Version: 6.0.6000 ServicePack: 0.0 2011/05/19 16:05:02.0102 3952 Product type: Workstation 2011/05/19 16:05:02.0102 3952 ComputerName: NOTEBOOK 2011/05/19 16:05:02.0103 3952 UserName: Necki 2011/05/19 16:05:02.0103 3952 Windows directory: C:\Windows 2011/05/19 16:05:02.0103 3952 System windows directory: C:\Windows 2011/05/19 16:05:02.0103 3952 Processor architecture: Intel x86 2011/05/19 16:05:02.0103 3952 Number of processors: 2 2011/05/19 16:05:02.0103 3952 Page size: 0x1000 2011/05/19 16:05:02.0103 3952 Boot type: Normal boot 2011/05/19 16:05:02.0103 3952 ================================================================================ 2011/05/19 16:05:02.0551 3952 Initialize success 2011/05/19 16:05:21.0062 2172 ================================================================================ 2011/05/19 16:05:21.0062 2172 Scan started 2011/05/19 16:05:21.0062 2172 Mode: Manual; 2011/05/19 16:05:21.0062 2172 ================================================================================ 2011/05/19 16:05:21.0577 2172 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 2011/05/19 16:05:21.0718 2172 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/05/19 16:05:21.0920 2172 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/05/19 16:05:22.0061 2172 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/05/19 16:05:22.0279 2172 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/05/19 16:05:22.0451 2172 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 2011/05/19 16:05:22.0607 2172 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/05/19 16:05:22.0778 2172 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/05/19 16:05:22.0934 2172 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/05/19 16:05:23.0075 2172 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/05/19 16:05:23.0200 2172 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/05/19 16:05:23.0402 2172 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/05/19 16:05:23.0558 2172 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/05/19 16:05:23.0761 2172 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/05/19 16:05:23.0995 2172 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/05/19 16:05:24.0416 2172 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/19 16:05:24.0650 2172 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys 2011/05/19 16:05:24.0838 2172 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys 2011/05/19 16:05:24.0962 2172 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/05/19 16:05:25.0150 2172 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/19 16:05:25.0352 2172 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/19 16:05:25.0649 2172 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 2011/05/19 16:05:25.0914 2172 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/19 16:05:26.0179 2172 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/05/19 16:05:26.0351 2172 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/05/19 16:05:26.0569 2172 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/05/19 16:05:26.0710 2172 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/05/19 16:05:26.0788 2172 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/05/19 16:05:26.0928 2172 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/05/19 16:05:27.0146 2172 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/05/19 16:05:27.0302 2172 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/19 16:05:27.0458 2172 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/19 16:05:27.0677 2172 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/05/19 16:05:27.0786 2172 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 2011/05/19 16:05:28.0004 2172 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/19 16:05:28.0145 2172 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/05/19 16:05:28.0348 2172 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/19 16:05:28.0519 2172 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/05/19 16:05:28.0628 2172 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/05/19 16:05:28.0909 2172 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 2011/05/19 16:05:29.0190 2172 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 2011/05/19 16:05:29.0611 2172 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 2011/05/19 16:05:29.0923 2172 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/19 16:05:30.0251 2172 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/05/19 16:05:30.0516 2172 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 2011/05/19 16:05:30.0734 2172 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/05/19 16:05:31.0015 2172 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 2011/05/19 16:05:31.0187 2172 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/19 16:05:31.0280 2172 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 2011/05/19 16:05:31.0327 2172 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 2011/05/19 16:05:31.0390 2172 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/19 16:05:31.0436 2172 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 2011/05/19 16:05:31.0483 2172 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/19 16:05:31.0561 2172 FWLANUSB (ecb814c5d07839843aa5c3a1ee3ba8f3) C:\Windows\system32\DRIVERS\fwlanusb.sys 2011/05/19 16:05:31.0624 2172 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/05/19 16:05:31.0686 2172 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2011/05/19 16:05:31.0920 2172 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/05/19 16:05:32.0029 2172 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/19 16:05:32.0060 2172 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/05/19 16:05:32.0107 2172 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/05/19 16:05:32.0170 2172 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/19 16:05:32.0248 2172 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys 2011/05/19 16:05:32.0294 2172 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/05/19 16:05:32.0388 2172 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 2011/05/19 16:05:32.0450 2172 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/05/19 16:05:32.0544 2172 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/19 16:05:32.0606 2172 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys 2011/05/19 16:05:32.0716 2172 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/05/19 16:05:32.0996 2172 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/05/19 16:05:33.0652 2172 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/05/19 16:05:33.0870 2172 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys 2011/05/19 16:05:34.0229 2172 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys 2011/05/19 16:05:34.0369 2172 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/19 16:05:34.0541 2172 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/19 16:05:34.0759 2172 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/05/19 16:05:34.0790 2172 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 2011/05/19 16:05:34.0868 2172 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 2011/05/19 16:05:34.0931 2172 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/05/19 16:05:34.0978 2172 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/19 16:05:35.0118 2172 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/05/19 16:05:35.0321 2172 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/05/19 16:05:35.0508 2172 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys 2011/05/19 16:05:35.0726 2172 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/19 16:05:35.0773 2172 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/05/19 16:05:35.0851 2172 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/19 16:05:35.0945 2172 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/19 16:05:36.0007 2172 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/05/19 16:05:36.0085 2172 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/05/19 16:05:36.0163 2172 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/05/19 16:05:36.0210 2172 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 2011/05/19 16:05:36.0257 2172 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/05/19 16:05:36.0335 2172 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 2011/05/19 16:05:36.0382 2172 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/19 16:05:36.0428 2172 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/19 16:05:36.0475 2172 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/19 16:05:36.0506 2172 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 2011/05/19 16:05:36.0553 2172 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/05/19 16:05:36.0584 2172 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/19 16:05:36.0662 2172 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/05/19 16:05:36.0709 2172 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 2011/05/19 16:05:36.0803 2172 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/19 16:05:36.0881 2172 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/19 16:05:36.0928 2172 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/19 16:05:36.0990 2172 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/05/19 16:05:37.0037 2172 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/05/19 16:05:37.0099 2172 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 2011/05/19 16:05:37.0162 2172 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys 2011/05/19 16:05:37.0208 2172 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/19 16:05:37.0255 2172 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/19 16:05:37.0286 2172 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 2011/05/19 16:05:37.0318 2172 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 2011/05/19 16:05:37.0364 2172 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/19 16:05:37.0396 2172 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 2011/05/19 16:05:37.0442 2172 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 2011/05/19 16:05:37.0505 2172 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/19 16:05:37.0598 2172 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 2011/05/19 16:05:37.0661 2172 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/19 16:05:37.0692 2172 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/19 16:05:37.0739 2172 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/19 16:05:37.0786 2172 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 2011/05/19 16:05:37.0848 2172 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/19 16:05:37.0879 2172 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/19 16:05:38.0035 2172 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/05/19 16:05:38.0113 2172 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 2011/05/19 16:05:38.0207 2172 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/19 16:05:38.0300 2172 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 2011/05/19 16:05:38.0410 2172 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/05/19 16:05:38.0456 2172 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 2011/05/19 16:05:38.0534 2172 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/05/19 16:05:38.0581 2172 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys 2011/05/19 16:05:38.0628 2172 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/05/19 16:05:38.0675 2172 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys 2011/05/19 16:05:38.0722 2172 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/05/19 16:05:38.0846 2172 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/05/19 16:05:38.0940 2172 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/05/19 16:05:38.0987 2172 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 2011/05/19 16:05:39.0034 2172 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/05/19 16:05:39.0080 2172 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys 2011/05/19 16:05:39.0127 2172 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2011/05/19 16:05:39.0205 2172 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/05/19 16:05:39.0283 2172 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/05/19 16:05:39.0470 2172 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/19 16:05:39.0517 2172 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/05/19 16:05:39.0595 2172 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/19 16:05:39.0658 2172 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/05/19 16:05:39.0751 2172 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/05/19 16:05:39.0798 2172 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/19 16:05:39.0845 2172 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/19 16:05:39.0892 2172 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/19 16:05:39.0938 2172 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/19 16:05:39.0985 2172 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/19 16:05:40.0032 2172 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/19 16:05:40.0094 2172 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/05/19 16:05:40.0157 2172 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/19 16:05:40.0204 2172 RDPWD (e2afac98fc6ca2ad2d09f2de1bc71ad9) C:\Windows\system32\drivers\RDPWD.sys 2011/05/19 16:05:40.0297 2172 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/19 16:05:40.0360 2172 RTL8169 (3d2b6520699d1dcd5a13f9e7cad62199) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/05/19 16:05:40.0422 2172 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/05/19 16:05:40.0500 2172 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/05/19 16:05:40.0578 2172 Ser2pl (fd245689004356aa2928b678736b9abd) C:\Windows\system32\DRIVERS\ser2pl.sys 2011/05/19 16:05:40.0625 2172 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/19 16:05:40.0672 2172 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/05/19 16:05:40.0734 2172 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/19 16:05:40.0828 2172 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\Windows\system32\drivers\sfdrv01.sys 2011/05/19 16:05:40.0874 2172 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/05/19 16:05:40.0921 2172 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/05/19 16:05:40.0968 2172 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/05/19 16:05:41.0015 2172 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\Windows\system32\drivers\sfhlp02.sys 2011/05/19 16:05:41.0046 2172 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/05/19 16:05:41.0108 2172 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\Windows\system32\drivers\sfvfs02.sys 2011/05/19 16:05:41.0155 2172 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/05/19 16:05:41.0202 2172 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/05/19 16:05:41.0249 2172 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/05/19 16:05:41.0327 2172 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 2011/05/19 16:05:41.0405 2172 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 2011/05/19 16:05:41.0498 2172 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 2011/05/19 16:05:41.0530 2172 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/19 16:05:41.0561 2172 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/19 16:05:41.0623 2172 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/05/19 16:05:41.0670 2172 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/19 16:05:41.0732 2172 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/05/19 16:05:41.0764 2172 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/05/19 16:05:41.0810 2172 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/05/19 16:05:41.0904 2172 SynTP (db835c324cd488a86e9bfc2c3fd29cd8) C:\Windows\system32\DRIVERS\SynTP.sys 2011/05/19 16:05:42.0044 2172 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys 2011/05/19 16:05:42.0122 2172 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/19 16:05:42.0169 2172 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/19 16:05:42.0216 2172 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 2011/05/19 16:05:42.0263 2172 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 2011/05/19 16:05:42.0294 2172 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/19 16:05:42.0341 2172 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/19 16:05:42.0606 2172 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/19 16:05:42.0840 2172 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 2011/05/19 16:05:42.0918 2172 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/19 16:05:42.0980 2172 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/05/19 16:05:43.0027 2172 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/19 16:05:43.0074 2172 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/05/19 16:05:43.0121 2172 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/05/19 16:05:43.0183 2172 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/05/19 16:05:43.0214 2172 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/05/19 16:05:43.0261 2172 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/19 16:05:43.0339 2172 USB28xxBGA (675cce4a8df14aa0b3c3e23424853c50) C:\Windows\system32\DRIVERS\emBDA.sys 2011/05/19 16:05:43.0386 2172 USB28xxOEM (548ff2d95ba0793a79ec679081313974) C:\Windows\system32\DRIVERS\emOEM.sys 2011/05/19 16:05:43.0448 2172 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys 2011/05/19 16:05:43.0511 2172 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/19 16:05:43.0558 2172 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/05/19 16:05:43.0636 2172 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/19 16:05:43.0682 2172 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/19 16:05:43.0729 2172 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/05/19 16:05:43.0760 2172 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/19 16:05:43.0823 2172 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/19 16:05:43.0885 2172 usbser (c0488cc01a1c686b08a3d360c7f50324) C:\Windows\system32\drivers\usbser.sys 2011/05/19 16:05:43.0916 2172 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/05/19 16:05:44.0010 2172 usbuhci (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/19 16:05:44.0072 2172 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/19 16:05:44.0119 2172 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 2011/05/19 16:05:44.0166 2172 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/05/19 16:05:44.0197 2172 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/05/19 16:05:44.0244 2172 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/05/19 16:05:44.0275 2172 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys 2011/05/19 16:05:44.0322 2172 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys 2011/05/19 16:05:44.0369 2172 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 2011/05/19 16:05:44.0416 2172 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 2011/05/19 16:05:44.0462 2172 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/05/19 16:05:44.0525 2172 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/05/19 16:05:44.0556 2172 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/19 16:05:44.0587 2172 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/19 16:05:44.0634 2172 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/05/19 16:05:44.0743 2172 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/19 16:05:44.0946 2172 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/05/19 16:05:45.0055 2172 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/05/19 16:05:45.0118 2172 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/19 16:05:45.0227 2172 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/05/19 16:05:45.0305 2172 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/19 16:05:45.0430 2172 ================================================================================ 2011/05/19 16:05:45.0430 2172 Scan finished 2011/05/19 16:05:45.0430 2172 ================================================================================ |
19.05.2011, 15:16 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
19.05.2011, 15:42 | #20 |
| Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. so auch das hab ich geschaft, puhh sind ganzschöne schritte die man hier so macht und dann ich noch als unwissende Code:
ATTFilter ComboFix 11-05-18.04 - Necki 19.05.2011 16:28:38.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2038.1201 [GMT 2:00] ausgeführt von:: c:\users\Necki\Desktop\cofi.exe.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\firststeps\FirstSteps.exe c:\users\Necki\AppData\Roaming\chrtmp . . ((((((((((((((((((((((( Dateien erstellt von 2011-04-19 bis 2011-05-19 )))))))))))))))))))))))))))))) . . 2011-05-19 14:36 . 2011-05-19 14:36 -------- d-----w- c:\users\Necki\AppData\Local\temp 2011-05-19 13:43 . 2011-05-19 13:43 -------- d-----w- C:\_OTL 2011-05-18 14:58 . 2011-05-18 14:58 -------- d-----w- c:\users\Necki\AppData\Roaming\Malwarebytes 2011-05-18 14:57 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-18 14:57 . 2011-05-18 14:57 -------- d-----w- c:\programdata\Malwarebytes 2011-05-18 14:57 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-18 14:57 . 2011-05-18 14:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-18 14:16 . 2011-05-18 14:16 1186056 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-05-17 15:54 . 2011-05-17 15:54 0 ----a-w- c:\users\Necki\AppData\Local\BIT4EEB.tmp . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-18 17:56 . 2011-04-05 20:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "recinfo866"="c:\recinfo\RecInfo.exe" [2007-06-06 2768896] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-07-26 192512] "GrooveMonitor"="d:\office12\GrooveMonitor.exe" [2008-10-25 31072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2006-03-01 327680] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Startcenter.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk backup=c:\windows\pss\FRITZ!DSL Startcenter.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 13:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 06:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-05-16 07:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2010-12-20 16:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [x] R2 gupdate1c9e48843394e20;Google Update Service (gupdate1c9e48843394e20);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 133104] R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-02-23 264704] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 133104] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - KLMD25 *Deregistered* - klmd25 . Inhalt des "geplante Tasks" Ordners . 2011-05-19 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-03 20:15] . 2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 20:16] . 2011-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 20:16] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.bearshare.com/de/ IE: Nach Microsoft E&xel exportieren - d:\office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Necki\AppData\Roaming\Mozilla\Firefox\Profiles\bjx89sl2.default\ FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - hxxp://google.de/ FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{a51a36e6-31e7-4838-9ff7-76298b527ec0} - (no file) BHO-{6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe AddRemove-Cradle of Rome - c:\big fish games\Cradle of Rome\Uninstall.exe AddRemove-Poker Superstars II - c:\big fish games\Poker Superstars II\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-05-19 16:36 Windows 6.0.6000 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Zeit der Fertigstellung: 2011-05-19 16:39:00 ComboFix-quarantined-files.txt 2011-05-19 14:38 . Vor Suchlauf: 20 Verzeichnis(se), 59.218.034.688 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 60.269.211.648 Bytes frei . - - End Of File - - 432286102F19EFAFB530BD22478F8C6B |
19.05.2011, 18:43 | #21 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ --> Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. |
19.05.2011, 20:20 | #22 |
| Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. hier schonmla osam Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:20:09 on 19.05.2011 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Mozilla Corporation Firefox 4.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - D:\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Necki\AppData\Local\Temp\catchme.sys (File not found) "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology" - C:\Windows\System32\drivers\sfvfs02.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - D:\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - D:\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - ? - C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll (File not found) {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - D:\Office12\ONBttnIE.dll "ICQ7" - "ICQ, LLC." - C:\Program Files\ICQ7.0\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Necki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "AVMWlanClient" - "AVM Berlin GmbH" - C:\Program Files\avmwlanstick\FRITZWLANMini.exe "GrooveMonitor" - "Microsoft Corporation" - "D:\Office12\GrooveMonitor.exe" "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "recinfo866" - ? - c:\RecInfo\RecInfo.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "hpzsnt07" - "HP" - C:\Windows\system32\hpzsnt07.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - ? - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (File not found) "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9e48843394e20)" (gupdate1c9e48843394e20) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - D:\Office12\GrooveAuditService.exe "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
19.05.2011, 20:25 | #23 |
| Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden.Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: (build 6000), 32-bit Base Board Manufacturer: FUJITSU SIEMENS BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: FUJITSU SIEMENS System Product Name: AMILO Li 2727 Logical Drives Mask: 0x0000001c Kernel Drivers (total 136): 0x82400000 \SystemRoot\system32\ntkrnlpa.exe 0x827A1000 \SystemRoot\system32\hal.dll 0x802C6000 \SystemRoot\system32\kdcom.dll 0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8025D000 \SystemRoot\system32\PSHED.dll 0x80255000 \SystemRoot\system32\BOOTVID.dll 0x8021A000 \SystemRoot\system32\CLFS.SYS 0x8051F000 \SystemRoot\system32\CI.dll 0x804AE000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8020C000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8046B000 \SystemRoot\system32\drivers\acpi.sys 0x80203000 \SystemRoot\system32\drivers\WMILIB.SYS 0x80463000 \SystemRoot\system32\drivers\msisadrv.sys 0x8043E000 \SystemRoot\system32\drivers\pci.sys 0x8042F000 \SystemRoot\system32\drivers\volmgr.sys 0x80200000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80425000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80415000 \SystemRoot\System32\drivers\mountmgr.sys 0x8040E000 \SystemRoot\system32\drivers\intelide.sys 0x80400000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x807E7000 \SystemRoot\system32\drivers\nvraid.sys 0x807C6000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8077C000 \SystemRoot\System32\drivers\volmgrx.sys 0x806B5000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x806AD000 \SystemRoot\system32\drivers\atapi.sys 0x8068F000 \SystemRoot\system32\drivers\ataport.SYS 0x80671000 \SystemRoot\system32\drivers\vsmraid.sys 0x80631000 \SystemRoot\system32\drivers\storport.sys 0x80600000 \SystemRoot\system32\drivers\fltmgr.sys 0x823F0000 \SystemRoot\system32\drivers\fileinfo.sys 0x822EC000 \SystemRoot\system32\drivers\ndis.sys 0x822C1000 \SystemRoot\system32\drivers\msrpc.sys 0x82288000 \SystemRoot\system32\drivers\NETIO.SYS 0x87EF8000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8221E000 \SystemRoot\System32\Drivers\ksecdd.sys 0x87EC2000 \SystemRoot\system32\drivers\volsnap.sys 0x82216000 \SystemRoot\System32\Drivers\spldr.sys 0x87EBA000 \SystemRoot\System32\drivers\sfhlp02.sys 0x87E99000 \SystemRoot\System32\drivers\partmgr.sys 0x87E8A000 \SystemRoot\System32\Drivers\mup.sys 0x87E65000 \SystemRoot\System32\drivers\ecache.sys 0x87E54000 \SystemRoot\system32\drivers\disk.sys 0x87E4B000 \SystemRoot\system32\drivers\crcdisk.sys 0x8A636000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x89179000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x89182000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8A628000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8BBB3000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8BB14000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8A61B000 \SystemRoot\System32\drivers\watchdog.sys 0x8A610000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8BAD7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8A602000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8A78D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8BA1E000 \SystemRoot\system32\DRIVERS\athr.sys 0x8A727000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8A77A000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8A76F000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8C3D3000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x88C57000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8A7F5000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8BA06000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x88C39000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0x8C3A8000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8C39D000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8C386000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8C37B000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8C358000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x88898000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8C345000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8C31E000 \SystemRoot\system32\DRIVERS\termdd.sys 0x82200000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8C2F4000 \SystemRoot\system32\DRIVERS\ks.sys 0x8A641000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8C32D000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8C210000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x88D50000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8C64B000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8C503000 \SystemRoot\system32\drivers\portcls.sys 0x8C4DE000 \SystemRoot\system32\drivers\drmk.sys 0x891EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x89090000 \SystemRoot\System32\Drivers\Null.SYS 0x89097000 \SystemRoot\System32\Drivers\Beep.SYS 0x8C204000 \SystemRoot\System32\drivers\vga.sys 0x8C4BD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x890EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x890F4000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8C33A000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8C48F000 \SystemRoot\System32\Drivers\Npfs.SYS 0x888A7000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8C92A000 \SystemRoot\System32\drivers\tcpip.sys 0x8C436000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8C421000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8C40D000 \SystemRoot\system32\DRIVERS\smb.sys 0x8C604000 \SystemRoot\system32\drivers\afd.sys 0x8C8F8000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8C8E2000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8C8D4000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8C8C1000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8906E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8C886000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8C254000 \SystemRoot\system32\drivers\nsiproxy.sys 0x88C30000 \SystemRoot\System32\Drivers\Hotkey.SYS 0x8C86F000 \SystemRoot\System32\Drivers\dfsc.sys 0x8C853000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x88C49000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8C530000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8A64B000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x91A00000 \SystemRoot\System32\win32k.sys 0x8C25E000 \SystemRoot\System32\drivers\Dxapi.sys 0x90162000 \SystemRoot\system32\DRIVERS\monitor.sys 0xA5800000 \SystemRoot\System32\TSDDD.dll 0xA5810000 \SystemRoot\System32\cdd.dll 0xA694A000 \SystemRoot\system32\drivers\luafv.sys 0xA6876000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xA685C000 \SystemRoot\system32\drivers\WudfPf.sys 0x88DD0000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA8778000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8C272000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA68F7000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA866B000 \SystemRoot\system32\drivers\HTTP.sys 0xA8610000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA8FE7000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA8FD3000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA8FB3000 \SystemRoot\system32\drivers\mrxdav.sys 0xA8F95000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA8F5C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA8F4A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA8F26000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA8ED5000 \SystemRoot\System32\DRIVERS\srv.sys 0xA9172000 \SystemRoot\system32\drivers\spsys.sys 0xA6A62000 \SystemRoot\system32\drivers\peauth.sys 0x8C2C2000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAA354000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA9032000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77D60000 \Windows\System32\ntdll.dll Processes (total 60): 0 System Idle Process 4 System 424 C:\Windows\System32\smss.exe 492 csrss.exe 536 C:\Windows\System32\wininit.exe 548 csrss.exe 584 C:\Windows\System32\services.exe 596 C:\Windows\System32\lsass.exe 604 C:\Windows\System32\lsm.exe 680 C:\Windows\System32\winlogon.exe 796 C:\Windows\System32\svchost.exe 872 C:\Windows\System32\svchost.exe 1020 C:\Windows\System32\svchost.exe 1044 C:\Windows\System32\svchost.exe 1064 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\audiodg.exe 1160 C:\Windows\System32\SLsvc.exe 1240 C:\Windows\System32\svchost.exe 1428 C:\Windows\System32\svchost.exe 1600 C:\Windows\System32\spoolsv.exe 1624 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1636 C:\Windows\System32\svchost.exe 1908 C:\Windows\System32\dwm.exe 1944 C:\Windows\explorer.exe 1960 C:\Windows\System32\taskeng.exe 276 C:\Windows\System32\taskeng.exe 296 C:\Program Files\Google\Update\GoogleUpdate.exe 500 C:\Program Files\Synaptics\SynTP\SynTPStart.exe 1304 C:\Windows\RtHDVCpl.exe 580 C:\Program Files\Launch Manager\HotkeyApp.exe 556 D:\Office12\GrooveMonitor.exe 1264 C:\Windows\System32\igfxtray.exe 1852 C:\Windows\System32\hkcmd.exe 1860 C:\Windows\System32\igfxpers.exe 1356 C:\Windows\System32\igfxsrvc.exe 1516 C:\Program Files\avmwlanstick\FRITZWLANMini.exe 1172 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1820 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1176 C:\Windows\ehome\ehtray.exe 1192 C:\Program Files\Windows Sidebar\sidebar.exe 2064 C:\Windows\ehome\ehmsas.exe 2228 C:\Program Files\Windows Sidebar\sidebar.exe 2432 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2480 C:\Windows\System32\svchost.exe 2668 C:\Windows\System32\svchost.exe 2720 C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe 2792 C:\Windows\System32\svchost.exe 2844 C:\Windows\System32\SearchIndexer.exe 3384 C:\Windows\System32\taskeng.exe 3412 C:\Program Files\Launch Manager\WisLMSvc.exe 3576 WmiPrvSE.exe 3704 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3956 C:\Program Files\Mozilla Firefox\firefox.exe 3852 C:\Windows\System32\wbem\unsecapp.exe 3900 C:\Program Files\Mozilla Firefox\plugin-container.exe 3224 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe 1276 dllhost.exe 3456 dllhost.exe 2924 C:\Users\Necki\Desktop\MBRCheck.exe 2664 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`f4300000 (NTFS) PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! man ist das kompliziert, hätte ich nicht einfach meine paar daten jetzt runter ziehen können und den rechner dann formatiern können oder wäre das problem damit nicht weg? mfg |
19.05.2011, 21:13 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. Sieht ok aus, wir sind auch fast durch. GMER ging nicht? Wenn GMER nicht will mit den Kontrollscans weitermachen: Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
19.05.2011, 22:19 | #25 |
| Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. ne das ging net , gut also mache ich nochmal mit Malwarebytes ein vollscan und mit dem anderen superantispyware , das wird ja bestimmt 2-3h in anspruch nehmen, werden das dann morgen posten das schaffe ich heute net mher. gruß, claudia |
20.05.2011, 00:24 | #26 |
| Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. so das mit superantisyeware habe i noch gemacht, das programm ist vieleicht mal scheiße durchzusehen. Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 05/20/2011 at 01:18 AM Application Version : 4.52.1000 Core Rules Database Version : 7091 Trace Rules Database Version: 4903 Scan type : Complete Scan Total Scan Time : 01:50:19 Memory items scanned : 622 Memory threats detected : 0 Registry items scanned : 9302 Registry threats detected : 0 File items scanned : 130445 File threats detected : 42 Adware.Tracking Cookie C:\Users\Necki\AppData\Roaming\Microsoft\Windows\Cookies\necki@atwola[1].txt C:\Users\Necki\AppData\Roaming\Microsoft\Windows\Cookies\necki@advertising[2].txt C:\Users\Necki\AppData\Roaming\Microsoft\Windows\Cookies\necki@tacoda.at.atwola[1].txt C:\Users\Necki\AppData\Roaming\Microsoft\Windows\Cookies\necki@at.atwola[2].txt C:\Users\Necki\AppData\Roaming\Microsoft\Windows\Cookies\necki@cdn.at.atwola[1].txt C:\Users\Necki\AppData\Roaming\Microsoft\Windows\Cookies\necki@ar.atwola[1].txt cdn1.eyewonder.com [ C:\Users\Necki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] media.mtvnservices.com [ C:\Users\Necki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] spe.atdmt.com [ C:\Users\Necki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] static.youporn.com [ C:\Users\Necki\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] adserver.freenet.de [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] akamai.smartadserver.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] atdmt.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] banners.securedataimages.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] bc.youporn.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] broadcast.piximedia.fr [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] cdn1.eyewonder.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] cdn5.specificclick.net [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] ds.serving-sys.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] ec.atdmt.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] files.youporn.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] googleads.g.doubleclick.net [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] ia.media-imdb.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] imagesrv.adition.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] macromedia.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] media.kyte.tv [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] media.mtvnservices.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] media.scanscout.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] media01.kyte.tv [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] media1.break.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] msnbcmedia.msn.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] oddcast.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] s0.2mdn.net [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] secure-us.imrworldwide.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] serving-sys.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] spe.atdmt.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] static.youporn.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] vht.tradedoubler.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] www.porntube.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] www.rfporn.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] www.secmedia.de [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] youporn.videobox.com [ C:\Users\Necki\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RR9FAP77 ] |
20.05.2011, 09:16 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. Und das andere Log?
__________________ Logfiles bitte immer in CODE-Tags posten |
20.05.2011, 09:22 | #28 |
| Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. hallo, das andere mache ich jetzt. |
20.05.2011, 10:41 | #29 |
| Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. so hier nun die andere mit geupdateter neuer version. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6624 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 20.05.2011 11:35:45 mbam-log-2011-05-20 (11-35-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 284720 Laufzeit: 1 Stunde(n), 2 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
20.05.2011, 11:16 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Trojaner TR/kazy.mehm.1 wie nun weiter? otl.txt und extra.txt vorhanden. |
4d36e972-e325-11ce-bfc1-08002be10318, antivir, avira, bho, bildschirm, c:\windows\system32\rundll32.exe, call of duty, conduit, daten sichern, daten verschwunden, desktop, dsl, error, excel.exe, festplatte, firefox, google earth, grand theft auto, helper, home, hotkey.sys, igdctrl.exe, install.exe, launch, logfile, microsoft office word, mozilla, nvstor.sys, office 2007, oldtimer, otl.txt, plug-in, popup, realtek, registry, rundll, scan, sched.exe, schwarzer bildschirm, searchplugins, security update, senden, shortcut, software, start menu, stick, svchost.exe, trojaner, vista, wrapper |