Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Fakealert-REP Trojan

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.05.2011, 19:21   #1
HD1
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Hallo allerseits, gestern habe ich erstmals meinen Laptop mit dem McAfee Labs Stinger durchsuchen lassen und bekam diese Meldung:

McAfee(r) Labs Stinger(tm) Version 10.1.0.1573 built on May 13 2011
Copyright (c) 2011 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on May 13 2011.
Ready to scan for 2409 viruses, trojans and variants.

Scan initiated on Tue May 17 22:06:37 2011
C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe
Found the FakeAlert!fakealert-REP trojan !!!
C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe is infected with the FakeAlert!fakealert-REP virus !!!
C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe could not be repaired.
Number of clean files: 360504
Number of infected files: 1

Scan initiated on Wed May 18 01:46:51 2011
Number of clean files: 11

Scan initiated on Wed May 18 01:48:06 2011
Number of clean files: 60573

Mein Avira kann diesen Virus/Trojaner (FakeAlert!fakealert-REP) nicht erkennen, selbst wenn ich diese Datei konkret von Avira durchsuchen lasse.

Auch Malwarebytes hat wohl nichts gefunden. In anderen Beiträgen habe ich aber gelesen, dass es diesen FakeAlert!fakealert-REP Virus/Trojaner tatsächlich gibt und dass es Lösungen gibt, diesen zu beseitigen. Diese Lösungsansätze haben aber nicht ganz auf meinen Fall gepasst, da dort andere Dateien in anderen Verzeichnissen betroffen waren (aber vom selben Schädling).

Nachfolgend kopiere ich das Logfile von mbam und die beiden Logfiles von OTL ein.

Könnt Ihr mir helfen?

Vielen Dank vorab!


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6610

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

18.05.2011 19:27:37
mbam-log-2011-05-18 (19-27-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|)
Durchsuchte Objekte: 429295
Laufzeit: 2 Stunde(n), 6 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




OTL logfile created on: 18.05.2011 19:37:04 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\****\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 196,94 Gb Free Space | 70,82% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32
Drive F: | 6,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 931,40 Gb Total Space | 792,43 Gb Free Space | 85,08% Space Free | Partition Type: FAT32

Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\****\Desktop\stinger10101573.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Verbindungsassistent\Verbindungsassistent.exe (WebToGo Mobile Internet GmbH)
PRC - C:\Programme\Verbindungsassistent\WTGService.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Programme\BisonCam\BsMnt.exe ()
PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)


========== Modules (SafeList) ==========

MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WTGService) -- C:\Programme\Verbindungsassistent\WTGService.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys ()
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "https://login.yahoo.com/config/login_verify2?.intl=de&.src=ym"

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.29 22:16:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 22:16:43 | 000,000,000 | ---D | M]

[2010.01.25 20:00:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011.04.01 21:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\uqe87v8r.default\extensions
[2010.05.11 12:35:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\uqe87v8r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.29 22:16:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.02 18:16:48 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3cb4f275-63b0-11e0-9d4f-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{3cb4f275-63b0-11e0-9d4f-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{42f68a3b-b11f-11df-bdd3-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{42f68a3b-b11f-11df-bdd3-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{42f68a3e-b11f-11df-bdd3-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{42f68a3e-b11f-11df-bdd3-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{52db2506-0b7f-11e0-96a0-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{52db2506-0b7f-11e0-96a0-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6563c3ea-5d39-11df-bcb8-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{6563c3ea-5d39-11df-bcb8-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6563c3ef-5d39-11df-bcb8-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{6563c3ef-5d39-11df-bcb8-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{732d049d-5afd-11df-960c-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{732d049d-5afd-11df-960c-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{732d04a2-5afd-11df-960c-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{732d04a2-5afd-11df-960c-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.18 19:32:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.05.18 16:52:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011.05.18 16:52:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.18 16:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.18 16:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.18 16:51:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.18 16:51:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.17 14:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.05.17 14:21:02 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.05.11 21:34:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011.05.11 15:06:26 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011.05.11 15:06:25 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011.05.11 14:58:28 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.05.11 14:58:27 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.05.09 18:19:18 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\RA
[2011.05.05 11:00:36 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Vakanzen
[2011.05.05 10:29:34 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\HD
[2011.05.02 14:17:05 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\CV
[2011.04.29 22:04:33 | 012,362,480 | ---- | C] (Mozilla) -- C:\Users\****\Desktop\Firefox Setup 4.0.1.exe
[2011.04.27 14:56:51 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011.04.27 14:56:51 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011.04.27 14:56:51 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011.04.27 14:55:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011.04.27 14:54:38 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.27 14:49:55 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Files - Modified Within 30 Days ==========

[2011.05.18 19:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011.05.18 19:32:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.05.18 16:52:03 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.18 14:58:55 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.18 14:58:55 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.18 14:57:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.17 22:04:10 | 007,130,631 | ---- | M] () -- C:\Users\****\Desktop\stinger10101573.exe
[2011.05.17 14:19:18 | 001,110,476 | ---- | M] () -- C:\Users\****\Desktop\7z920.exe
[2011.05.17 13:57:00 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.17 13:57:00 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.17 13:57:00 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.17 13:57:00 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.17 10:36:44 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.09 18:34:20 | 004,404,271 | ---- | M] () -- C:\Users\****\Desktop\Artikel.pdf.pdf
[2011.05.03 15:28:54 | 000,064,906 | ---- | M] () -- C:\Users\****\Desktop\Roundtable Programm_26.5.11.pdf
[2011.04.29 22:16:45 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.29 22:13:57 | 012,362,480 | ---- | M] (Mozilla) -- C:\Users\****\Desktop\Firefox Setup 4.0.1.exe
[2011.04.28 15:21:16 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.28 12:32:44 | 000,043,556 | ---- | M] () -- C:\Users\****\Desktop\English.pdf
[2011.04.21 17:29:53 | 000,067,059 | ---- | M] () -- C:\Users\****\Desktop\Vortrag 22-02-2011.pdf

========== Files Created - No Company Name ==========

[2011.05.18 16:52:03 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.17 22:02:10 | 007,130,631 | ---- | C] () -- C:\Users\****\Desktop\stinger10101573.exe
[2011.05.17 14:19:10 | 001,110,476 | ---- | C] () -- C:\Users\****\Desktop\7z920.exe
[2011.05.09 18:29:17 | 004,404,271 | ---- | C] () -- C:\Users\****\Desktop\Burnout.pdf.pdf
[2011.05.03 15:28:54 | 000,064,906 | ---- | C] () -- C:\Users\****\Desktop\Roundtable Programm_26.5.11.pdf
[2011.04.29 22:16:45 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.28 12:32:44 | 000,043,556 | ---- | C] () -- C:\Users\****\Desktop\English.pdf
[2011.04.21 17:29:53 | 000,067,059 | ---- | C] () -- C:\Users\****\Desktop\Vortrag 22-02-2011.pdf
[2011.02.27 16:27:17 | 000,007,625 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2010.05.18 18:24:59 | 000,000,083 | ---- | C] () -- C:\Users\****\AppData\Local\X-Plane Installer.prf
[2010.05.11 14:19:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.05.08 21:16:10 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2010.05.08 21:16:10 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2010.01.25 20:18:36 | 000,011,144 | ---- | C] () -- C:\Windows\System32\imsinstall_loc0407.dll
[2010.01.25 20:18:36 | 000,007,048 | ---- | C] () -- C:\Windows\System32\imslsp_install_loc0407.dll
[2009.12.31 00:49:42 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009.12.02 19:31:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.14 10:47:43 | 000,657,676 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,131,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,354,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,618,912 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.04.10 22:44:42 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat
[2008.12.18 05:38:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008.12.18 05:36:10 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.12.15 08:53:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.12.09 13:15:52 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2008.12.09 11:34:45 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2007.06.05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2011.04.03 14:17:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2010.05.11 12:24:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CheckPoint
[2009.04.10 22:45:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Template
[2011.04.27 10:34:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Verbindungsassistent
[2011.03.08 09:19:07 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.18 19:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

========== Purity Check ==========



< End of report >

Alt 18.05.2011, 21:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Zitat:
Auch Malwarebytes hat wohl nichts gefunden.
Wie oft hast du Malwarebytes scannen lassen? Bisher nur einmal insgesamt?
__________________

__________________

Alt 20.05.2011, 09:52   #3
HD1
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Hallo Arne,
vielen Dank für Deine schnelle Antwort.

Als ich meinen Beitrag eingestellt hatte, hatte ich den Rechner nur einmal mit Malwarebytes gescannt.

Deine Frage habe ich so verstanden, dass man es wohl mehrfach laufen lassen sollte; dies habe ich gestern getan: ich ließ Malwarebytes gestern 9 Mal laufen (damit habe ich es insgesamt 10 Mal prüfen lassen), zum einen mit "Vollständigem Suchlauf", zum anderen auch mit dem "Quick-Scan". Es gab keine Virus-Meldung.

Ich habe auch den McAfee Stinger-Scan mehrfach laufen lassen (mit "Medium"-Gründlichkeit und mit "Low"-Gründlichkeit). Dies gab die gleiche Meldung, dass er den Fakealert-Schädling gefunden habe.

Viele Grüße
HD1
__________________

Alt 20.05.2011, 09:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.02 18:16:48 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3cb4f275-63b0-11e0-9d4f-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{3cb4f275-63b0-11e0-9d4f-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{42f68a3b-b11f-11df-bdd3-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{42f68a3b-b11f-11df-bdd3-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{42f68a3e-b11f-11df-bdd3-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{42f68a3e-b11f-11df-bdd3-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{52db2506-0b7f-11e0-96a0-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{52db2506-0b7f-11e0-96a0-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6563c3ea-5d39-11df-bcb8-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{6563c3ea-5d39-11df-bcb8-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6563c3ef-5d39-11df-bcb8-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{6563c3ef-5d39-11df-bcb8-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{732d049d-5afd-11df-960c-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{732d049d-5afd-11df-960c-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{732d04a2-5afd-11df-960c-001f1613592d}\Shell - "" = AutoRun
O33 - MountPoints2\{732d04a2-5afd-11df-960c-001f1613592d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.05.2011, 10:30   #5
HD1
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOEXEC.BAT moved successfully.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cb4f275-63b0-11e0-9d4f-001f1613592d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cb4f275-63b0-11e0-9d4f-001f1613592d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cb4f275-63b0-11e0-9d4f-001f1613592d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cb4f275-63b0-11e0-9d4f-001f1613592d}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42f68a3b-b11f-11df-bdd3-001f1613592d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42f68a3b-b11f-11df-bdd3-001f1613592d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42f68a3b-b11f-11df-bdd3-001f1613592d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42f68a3b-b11f-11df-bdd3-001f1613592d}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42f68a3e-b11f-11df-bdd3-001f1613592d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42f68a3e-b11f-11df-bdd3-001f1613592d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42f68a3e-b11f-11df-bdd3-001f1613592d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42f68a3e-b11f-11df-bdd3-001f1613592d}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52db2506-0b7f-11e0-96a0-001f1613592d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52db2506-0b7f-11e0-96a0-001f1613592d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52db2506-0b7f-11e0-96a0-001f1613592d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52db2506-0b7f-11e0-96a0-001f1613592d}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6563c3ea-5d39-11df-bcb8-001f1613592d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6563c3ea-5d39-11df-bcb8-001f1613592d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6563c3ea-5d39-11df-bcb8-001f1613592d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6563c3ea-5d39-11df-bcb8-001f1613592d}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6563c3ef-5d39-11df-bcb8-001f1613592d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6563c3ef-5d39-11df-bcb8-001f1613592d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6563c3ef-5d39-11df-bcb8-001f1613592d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6563c3ef-5d39-11df-bcb8-001f1613592d}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{732d049d-5afd-11df-960c-001f1613592d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{732d049d-5afd-11df-960c-001f1613592d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{732d049d-5afd-11df-960c-001f1613592d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{732d049d-5afd-11df-960c-001f1613592d}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{732d04a2-5afd-11df-960c-001f1613592d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{732d04a2-5afd-11df-960c-001f1613592d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{732d04a2-5afd-11df-960c-001f1613592d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{732d04a2-5afd-11df-960c-001f1613592d}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05202011_112159

Files\Folders moved on Reboot...
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Viele Grüße
HD1


Alt 20.05.2011, 10:34   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Fakealert-REP Trojan

Alt 20.05.2011, 10:55   #7
HD1
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Ich konnte nach Durchführung des Tools problemlos auf meine Datein zugreifen.

Grundsätzlich speichere ich meine Dokumente/Dateien auf einer externen Festplatte.
Auch diese externe Festplatte habe ich von Stinger und Malwarebytes scannen lassen - dort hat Stinger aber nichts gefunden (auch Malwarebytes nicht).

Sollte ich trotzdem irgendwelche Aktionen mit der externen Festplatte durchführen oder wird dort kein Schädlingsbefall zu befürchten sein?

Viele Grüße
HD1

Anbei das Logfile:

2011/05/20 11:43:56.0478 2076 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/20 11:43:58.0479 2076 ================================================================================
2011/05/20 11:43:58.0479 2076 SystemInfo:
2011/05/20 11:43:58.0479 2076
2011/05/20 11:43:58.0480 2076 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/20 11:43:58.0480 2076 Product type: Workstation
2011/05/20 11:43:58.0480 2076 ComputerName: CHEF-PC
2011/05/20 11:43:58.0480 2076 UserName: Chef
2011/05/20 11:43:58.0480 2076 Windows directory: C:\Windows
2011/05/20 11:43:58.0480 2076 System windows directory: C:\Windows
2011/05/20 11:43:58.0480 2076 Processor architecture: Intel x86
2011/05/20 11:43:58.0480 2076 Number of processors: 2
2011/05/20 11:43:58.0480 2076 Page size: 0x1000
2011/05/20 11:43:58.0480 2076 Boot type: Normal boot
2011/05/20 11:43:58.0480 2076 ================================================================================
2011/05/20 11:43:59.0287 2076 Initialize success
2011/05/20 11:44:31.0047 4048 ================================================================================
2011/05/20 11:44:31.0047 4048 Scan started
2011/05/20 11:44:31.0047 4048 Mode: Manual;
2011/05/20 11:44:31.0047 4048 ================================================================================
2011/05/20 11:44:31.0768 4048 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/05/20 11:44:31.0849 4048 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/05/20 11:44:31.0928 4048 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/05/20 11:44:32.0008 4048 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/20 11:44:32.0079 4048 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/20 11:44:32.0137 4048 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/20 11:44:32.0244 4048 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/05/20 11:44:32.0289 4048 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/05/20 11:44:32.0344 4048 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/20 11:44:32.0410 4048 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/05/20 11:44:32.0446 4048 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/05/20 11:44:32.0481 4048 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/05/20 11:44:32.0534 4048 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/20 11:44:32.0585 4048 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/20 11:44:32.0658 4048 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/05/20 11:44:32.0715 4048 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/20 11:44:32.0754 4048 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/05/20 11:44:32.0893 4048 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/05/20 11:44:32.0985 4048 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/20 11:44:33.0026 4048 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/20 11:44:33.0084 4048 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/20 11:44:33.0145 4048 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/05/20 11:44:33.0296 4048 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/20 11:44:33.0376 4048 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/20 11:44:33.0416 4048 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/20 11:44:33.0481 4048 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/20 11:44:33.0546 4048 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/20 11:44:33.0623 4048 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/20 11:44:33.0678 4048 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/20 11:44:33.0733 4048 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/20 11:44:33.0766 4048 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/20 11:44:33.0807 4048 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/20 11:44:33.0864 4048 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/20 11:44:33.0928 4048 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/20 11:44:33.0969 4048 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/20 11:44:33.0995 4048 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/20 11:44:34.0023 4048 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/20 11:44:34.0136 4048 Cam5607 (bc46e036ad1fec3c56583d2802e68efe) C:\Windows\system32\Drivers\BisonC07.sys
2011/05/20 11:44:34.0229 4048 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/20 11:44:34.0306 4048 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/20 11:44:34.0353 4048 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/20 11:44:34.0411 4048 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/20 11:44:34.0462 4048 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/20 11:44:34.0509 4048 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/05/20 11:44:34.0547 4048 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/20 11:44:34.0600 4048 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/20 11:44:34.0663 4048 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/20 11:44:34.0717 4048 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/20 11:44:34.0817 4048 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/05/20 11:44:34.0863 4048 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/20 11:44:34.0909 4048 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/20 11:44:34.0976 4048 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/20 11:44:35.0047 4048 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/20 11:44:35.0179 4048 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/20 11:44:35.0357 4048 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/20 11:44:35.0424 4048 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/05/20 11:44:35.0484 4048 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/20 11:44:35.0527 4048 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/20 11:44:35.0579 4048 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/20 11:44:35.0620 4048 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/20 11:44:35.0651 4048 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/20 11:44:35.0683 4048 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/20 11:44:35.0730 4048 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/20 11:44:35.0778 4048 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/20 11:44:35.0812 4048 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/20 11:44:35.0866 4048 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/20 11:44:35.0910 4048 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/20 11:44:35.0945 4048 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/20 11:44:36.0013 4048 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/20 11:44:36.0060 4048 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/20 11:44:36.0091 4048 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/20 11:44:36.0142 4048 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/20 11:44:36.0210 4048 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/05/20 11:44:36.0288 4048 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/20 11:44:36.0350 4048 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/05/20 11:44:36.0439 4048 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/05/20 11:44:36.0483 4048 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/20 11:44:36.0545 4048 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/05/20 11:44:36.0625 4048 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/05/20 11:44:36.0714 4048 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/20 11:44:36.0851 4048 IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/20 11:44:36.0995 4048 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/05/20 11:44:37.0041 4048 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/20 11:44:37.0072 4048 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/20 11:44:37.0145 4048 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/20 11:44:37.0177 4048 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/20 11:44:37.0232 4048 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/20 11:44:37.0282 4048 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/05/20 11:44:37.0341 4048 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/05/20 11:44:37.0406 4048 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/05/20 11:44:37.0455 4048 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/05/20 11:44:37.0519 4048 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/20 11:44:37.0578 4048 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/20 11:44:37.0673 4048 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/20 11:44:37.0745 4048 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/20 11:44:37.0772 4048 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/20 11:44:37.0804 4048 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/20 11:44:37.0834 4048 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/20 11:44:37.0876 4048 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/20 11:44:37.0916 4048 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/20 11:44:37.0959 4048 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/20 11:44:37.0995 4048 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/20 11:44:38.0031 4048 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/20 11:44:38.0092 4048 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/05/20 11:44:38.0132 4048 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/20 11:44:38.0190 4048 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/20 11:44:38.0249 4048 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/05/20 11:44:38.0286 4048 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/20 11:44:38.0353 4048 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/05/20 11:44:38.0409 4048 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/20 11:44:38.0459 4048 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/20 11:44:38.0521 4048 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/20 11:44:38.0575 4048 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/05/20 11:44:38.0617 4048 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/05/20 11:44:38.0680 4048 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/20 11:44:38.0733 4048 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/20 11:44:38.0777 4048 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/05/20 11:44:38.0839 4048 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/20 11:44:38.0857 4048 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/20 11:44:38.0888 4048 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/20 11:44:38.0922 4048 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/20 11:44:38.0984 4048 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/05/20 11:44:39.0017 4048 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/20 11:44:39.0042 4048 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/20 11:44:39.0077 4048 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/20 11:44:39.0136 4048 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/20 11:44:39.0233 4048 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/05/20 11:44:39.0290 4048 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/20 11:44:39.0342 4048 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/20 11:44:39.0406 4048 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/20 11:44:39.0448 4048 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/20 11:44:39.0503 4048 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/05/20 11:44:39.0531 4048 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/20 11:44:39.0587 4048 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/20 11:44:39.0702 4048 netr28 (652881f65b35564575255a0e05e23c55) C:\Windows\system32\DRIVERS\netr28.sys
2011/05/20 11:44:39.0763 4048 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/20 11:44:39.0815 4048 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/20 11:44:39.0847 4048 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/20 11:44:39.0929 4048 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/05/20 11:44:40.0021 4048 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/20 11:44:40.0062 4048 NVHDA (8571011b62ce0207fa1dc95d88308f1d) C:\Windows\system32\drivers\nvhda32v.sys
2011/05/20 11:44:40.0384 4048 nvlddmkm (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/20 11:44:40.0887 4048 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/05/20 11:44:40.0931 4048 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/05/20 11:44:40.0987 4048 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/05/20 11:44:41.0042 4048 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/05/20 11:44:41.0119 4048 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/20 11:44:41.0165 4048 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/05/20 11:44:41.0195 4048 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/20 11:44:41.0230 4048 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/05/20 11:44:41.0268 4048 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/05/20 11:44:41.0303 4048 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/20 11:44:41.0339 4048 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/20 11:44:41.0370 4048 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/20 11:44:41.0486 4048 PhilCap (f433b5aa6dbac3c8626eefaf134e4763) C:\Windows\system32\DRIVERS\PhilCap.sys
2011/05/20 11:44:41.0598 4048 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/20 11:44:41.0633 4048 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/20 11:44:41.0712 4048 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/20 11:44:41.0775 4048 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/20 11:44:41.0862 4048 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/20 11:44:41.0902 4048 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/20 11:44:41.0945 4048 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/20 11:44:42.0011 4048 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/20 11:44:42.0045 4048 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/20 11:44:42.0093 4048 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/20 11:44:42.0135 4048 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/20 11:44:42.0198 4048 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/20 11:44:42.0250 4048 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/20 11:44:42.0297 4048 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/20 11:44:42.0346 4048 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/20 11:44:42.0380 4048 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/20 11:44:42.0438 4048 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/05/20 11:44:42.0516 4048 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/05/20 11:44:42.0599 4048 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/20 11:44:42.0680 4048 RTL8169 (2cc77c65216a8bb4677e637120d5731d) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/20 11:44:42.0712 4048 RTSTOR (4501c8fe11df3192fb68d0d595ea94cc) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/20 11:44:42.0784 4048 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/05/20 11:44:42.0834 4048 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/20 11:44:42.0881 4048 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/20 11:44:42.0931 4048 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/20 11:44:42.0976 4048 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/20 11:44:43.0025 4048 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/20 11:44:43.0094 4048 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/05/20 11:44:43.0119 4048 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/20 11:44:43.0144 4048 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/20 11:44:43.0168 4048 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/20 11:44:43.0236 4048 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/05/20 11:44:43.0290 4048 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/20 11:44:43.0313 4048 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/20 11:44:43.0364 4048 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/20 11:44:43.0424 4048 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/20 11:44:43.0498 4048 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/05/20 11:44:43.0556 4048 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/20 11:44:43.0623 4048 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/20 11:44:43.0682 4048 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/20 11:44:43.0721 4048 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/20 11:44:43.0776 4048 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/05/20 11:44:43.0858 4048 SynTP (cb01162bd6dd7b26d4cc6dcac780e39c) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/20 11:44:43.0990 4048 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/05/20 11:44:44.0064 4048 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/20 11:44:44.0129 4048 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/20 11:44:44.0190 4048 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/05/20 11:44:44.0216 4048 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/05/20 11:44:44.0269 4048 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/20 11:44:44.0316 4048 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/05/20 11:44:44.0414 4048 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/20 11:44:44.0469 4048 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/20 11:44:44.0538 4048 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/20 11:44:44.0598 4048 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/20 11:44:44.0658 4048 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/20 11:44:44.0742 4048 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/20 11:44:44.0802 4048 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/05/20 11:44:44.0846 4048 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/20 11:44:44.0914 4048 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/20 11:44:44.0987 4048 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/05/20 11:44:45.0031 4048 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
2011/05/20 11:44:45.0077 4048 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/20 11:44:45.0141 4048 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/05/20 11:44:45.0200 4048 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/20 11:44:45.0255 4048 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/20 11:44:45.0313 4048 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/20 11:44:45.0377 4048 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
2011/05/20 11:44:45.0451 4048 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/20 11:44:45.0526 4048 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/20 11:44:45.0588 4048 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/20 11:44:45.0637 4048 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/20 11:44:45.0684 4048 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/05/20 11:44:45.0728 4048 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/05/20 11:44:45.0755 4048 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/20 11:44:45.0782 4048 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/05/20 11:44:45.0826 4048 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/05/20 11:44:45.0859 4048 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/20 11:44:45.0889 4048 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/05/20 11:44:45.0940 4048 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/20 11:44:45.0979 4048 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/20 11:44:46.0006 4048 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/20 11:44:46.0049 4048 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/20 11:44:46.0105 4048 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/20 11:44:46.0123 4048 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/20 11:44:46.0214 4048 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/20 11:44:46.0250 4048 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/20 11:44:46.0326 4048 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/20 11:44:46.0357 4048 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/20 11:44:46.0459 4048 WINIO (602fc1b19d72745c95e535932e54b932) C:\Windows\system32\WinIo.sys
2011/05/20 11:44:46.0461 4048 Suspicious file (Forged): C:\Windows\system32\WinIo.sys. Real md5: 602fc1b19d72745c95e535932e54b932, Fake md5: c5e3a2ee25a3d86761af7971eaeac40c
2011/05/20 11:44:46.0470 4048 WINIO - detected ForgedFile.Multi.Generic (1)
2011/05/20 11:44:46.0558 4048 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/20 11:44:46.0607 4048 WmBEnum (6d2dddea4fa5113d823cdf063b087808) C:\Windows\system32\drivers\WmBEnum.sys
2011/05/20 11:44:46.0652 4048 WmFilter (3e06e5c310c5d37da5a87ead2d737c1b) C:\Windows\system32\drivers\WmFilter.sys
2011/05/20 11:44:46.0692 4048 WmHidLo (f7d2e428e3a4a153da7ba3b41ccce4d5) C:\Windows\system32\drivers\WmHidLo.sys
2011/05/20 11:44:46.0757 4048 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/20 11:44:46.0811 4048 WmVirHid (9e6326dd31d604745424dc269a780246) C:\Windows\system32\drivers\WmVirHid.sys
2011/05/20 11:44:46.0839 4048 WmXlCore (c606d1ebb30c72f6c15f850dc8c93880) C:\Windows\system32\drivers\WmXlCore.sys
2011/05/20 11:44:46.0904 4048 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/20 11:44:46.0993 4048 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/05/20 11:44:47.0057 4048 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/20 11:44:47.0170 4048 ================================================================================
2011/05/20 11:44:47.0170 4048 Scan finished
2011/05/20 11:44:47.0170 4048 ================================================================================
2011/05/20 11:44:47.0183 2420 Detected object count: 1
2011/05/20 11:46:48.0719 2420 ForgedFile.Multi.Generic(WINIO) - User select action: Skip

Alt 20.05.2011, 11:18   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.05.2011, 11:31   #9
HD1
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Bevor ich starte, eine Frage: Was könnten noch Hintergrundwächter sein? Ich habe lediglich Avira als Virenscanner permanent laufen. Gibt es da noch andere Programme, auf die ich achten soll, die da evtl. im Hintergrund laufen? (kann man wohl über den Task-Manager sehen, nicht wahr?)

Gruß
HD1

Alt 20.05.2011, 13:01   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Avira deaktivieren (Regenschirm schließen) reicht, ansonsten alle sichtbaren Programme schließen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.05.2011, 13:59   #11
HD1
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Habe den Combofix heruntergeladen. Beim Herunterladen konnte ich allerdings nicht die Namensänderung auf Cofix.exe vornehmen. Habe dies also über Explorer gemacht.
Hatte Avira und alle anderen Programme geschlossen.
Aufgrund einer Unachtsamkeit hatte ich cofi.exe über den Explorer als Administrator gestartet. Daraufhin gab es einen Blue Screen und Windows musste nach diesem Crash wieder gestartet werden. Es gab keinerlei Hinweise oder Optionen, die ich hätte anklicken können. Es gab auch keine Datei Combofix.txt.

Als mir mein Fehler auffiel, startete ich cofi.exe wieder - und zwar direkt vom Desktop. Aber auch hier gab es einen Blue Screen Crash, ohne jegliche Optionen oder Konsolen etc. Auch hiernach gab es keine Datei Combofix.txt

Habe ich da etwas falsch gemacht?

Viele Grüße
HD1

Alt 20.05.2011, 14:13   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Dann lassen wir CF erstmal weg.

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.05.2011, 15:23   #13
HD1
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Also - alles hat geklappt, auch das GMER (dieses erst im zweiten Anlauf). Hier sind die Logs.

Viele Grüße
HD1

GMER-Log:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-20 16:08:19
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: f6534psc.exe; Driver: C:\Users\Chef\AppData\Local\Temp\pwldqpob.sys


---- System - GMER 1.0.15 ----

SSDT            8EA531DB                                 ZwLoadDriver
SSDT            8EA531E0                                 ZwSetSystemInformation
SSDT            8EA5319F                                 ZwTerminateProcess
SSDT            8EA5319A                                 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13C1            82E75339 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2   82EAED52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313      82EB6008 4 Bytes  [DB, 31, A5, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 161F      82EB6314 4 Bytes  [E0, 31, A5, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F      82EB6364 4 Bytes  [9F, 31, A5, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 16E3      82EB63D8 4 Bytes  [9A, 31, A5, 8E]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000045        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3   rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                 fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

OSAM-Log
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 16:17:45 on 20.05.2011

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"pwldqpob" (pwldqpob) - ? - C:\Users\Chef\AppData\Local\Temp\pwldqpob.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"WINIO" (WINIO) - ? - C:\Windows\system32\WinIo.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites  (HTTP value)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Scanner Finder.lnk" - ? - C:\Program Files\ScanWizard 5\ScannerFinder.exe  (Shortcut exists | File exists)
"WISO Mein Sparbuch heute.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk  (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BsMnt" - ? - C:\Program Files\BisonCam\BsMnt.exe
"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"ISW" - ? - "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"  (File not found)
"MDS_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
"PDVD8LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe"
"Start WingMan Profiler" - "Logitech Inc." - C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"UpdatePDRShortCut" - "CyberLink Corp." - "C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\usnsvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"Reset Reader" (resetWinService) - ? - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe  (File found, but it contains no detailed information)
"WTGService" (WTGService) - ? - C:\Program Files\Verbindungsassistent\WTGService.exe  (File found, but it contains no detailed information)
"X10 Device Network Service" (x10nets) - "X10" - C:\Program Files\Common Files\X10\Common\X10nets.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index


MBRCheck Log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: MEDION
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: MEDION
System Product Name: P6613
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 201):
0x82E37000 \SystemRoot\system32\ntkrnlpa.exe
0x82E00000 \SystemRoot\system32\halmacpi.dll
0x80BB7000 \SystemRoot\system32\kdcom.dll
0x8AE13000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8AE98000 \SystemRoot\system32\PSHED.dll
0x8AEA9000 \SystemRoot\system32\BOOTVID.dll
0x8AEB1000 \SystemRoot\system32\CLFS.SYS
0x8AEF3000 \SystemRoot\system32\CI.dll
0x8B014000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B085000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B093000 \SystemRoot\system32\drivers\ACPI.sys
0x8B0DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8B0E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x8B0EC000 \SystemRoot\system32\drivers\pci.sys
0x8B116000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8B121000 \SystemRoot\System32\drivers\partmgr.sys
0x8B132000 \SystemRoot\system32\drivers\volmgr.sys
0x8B142000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B18D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B195000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B1A0000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B1B6000 \SystemRoot\system32\drivers\atapi.sys
0x8B1BF000 \SystemRoot\system32\drivers\ataport.SYS
0x8B1E2000 \SystemRoot\system32\drivers\msahci.sys
0x8B1EC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8B000000 \SystemRoot\system32\drivers\amdxata.sys
0x8AF9E000 \SystemRoot\system32\drivers\fltmgr.sys
0x8AFD2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B215000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B344000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B36F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B382000 \SystemRoot\System32\Drivers\cng.sys
0x8B3DF000 \SystemRoot\System32\drivers\pcw.sys
0x8B3ED000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B40A000 \SystemRoot\system32\drivers\ndis.sys
0x8B4C1000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B4FF000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B607000 \SystemRoot\System32\drivers\tcpip.sys
0x8B751000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B782000 \SystemRoot\system32\drivers\volsnap.sys
0x8B7C1000 \SystemRoot\System32\Drivers\spldr.sys
0x8B7C9000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B524000 \SystemRoot\System32\Drivers\mup.sys
0x8B7F6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B534000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B566000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B577000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B5CF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B600000 \SystemRoot\System32\Drivers\Null.SYS
0x8B5EE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B200000 \SystemRoot\System32\drivers\vga.sys
0x90E18000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90E39000 \SystemRoot\System32\drivers\watchdog.sys
0x90E46000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90E4E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90E56000 \SystemRoot\system32\drivers\rdprefmp.sys
0x90E5E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90E69000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90E77000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90E8E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90E9A000 \SystemRoot\system32\drivers\afd.sys
0x90EF4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90F26000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x90F2F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90F36000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90F55000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x90F66000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90F74000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90F87000 \SystemRoot\system32\drivers\termdd.sys
0x90F98000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90F9E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90FDF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90FE9000 \SystemRoot\system32\drivers\mssmbios.sys
0x90FF3000 \SystemRoot\System32\drivers\discache.sys
0x90E00000 \SystemRoot\System32\Drivers\dfsc.sys
0x8AFE3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9120C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91232000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x91255000 \SystemRoot\system32\drivers\wmiacpi.sys
0x92420000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x92F1A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x92F1C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x92F46000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9125E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92400000 \SystemRoot\system32\drivers\usbuhci.sys
0x91297000 \SystemRoot\system32\drivers\USBPORT.SYS
0x9240B000 \SystemRoot\system32\drivers\usbehci.sys
0x912E2000 \SystemRoot\system32\drivers\HDAudBus.sys
0x91301000 \SystemRoot\system32\DRIVERS\netr28.sys
0x9138A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x91394000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x9241A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x913B8000 \SystemRoot\system32\drivers\i8042prt.sys
0x913D0000 \SystemRoot\system32\drivers\kbdclass.sys
0x91A1A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x91A4A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91A4C000 \SystemRoot\system32\drivers\mouclass.sys
0x91A59000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91A6B000 \SystemRoot\system32\drivers\CompositeBus.sys
0x91A78000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91A8A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91AA2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91AAD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91ACF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91AE7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91AFE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91B15000 \SystemRoot\system32\drivers\swenum.sys
0x91B17000 \SystemRoot\system32\drivers\ks.sys
0x91B4B000 \SystemRoot\system32\drivers\WmBEnum.sys
0x91B4F000 \SystemRoot\system32\drivers\WmXlCore.sys
0x91B5E000 \SystemRoot\system32\drivers\umbus.sys
0x91B6C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91BB0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x98000000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x98220000 \SystemRoot\system32\drivers\portcls.sys
0x9824F000 \SystemRoot\system32\drivers\drmk.sys
0x98268000 \SystemRoot\system32\drivers\nvhda32v.sys
0x99790000 \SystemRoot\System32\win32k.sys
0x9827B000 \SystemRoot\System32\drivers\Dxapi.sys
0x98285000 \SystemRoot\System32\Drivers\crashdmp.sys
0x98292000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9829D000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x982A7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x982B8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x999F0000 \SystemRoot\System32\TSDDD.dll
0x99620000 \SystemRoot\System32\cdd.dll
0x982C3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x982DA000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0x982F3000 \SystemRoot\system32\drivers\modem.sys
0x98300000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x98317000 \SystemRoot\system32\drivers\luafv.sys
0x98332000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x98347000 \SystemRoot\system32\drivers\WudfPf.sys
0x98361000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x98374000 \SystemRoot\system32\drivers\hidusb.sys
0x9837F000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x98392000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x82203000 \SystemRoot\System32\Drivers\BisonC07.sys
0x82367000 \SystemRoot\System32\Drivers\STREAM.SYS
0x82375000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x82380000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x82390000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x823D6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x823E6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C430000 \SystemRoot\system32\drivers\HTTP.sys
0x9C4B5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9C4CB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C4E4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C4F6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C519000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C554000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9FE2B000 \SystemRoot\system32\drivers\peauth.sys
0x9FEC2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9FECC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9FEED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9FEFA000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9FF4A000 \SystemRoot\System32\DRIVERS\srv.sys
0x9FF9C000 \SystemRoot\system32\drivers\WmVirHid.sys
0x9FF9F000 \SystemRoot\system32\drivers\kbdhid.sys
0x9FFCC000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9FFD5000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x9FFE0000 \??\C:\Users\Chef\AppData\Local\Temp\pwldqpob.sys
0x77D30000 \Windows\System32\ntdll.dll
0x47A80000 \Windows\System32\smss.exe
0x77F70000 \Windows\System32\apisetschema.dll
0x00C80000 \Windows\System32\autochk.exe
0x77B30000 \Windows\System32\iertutil.dll
0x779D0000 \Windows\System32\ole32.dll
0x77E90000 \Windows\System32\user32.dll
0x77980000 \Windows\System32\gdi32.dll
0x77920000 \Windows\System32\shlwapi.dll
0x77840000 \Windows\System32\kernel32.dll
0x77740000 \Windows\System32\wininet.dll
0x776B0000 \Windows\System32\oleaut32.dll
0x77610000 \Windows\System32\usp10.dll
0x77560000 \Windows\System32\msvcrt.dll
0x77E70000 \Windows\System32\imm32.dll
0x774B0000 \Windows\System32\rpcrt4.dll
0x774A0000 \Windows\System32\nsi.dll
0x77460000 \Windows\System32\ws2_32.dll
0x772C0000 \Windows\System32\setupapi.dll
0x77180000 \Windows\System32\urlmon.dll
0x77170000 \Windows\System32\psapi.dll
0x76520000 \Windows\System32\shell32.dll
0x76510000 \Windows\System32\normaliz.dll
0x76490000 \Windows\System32\comdlg32.dll
0x763F0000 \Windows\System32\advapi32.dll
0x76360000 \Windows\System32\clbcatq.dll
0x76340000 \Windows\System32\sechost.dll
0x762F0000 \Windows\System32\Wldap32.dll
0x76220000 \Windows\System32\msctf.dll
0x761C0000 \Windows\System32\difxapi.dll
0x761B0000 \Windows\System32\lpk.dll
0x76180000 \Windows\System32\imagehlp.dll
0x760F0000 \Windows\System32\comctl32.dll
0x760C0000 \Windows\System32\cfgmgr32.dll
0x760A0000 \Windows\System32\devobj.dll
0x75F80000 \Windows\System32\crypt32.dll
0x75F50000 \Windows\System32\wintrust.dll
0x75F00000 \Windows\System32\KernelBase.dll
0x75EF0000 \Windows\System32\msasn1.dll

Processes (total 65):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
396 csrss.exe
456 C:\Windows\System32\wininit.exe
464 csrss.exe
512 C:\Windows\System32\services.exe
560 C:\Windows\System32\lsass.exe
568 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\winlogon.exe
800 C:\Windows\System32\nvvsvc.exe
840 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1340 C:\Windows\System32\nvvsvc.exe
1472 C:\Windows\System32\spoolsv.exe
1508 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1528 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1552 C:\Windows\System32\svchost.exe
1700 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1708 C:\Windows\System32\conhost.exe
1852 C:\Windows\System32\taskhost.exe
1908 C:\Windows\System32\dwm.exe
1940 C:\Windows\explorer.exe
1208 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
1372 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
1760 C:\Windows\System32\svchost.exe
2040 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
1828 C:\Windows\System32\IoctlSvc.exe
1808 C:\Windows\System32\PSIService.exe
1748 C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
2224 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2264 C:\Windows\System32\svchost.exe
2320 C:\Program Files\Verbindungsassistent\WTGService.exe
2364 C:\Program Files\Common Files\X10\Common\X10nets.exe
3260 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3320 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3380 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3412 C:\Program Files\BisonCam\BsMnt.exe
3748 C:\Windows\WindowsMobile\wmdc.exe
3804 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3844 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
3940 C:\Program Files\Windows Sidebar\sidebar.exe
3976 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
4020 C:\Program Files\ScanWizard 5\ScannerFinder.exe
2112 C:\Windows\System32\svchost.exe
2128 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2576 C:\Windows\System32\SearchIndexer.exe
1580 C:\Windows\System32\svchost.exe
4084 C:\Users\Chef\Desktop\f6534psc.exe
2592 C:\Program Files\Mozilla Firefox\firefox.exe
3952 C:\Program Files\Verbindungsassistent\Verbindungsassistent.exe
3388 C:\Program Files\Mozilla Firefox\plugin-container.exe
2068 C:\Windows\System32\audiodg.exe
2900 C:\Users\Chef\Desktop\osam_autorun_manager_5_0_portable\osam.exe
1292 MpCmdRun.exe
2424 <unknown>
3376 <unknown>
1312 C:\Users\Chef\Desktop\MBRCheck.exe
3756 C:\Windows\System32\conhost.exe
300 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000045`851b1a00 (FAT32)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Alt 20.05.2011, 15:39   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.05.2011, 15:50   #15
HD1
 
Fakealert-REP Trojan - Standard

Fakealert-REP Trojan



Zwei Fragen:

Soll ich auch einen Check mit McAfee Stinger durchführen lassen?
(der hatte den Schädling als einziger gemeldet, Malwarebytes hatte ja nichts gefunden)

Soll Malwarebytes als Quick Scan oder als Vollständiger Suchlauf betrieben werden?

Viele Grüße
HD1

Antwort

Themen zu Fakealert-REP Trojan
.dll, antivir, autorun, avira, bho, canon, checkpoint, defender, error, excel.exe, explorer, fakealert, fakealert!fakealert-rep trojan, fakealert-rep trojan, fakealert-rep virus, firefox, format, helper, home, logfile, mozilla, nvidia, nvlddmkm.sys, oldtimer, plug-in, realtek, registry, scan, sched.exe, schädling, searchplugins, senden, software, start menu, stinger fakealert, system, taskhost.exe, trojan, usb, usb 2.0, virus/trojaner, webcheck, windows




Ähnliche Themen: Fakealert-REP Trojan


  1. Trojan.Dropper & Trojan.FakeAlert & Trojan.Downloader
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (17)
  2. Trojan.Phex.THAGen6, RootKit.0Access, Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (29)
  3. Trojan.FakeAlert
    Log-Analyse und Auswertung - 05.01.2012 (26)
  4. Trojan.FakeAlert in Registry gefunden
    Log-Analyse und Auswertung - 18.10.2011 (1)
  5. Wie entferne ich Trojan.Banker, Trojan.FakeAlert? C ist (angeblich) leer
    Log-Analyse und Auswertung - 10.10.2011 (5)
  6. FakeAlert! gbr Trojan!
    Plagegeister aller Art und deren Bekämpfung - 10.06.2011 (1)
  7. Fakealert-REP Trojan
    Log-Analyse und Auswertung - 05.06.2011 (36)
  8. 'TR/Kazy.21048.8' ; Trojan.FakeAlert
    Log-Analyse und Auswertung - 02.05.2011 (13)
  9. Trojan.FakeAlert / OTL Log / Festenplattenfehler HILFE!!!
    Log-Analyse und Auswertung - 23.04.2011 (3)
  10. Dateien weg nach Trojan.FakeAlert
    Plagegeister aller Art und deren Bekämpfung - 19.04.2011 (1)
  11. Trojan.FakeAlert entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.09.2010 (8)
  12. Malewarebytes meldet 2 verschiedene Trojaner (Trojan.Downloader und Trojan.FakeAlert)
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (0)
  13. Trojan Fraudpack, Trojan.Fakealert und tr/renos.ewc.11
    Plagegeister aller Art und deren Bekämpfung - 19.06.2010 (11)
  14. iebho.dll (Trojan.FakeAlert, Trojan.BHO.H) lassen sich nicht entfernen
    Log-Analyse und Auswertung - 06.03.2010 (17)
  15. Hilfe!! Trojan.FakeAlert.AQE
    Plagegeister aller Art und deren Bekämpfung - 24.02.2009 (0)
  16. Trojan.FakeAlert und Trojan.Downloader
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (3)
  17. Funktionsweise von Trojan.FakeAlert
    Diskussionsforum - 20.09.2008 (7)

Zum Thema Fakealert-REP Trojan - Hallo allerseits, gestern habe ich erstmals meinen Laptop mit dem McAfee Labs Stinger durchsuchen lassen und bekam diese Meldung: McAfee(r) Labs Stinger(tm) Version 10.1.0.1573 built on May 13 2011 Copyright - Fakealert-REP Trojan...
Archiv
Du betrachtest: Fakealert-REP Trojan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.