| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.AWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.05.2011, 21:09
| #1 |
 |  Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Hallo an alle, bin durch Zufall und Google hier im Forum gelandet und nach mehreren Stunden lesen und überlegen mich entschieden nach Hilfe zu fragen. Für Schreibfehler entschuldige ich mich gleich - Deutsch ist nicht meine Muttersprache. Am Donnerstag, 19.05., nach 14 Uhr habe ich beim Versuch mich für Onlinebanking anzumelden zum 1. Mal diese "Mitteilung der Bank" über Abschaffung von iTans gesehen. Das Fenster lies sich nicht schließen, alt+F4 hat auch den IE geschlossen - also habe ich beim 2. Versuch auf "Bestätigen" geklickt. Die Bank-Seite war wieder frei und ich habe die Login-Daten eingegeben und Enter. Es passierte nichts. Da ahnte ich schon böses... Bin schnell zu anderen Bank wo ich ein anderes Konto habe - da kam die selbe "Mitteilung"! Erst Mal von anderem PC nachgesehen - da gibt es diese "Mitteilung" nicht - eingeloggt, Passwort geändert. Nun versuche ich seit dem das "Ding" zu beseitigen. Zu erst mit Avira GmbH telefoniert, mehrmals hin und her gemailt - letzte Email am Freitag, die konnten nichts in meinen zugeschickten Berichten finden... Am Wochenende war Pause (Büro-PC). Heute hat Avira gemeldet: ------------------------------------ Beginne mit der Suche in 'C:\' C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-4f3badaf [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.A Beginne mit der Suche in 'D:\' <HP_RECOVERY> Beginne mit der Desinfektion: C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-4f3badaf [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.A [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b53b2c5.qua' verschoben! Ende des Suchlaufs: Montag, 23. Mai 2011 10:09 Benötigte Zeit: 1:53:38 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 26081 Verzeichnisse wurden überprüft 741470 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 741469 Dateien ohne Befall 12651 Archive wurden durchsucht 0 Warnungen 1 Hinweise --------------------------------- Das Problem wurde erkannt, dachte ich, und eigentlich auch beseitigt... Beim Versuch Onlinebanking zu starten war meine "Mitteilung" wieder da. Avira hat nichts mehr gefunden, nur Versteckte Dateien... die ich dann entfernt habe... "Mitteilung" war immer noch da... In meiner Panik (hatte noch nie solche Probleme und eigentlich kein Wissen über Viren usw.) googelte ich die Datei, die Avira im Bericht meldete und bin hier gelandet. Bevor ich mich getraut habe hier zu schreiben lies ich die Malware drüberlaufen. Die meldete SpyEyes. Die Dateien habe ich entfernen lassen. Nun ist grade OTL fertig. Die Berichte kommen gleich unten. Ich hoffe, dass mir jemand helfen kann... Auf dem PC ist Vista, habe alles als Administrator gemacht... Ich danke euch schon mal für Rückmeldungen. Mara Bericht von Malware: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6654
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
23.05.2011 21:03:00
mbam-log-2011-05-23 (21-03-00).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 390525
Laufzeit: 1 Stunde(n), 50 Minute(n), 10 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Hier das OTL-Bericht: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.05.2011 21:23:52 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,53% Memory free
4,23 Gb Paging File | 3,14 Gb Available in Paging File | 74,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,35 Gb Total Space | 133,30 Gb Free Space | 59,15% Space Free | Partition Type: NTFS
Drive D: | 7,54 Gb Total Space | 2,28 Gb Free Space | 30,22% Space Free | Partition Type: NTFS
Computer Name: MEIN_ARBEITS-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B213619-CE8F-4769-981F-C602F1FA58EB}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{222DF65F-E7C6-4DFA-B8B4-6FF4D3513D16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BA8692D-FCB0-4DD3-A2E0-19E231DC7732}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DD66591-E4C3-45A6-8114-F0688DF5CD75}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8E806442-76A0-4199-862F-1261E0FEE5D4}" = rport=2869 | protocol=6 | dir=out | app=system |
"{ADA66A25-BD3C-4734-9531-05BD65CA0104}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF57D778-2E2A-43FD-98EC-23128180FE33}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C26CEB2A-D5B7-41F2-9CF6-B2B7413DC65B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5044150-AB36-489C-85C3-579AE78442C3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EB6EB3E0-DF7A-452B-965A-548971C6A386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05740BE2-72EF-429B-9E5D-2B6FEECA0B28}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{05BDDA5F-4286-4DFC-B442-95E340ADA878}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15D85CC1-2407-4CF1-8F96-8E3B4C0687BD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{1E1D50FC-DCF2-429D-A9B7-6FD1CC095E45}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{2AEB939F-DC9E-425B-B29C-7A7B0144D948}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{3A3033BD-311B-4A6D-B13A-2A1C14052CA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3AABD80B-337E-4F0D-813A-D7118F789BD3}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{7D100A2B-EE9A-4E0D-9449-BE494A610CB4}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EBDCEDB-3F52-4967-B9F1-635E2B4F366B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{9B486095-BC92-4574-8323-607CCD4C9829}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A6790671-C896-495F-A8E2-A9952EFD431E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{BBA335CC-8665-4CE1-817C-B1C03046ABB6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D243203B-5D8C-4C0D-B3EA-33E9AD6724DC}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{D6474DB5-D9D6-4C6C-A792-D437B5D34A49}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{024EF36A-1C3A-4696-B02A-AF653F21C521}C:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe" = protocol=6 | dir=in | app=c:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe |
"TCP Query User{141D4B11-5DAB-48BC-AFE0-57B4DD0E33D8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{5F589320-FB3D-42D0-95D9-548E7701E5B0}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{66398D10-38ED-4F09-B030-8175FB1F8C31}E:\pmsdview.exe" = protocol=6 | dir=in | app=e:\pmsdview.exe |
"TCP Query User{9FDE60BB-6864-4AC7-A896-6414090F5C2A}C:\sierra\emperordadrdm\emperor.exe" = protocol=6 | dir=in | app=c:\sierra\emperordadrdm\emperor.exe |
"TCP Query User{BEE76208-6068-4AC7-B3A2-FC902AB8CD19}C:\program files\ftp commander\ftpcomm.exe" = protocol=6 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |
"UDP Query User{34650647-07EF-4C0D-BB05-041D23F83BA0}E:\pmsdview.exe" = protocol=17 | dir=in | app=e:\pmsdview.exe |
"UDP Query User{64B4F7C1-E613-4396-AD4B-6DE5FDC272D1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{66A61FD5-9C66-4B17-9397-F56EBFA7FC2A}C:\program files\ftp commander\ftpcomm.exe" = protocol=17 | dir=in | app=c:\program files\ftp commander\ftpcomm.exe |
"UDP Query User{CAABA174-6924-4140-B08F-F319C48FC2C8}C:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe" = protocol=17 | dir=in | app=c:\users\xxx\desktop\aufgeraeumt\sendetool-vcn.exe |
"UDP Query User{D0639038-EFD6-4DB9-8979-744F829E020C}C:\sierra\emperordadrdm\emperor.exe" = protocol=17 | dir=in | app=c:\sierra\emperordadrdm\emperor.exe |
"UDP Query User{E5862B83-A126-4542-8700-E190AEE17D8F}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5AB56552-6938-4686-9F87-DB0ED8D1E06B}" = HP User Guides 0056
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7E75BB0E-21CD-42C5-9F8C-1C3A7C10E1F5}" = HotSpot Manager
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = DER ERSTE KAISER: Aufstieg des Reichs der Mitte
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9FA7A537-E6F6-4A6E-95B9-E4152756132D}" = hppCM1410LaserJetService
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABE44D1-0B72-4C6B-9778-20B2317F8064}" = hpzTLBXFX
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B76A76EB-BCCA-4625-9C4C-1FFAE19E4772}" = ESU for Microsoft Vista
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DA5576B5-EF2A-4E3A-8763-FCA8BA84DA00}" = hppTLBXFXCM1410
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digital Camera Driver" = Digital Camera Driver
"EasyCash&Tax_is1" = EasyCash&Tax 1.52
"ECTPlugAnlagenverzeichnis_is1" = ECTPlugAnlagenverzeichnis 1.3
"ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular für Privatanwender und Unternehmer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESP1400_1410 Ben.handbuch" = ESP1400_1410 Ben.handbuch
"Farm Frenzy 3" = Farm Frenzy 3
"FreePDF_XP" = FreePDF XP (Remove only)
"FTP Commander" = FTP Commander
"Herrscher des Olymp - Zeus" = Herrscher des Olymp - Zeus
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"My Nail & Cosmetic Studio" = My Nail & Cosmetic Studio
"Netzmanager" = Netzmanager
"NVIDIA Drivers" = NVIDIA Drivers
"phase5" = phase5
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung SF-370_CF-370 Series" = Samsung SF-370_CF-370 Series
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VideoLAN" = VideoLAN VLC media player 0.7.0
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.05.2011 04:18:58 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.05.2011 10:34:11 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.05.2011 12:33:27 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19048 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 12b8 Anfangszeit: 01cc16409e2d488f Zeitpunkt
der Beendigung: 16
Error - 20.05.2011 01:59:44 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2011 01:48:41 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2011 04:24:51 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2011 07:23:39 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.05.2011 08:50:35 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: df4 Anfangszeit: 01cc1947489aa0f7 Zeitpunkt
der Beendigung: 0
Error - 23.05.2011 08:52:29 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 11d4 Anfangszeit: 01cc1948015b1397 Zeitpunkt
der Beendigung: 63
Error - 23.05.2011 10:48:44 | Computer Name = Mein_Arbeits-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 10a4 Anfangszeit: 01cc194baf0ada97 Zeitpunkt
der Beendigung: 78
[ Media Center Events ]
Error - 10.06.2008 03:22:29 | Computer Name = Mein_Arbeits-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
[ System Events ]
Error - 23.05.2011 08:33:01 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.05.2011 15:06:40 | Computer Name = Mein_Arbeits-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 23.05.2011 15:08:04 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.05.2011 15:08:04 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.05.2011 15:08:04 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23.05.2011 15:08:09 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 23.05.2011 15:08:10 | Computer Name = Mein_Arbeits-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.05.2011 15:08:14 | Computer Name = Mein_Arbeits-PC | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
Error - 23.05.2011 15:08:14 | Computer Name = Mein_Arbeits-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 169.254.101.16 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
Error - 23.05.2011 15:08:28 | Computer Name = Mein_Arbeits-PC | Source = ipnathlp | ID = 30013
Description = Die DHCP-Zuweisung wurde für IP-Adresse 192.168.2.101 deaktiviert,
da die IP-Adresse außerhalb des Bereichs 192.168.0.0/255.255.255.0 liegt, von der
die Adressen DHCP-Clients zu gewiesen werden. Ändern Sie den Bereich, sodass die
IP-Adresse mit einbezogen wird, oder ändern Sie die IP-Adresse, sodass sie innerhalb
dieses Bereichs liegt, um die DHCP-Zuweisung zu aktivieren.
< End of report >
und das zweite: OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2011 21:23:52 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Tamara\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,53% Memory free 4,23 Gb Paging File | 3,14 Gb Available in Paging File | 74,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 225,35 Gb Total Space | 133,30 Gb Free Space | 59,15% Space Free | Partition Type: NTFS Drive D: | 7,54 Gb Total Space | 2,28 Gb Free Space | 30,22% Space Free | Partition Type: NTFS Computer Name: MEIN_ARBEITS-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.23 21:18:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe PRC - [2011.05.20 07:16:28 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011.04.27 09:01:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.16 12:27:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.09 09:02:37 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe PRC - [2011.03.08 12:03:07 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2010.11.30 19:19:36 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2010.11.30 19:19:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.04.16 11:32:48 | 000,058,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe PRC - [2010.04.12 09:13:08 | 000,142,336 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.04.28 06:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2007.06.26 21:27:46 | 000,312,320 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2007.05.04 13:14:04 | 000,036,864 | ---- | M] ( ) -- C:\Program Files\HP\HP UT\bin\hppusg.exe PRC - [2007.04.24 03:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.07.04 06:00:00 | 000,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBUE.EXE ========== Modules (SafeList) ========== MOD - [2011.05.23 21:18:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Automatisches LiveUpdate - Scheduler) SRV - [2011.04.27 09:01:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.16 12:27:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.08 12:03:07 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2010.11.30 19:19:36 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2010.04.12 09:13:08 | 000,142,336 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2009.05.04 13:16:49 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.01.29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 09:34:43 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC) SRV - [2007.04.24 03:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2007.04.24 03:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2007.01.09 23:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2006.11.02 14:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip) ========== Driver Services (SafeList) ========== DRV - [2011.03.16 12:27:21 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.06.17 15:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2007.12.10 16:59:21 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM) DRV - [2007.07.09 04:57:00 | 007,140,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.04.12 04:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007.03.07 06:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.02.24 16:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.17 01:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.01.23 19:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.01.23 18:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.30 19:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006.11.28 18:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.24 04:34:47 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2006.11.24 04:34:46 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2006.06.28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.04.05 09:58:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.09 14:33:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 14:33:34 | 000,000,000 | ---D | M] [2008.12.01 15:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2011.05.19 14:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions [2010.06.03 19:41:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.20 17:43:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.04.08 11:05:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\1rbesmy0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.12.13 10:22:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.06.15 08:29:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.03 08:20:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.13 10:22:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2008.08.05 18:24:26 | 000,000,000 | ---D | M] (Google Settings) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com [2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.12.22 05:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.22 05:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.22 05:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.22 05:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.22 05:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( ) O4 - HKLM..\Run: [NapsterShell] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBUE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [msnmsgr] File not found O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\Shell - "" = AutoRun O33 - MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\Shell - "" = AutoRun O33 - MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\Shell - "" = AutoRun O33 - MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\Shell - "" = AutoRun O33 - MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\Shell - "" = AutoRun O33 - MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\Shell - "" = AutoRun O33 - MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\Shell - "" = AutoRun O33 - MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c94e833a-c5a7-11dc-9a3e-001b24dad16c}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.23 21:18:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2011.05.23 16:29:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2011.05.23 16:29:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.23 16:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.23 16:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.23 16:29:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.23 16:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.05.23 13:50:45 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.05.23 13:50:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.05.23 13:50:44 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.05.23 13:50:44 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.05.23 13:50:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.05.23 13:50:44 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.05.23 13:50:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.05.23 13:50:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.05.23 13:50:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.05.23 13:50:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.05.23 13:50:43 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.23 13:50:43 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.05.23 13:50:43 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.05.23 13:50:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.05.23 13:50:43 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.05.23 13:50:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.05.23 13:50:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.05.23 13:50:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.05.23 13:50:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.05.23 13:50:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.05.23 13:50:42 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.23 13:50:42 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.05.23 13:50:42 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.05.23 13:50:42 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.05.23 13:50:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.05.23 13:50:42 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.05.23 13:50:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.05.23 13:50:41 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.05.23 13:50:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.05.23 13:50:41 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.05.23 13:50:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.05.23 13:50:41 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.05.23 13:50:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.23 13:50:41 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.05.23 13:50:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.05.23 13:50:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.05.23 13:50:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.05.23 13:50:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.05.23 13:50:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.05.23 13:49:06 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.05.23 13:49:06 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.05.23 13:49:06 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.05.23 13:49:06 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.05.23 13:49:06 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.05.23 13:49:06 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.05.23 13:49:05 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.05.23 13:49:04 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.05.23 13:49:04 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.05.23 13:49:04 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.05.23 13:49:03 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.05.23 13:49:03 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.05.23 13:49:03 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.05.23 13:49:03 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.05.23 13:49:03 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.05.23 13:49:03 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.05.23 13:49:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.05.23 13:49:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.05.23 13:49:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.05.23 13:49:02 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.05.23 13:49:02 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.05.23 13:49:02 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.05.23 13:46:52 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011.05.23 13:46:52 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011.05.23 13:46:52 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2011.05.23 13:46:52 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011.05.23 13:46:51 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011.05.23 13:46:51 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011.05.23 13:41:40 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2011.05.23 13:41:39 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.05.23 13:41:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.05.23 13:41:36 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2011.05.23 13:41:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.05.23 13:41:18 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2011.05.23 13:40:12 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe [2011.05.23 08:07:10 | 003,663,960 | ---- | C] (TeamViewer GmbH) -- C:\Users\xxx\Desktop\customermodule_avira_support_de.exe [2011.05.20 14:35:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.09 14:35:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.23 21:26:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.23 21:25:50 | 007,340,032 | -HS- | M] () -- C:\Users\xxx\ntuser.dat [2011.05.23 21:18:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2011.05.23 21:09:25 | 000,054,318 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.001 [2011.05.23 21:09:16 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2011.05.23 21:08:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.23 21:06:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.05.23 21:06:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.23 21:06:36 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.23 21:06:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2011.05.23 21:06:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.23 21:04:41 | 000,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.05.23 21:04:41 | 000,065,536 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2011.05.23 21:04:36 | 004,631,770 | -H-- | M] () -- C:\Users\xxx\AppData\Local\IconCache.db [2011.05.23 16:29:06 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.23 14:24:51 | 000,194,304 | ---- | M] () -- C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT [2011.05.23 14:20:02 | 001,630,778 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2011.05.23 14:20:02 | 000,701,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.23 14:20:02 | 000,656,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.23 14:20:02 | 000,153,002 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.23 14:20:02 | 000,125,776 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.23 14:13:36 | 000,896,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.23 13:50:55 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.05.23 13:50:55 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.05.23 13:50:45 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.05.23 13:50:44 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.05.23 13:50:44 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.05.23 13:50:44 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.05.23 13:50:44 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.05.23 13:50:44 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.05.23 13:50:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.05.23 13:50:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.05.23 13:50:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.05.23 13:50:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.05.23 13:50:43 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.05.23 13:50:43 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.05.23 13:50:43 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.05.23 13:50:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.05.23 13:50:43 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.05.23 13:50:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.05.23 13:50:43 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.05.23 13:50:43 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.05.23 13:50:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.05.23 13:50:42 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.05.23 13:50:42 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.05.23 13:50:42 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.05.23 13:50:42 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.05.23 13:50:42 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.05.23 13:50:42 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.05.23 13:50:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.05.23 13:50:42 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.05.23 13:50:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.05.23 13:50:41 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.05.23 13:50:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.05.23 13:50:41 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.05.23 13:50:41 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.05.23 13:50:41 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.05.23 13:50:41 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.05.23 13:50:41 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.05.23 13:50:41 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.05.23 13:50:41 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.05.23 13:50:41 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.05.23 13:50:41 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.05.23 13:50:41 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.05.23 13:49:06 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2011.05.23 13:49:06 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2011.05.23 13:49:06 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2011.05.23 13:49:06 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2011.05.23 13:49:06 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2011.05.23 13:49:06 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2011.05.23 13:49:05 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2011.05.23 13:49:04 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2011.05.23 13:49:04 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2011.05.23 13:49:04 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2011.05.23 13:49:03 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2011.05.23 13:49:03 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2011.05.23 13:49:03 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2011.05.23 13:49:03 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2011.05.23 13:49:03 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2011.05.23 13:49:03 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2011.05.23 13:49:03 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.05.23 13:49:03 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2011.05.23 13:49:03 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2011.05.23 13:49:02 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2011.05.23 13:49:02 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.05.23 13:49:02 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2011.05.23 13:46:52 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2011.05.23 13:46:52 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2011.05.23 13:46:52 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2011.05.23 13:46:52 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2011.05.23 13:46:52 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2011.05.23 13:46:51 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2011.05.23 13:46:51 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2011.05.23 08:07:18 | 003,663,960 | ---- | M] (TeamViewer GmbH) -- C:\Users\xxx\Desktop\customermodule_avira_support_de.exe [2011.05.23 07:57:02 | 000,240,128 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.18 15:37:11 | 000,001,152 | ---- | M] () -- C:\Users\xxx\Desktop\Ticker.html [2011.05.10 13:36:16 | 000,013,877 | ---- | M] () -- C:\Users\xxx\Desktop\Kurz-mal-weg-de.ods [2011.05.09 11:06:45 | 012,552,815 | ---- | M] () -- C:\Users\xxx\Desktop\Ohne Titel-1.psd [2011.05.09 07:56:47 | 000,000,259 | ---- | M] () -- C:\Windows\win.ini [2011.05.05 09:23:28 | 000,054,318 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat [2011.05.02 12:05:45 | 230,991,984 | ---- | M] () -- C:\Windows\MEMORY.DMP [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.23 16:29:06 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.23 13:50:43 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.05.10 13:36:14 | 000,013,877 | ---- | C] () -- C:\Users\xxx\Desktop\Kurz-mal-weg-de.ods [2011.05.05 14:06:11 | 012,552,815 | ---- | C] () -- C:\Users\xxx\Desktop\Ohne Titel-1.psd [2011.03.30 20:22:05 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2011.03.30 20:22:05 | 000,000,250 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini [2010.12.13 19:19:44 | 004,631,770 | -H-- | C] () -- C:\Users\xxx\AppData\Local\IconCache.db [2009.09.16 13:30:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.16 13:30:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.16 13:29:50 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll [2009.09.16 13:29:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.09.16 11:44:52 | 000,003,235 | ---- | C] () -- C:\Windows\System32\hptcpmon.ini [2009.04.13 14:42:37 | 000,000,094 | ---- | C] () -- C:\Users\xxx\AppData\Local\fusioncache.dat [2009.02.14 22:46:23 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2009.02.14 22:46:23 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2009.02.09 19:52:19 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009.02.09 19:52:19 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009.02.09 19:52:19 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009.02.09 19:52:19 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009.02.09 19:52:19 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009.02.09 19:52:19 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009.02.09 19:52:19 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009.02.09 19:52:19 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009.02.09 19:52:19 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009.02.09 19:52:19 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2009.02.09 19:52:19 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009.02.09 19:52:19 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009.02.09 19:52:19 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009.02.09 19:52:19 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009.02.09 19:52:19 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009.02.09 19:52:19 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2009.02.09 19:52:19 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2009.02.09 19:52:19 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009.02.09 19:52:19 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.02.09 19:50:33 | 000,000,025 | ---- | C] () -- C:\Windows\CDE ESP1400Euro.ini [2008.11.21 20:03:24 | 000,000,492 | ---- | C] () -- C:\Windows\SIERRA.INI [2008.09.17 21:47:54 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini [2008.08.05 23:19:56 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008.08.05 23:19:53 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.08.05 23:19:53 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.08.05 23:19:53 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.08.05 23:19:51 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.08.05 23:19:51 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.08.05 17:37:09 | 000,066,560 | ---- | C] () -- C:\Windows\MOTA113.exe [2008.08.05 17:37:09 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.08.05 17:37:08 | 000,502,784 | ---- | C] () -- C:\Windows\x2.64.exe [2008.08.05 17:37:08 | 000,240,128 | ---- | C] () -- C:\Windows\System32\x.264.exe [2008.08.05 17:37:08 | 000,217,073 | ---- | C] () -- C:\Windows\meta4.exe [2008.02.20 23:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll [2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll [2008.02.02 13:40:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2008.02.02 13:40:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2007.12.18 15:56:39 | 000,007,592 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat [2007.12.09 23:20:36 | 000,650,487 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\UserTile.png [2007.12.09 12:13:35 | 000,054,318 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.001 [2007.12.08 22:08:10 | 000,054,318 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\nvModes.dat [2007.12.08 20:54:02 | 000,013,734 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\wklnhst.dat [2007.12.05 21:12:43 | 000,240,128 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.05 15:25:23 | 000,194,304 | ---- | C] () -- C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT [2007.08.20 11:01:39 | 000,111,045 | ---- | C] () -- C:\Windows\hpqins13.dat [2007.08.20 09:49:27 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2007.02.27 22:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.12.14 08:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.12.14 08:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll [2006.11.02 17:33:31 | 000,701,768 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,153,002 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,896,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 001,630,778 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI [2006.11.02 12:33:01 | 000,656,152 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,125,776 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini [2006.11.02 12:23:31 | 000,000,259 | ---- | C] () -- C:\Windows\win.ini [2006.11.02 12:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:33:50 | 000,056,880 | ---- | C] () -- C:\Windows\System32\scvideo.dll [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe [2006.11.02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe [2006.11.02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe [2006.11.02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com [2006.11.02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM [2006.11.02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe [2006.11.02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe [2006.11.02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM [2006.11.02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe [2006.11.02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe [2006.11.02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM [2006.11.02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe [2006.11.02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe [2006.11.02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe [2006.11.02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe [2006.11.02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM [2006.11.02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe [2006.11.02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys [2006.11.02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS [2006.11.02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS [2006.11.02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS [2006.11.02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS [2006.11.02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS [2006.11.02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS [2006.11.02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS [2006.11.02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS [2006.11.02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS [2006.11.02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS [2006.11.02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS [2006.11.02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS [2006.11.02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS [2006.11.02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS [2006.11.02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll [2006.03.10 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.05.07 14:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2010.12.23 10:53:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Alawar [2010.12.14 13:58:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Crtuser [2011.01.02 15:37:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular [2009.02.09 20:40:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EPSON [2009.12.18 17:56:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Hemera [2010.01.21 10:01:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org [2007.12.10 17:58:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PX24 [2009.12.06 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\T-Online [2009.12.14 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Template [2010.12.15 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Uniblue [2007.12.10 16:46:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Visit-X [2008.06.24 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\VX-Software2007 [2011.05.23 21:05:08 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E1F04E8D < End of report > [/code] Sorry, mehrfach gepostet Hallo und guten Morgen, tut mir Leid, wenn ich zu ungeduldig bin... Kann mir jemand weiter helfen? Ist mein PC jetzt frei von Schädlingen? Was soll ich machen?  Das Fenster mit der "Meldung" kommt jetzt nicht mehr, ich habe aber Bedenken mich wieder frei im Internet zu bewegen... LG Mara |
|
24.05.2011, 14:10
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A War das der erste und einzige Scan mit Malwarebytes? Oder schon öfter gescannt? Wenn ja, zu jedem Scan gibt es auch ein Log, dann bitte alle posten.
__________________
__________________ |
|
24.05.2011, 19:31
| #3 |
| | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Hallo Arne,
__________________das war der erste und einzige Scan mit Malwarebytes. Davor mehrere mit Avira. Ich habe über Malwarebytes erst hier gelesen. Ich lasse gleich einen durchlaufen und poste den dann. Danke für die Antwort  LG Mara |
|
24.05.2011, 19:40
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\Shell - "" = AutoRun
O33 - MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\Shell - "" = AutoRun
O33 - MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\Shell - "" = AutoRun
O33 - MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c94e833a-c5a7-11dc-9a3e-001b24dad16c}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E1F04E8D
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2011, 21:28
| #5 |
| | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Malware ist jetzt durch Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6654
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
24.05.2011 22:22:54
mbam-log-2011-05-24 (22-22-54).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 325421
Laufzeit: 1 Stunde(n), 38 Minute(n), 5 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
25.05.2011, 08:33
| #6 |
| | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Ich hoffe, dass ich das richtig gemacht habe. hier das Resultat: Code:
ATTFilter ========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\AUTOMODE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c3a8a0b-f1d3-11dc-90e8-001a73c85e99}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6022dea4-fca4-11dc-9dc9-001a73c85e99}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6022dea5-fca4-11dc-9dc9-001a73c85e99}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7773c7d2-0c8d-11de-a6ca-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d8b4e7-f1d5-11dc-b9a4-001a73c85e99}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b27fdcc8-f183-11dc-bf65-001b24dad16c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8eb1974-0de7-11dd-be13-001b24dad16c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8eb1974-0de7-11dd-be13-001b24dad16c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8eb1974-0de7-11dd-be13-001b24dad16c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb89790b-f677-11dc-bc30-001b24dad16c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb89790b-f677-11dc-bc30-001b24dad16c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb89790b-f677-11dc-bc30-001b24dad16c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c94e833a-c5a7-11dc-9a3e-001b24dad16c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c94e833a-c5a7-11dc-9a3e-001b24dad16c}\ not found.
File F:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:E1F04E8D deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.23.0 log created on 05252011_093035
|
|
25.05.2011, 10:16
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.05.2011, 11:15
| #8 |
| | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Habe ich gemacht: Code:
ATTFilter 2011/05/25 12:16:51.0012 5076 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 12:16:51.0152 5076 ================================================================================
2011/05/25 12:16:51.0152 5076 SystemInfo:
2011/05/25 12:16:51.0152 5076
2011/05/25 12:16:51.0152 5076 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/25 12:16:51.0152 5076 Product type: Workstation
2011/05/25 12:16:51.0152 5076 ComputerName: MEIN_ARBEITS-PC
2011/05/25 12:16:51.0152 5076 UserName: xxx
2011/05/25 12:16:51.0152 5076 Windows directory: C:\Windows
2011/05/25 12:16:51.0152 5076 System windows directory: C:\Windows
2011/05/25 12:16:51.0152 5076 Processor architecture: Intel x86
2011/05/25 12:16:51.0152 5076 Number of processors: 2
2011/05/25 12:16:51.0152 5076 Page size: 0x1000
2011/05/25 12:16:51.0152 5076 Boot type: Normal boot
2011/05/25 12:16:51.0152 5076 ================================================================================
2011/05/25 12:16:52.0151 5076 Initialize success
2011/05/25 12:16:54.0163 4800 ================================================================================
2011/05/25 12:16:54.0163 4800 Scan started
2011/05/25 12:16:54.0163 4800 Mode: Manual;
2011/05/25 12:16:54.0163 4800 ================================================================================
2011/05/25 12:16:55.0083 4800 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/25 12:16:55.0161 4800 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/25 12:16:55.0208 4800 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/25 12:16:55.0255 4800 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/25 12:16:55.0302 4800 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/25 12:16:55.0395 4800 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/25 12:16:55.0458 4800 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/25 12:16:55.0520 4800 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/25 12:16:55.0629 4800 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/25 12:16:55.0692 4800 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/25 12:16:55.0754 4800 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/25 12:16:55.0801 4800 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/25 12:16:55.0863 4800 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/25 12:16:55.0988 4800 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/25 12:16:56.0051 4800 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/25 12:16:56.0144 4800 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/25 12:16:56.0207 4800 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/25 12:16:56.0269 4800 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/25 12:16:56.0331 4800 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/25 12:16:56.0394 4800 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/25 12:16:56.0441 4800 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/25 12:16:56.0503 4800 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/25 12:16:56.0612 4800 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/25 12:16:56.0675 4800 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/25 12:16:56.0706 4800 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/25 12:16:56.0753 4800 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/25 12:16:56.0815 4800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/25 12:16:56.0862 4800 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/25 12:16:56.0893 4800 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/25 12:16:56.0940 4800 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/25 12:16:57.0002 4800 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/25 12:16:57.0065 4800 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/25 12:16:57.0127 4800 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/25 12:16:57.0221 4800 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/25 12:16:57.0283 4800 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/25 12:16:57.0330 4800 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/25 12:16:57.0408 4800 CoachUsb (7a0b457eefef8cbaa0cc44c8819113bd) C:\Windows\system32\DRIVERS\CoachUsb.sys
2011/05/25 12:16:57.0439 4800 CoachVc (614ca0bfa09861e42ad8d14b83540758) C:\Windows\system32\DRIVERS\CoachVc.sys
2011/05/25 12:16:57.0517 4800 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/25 12:16:57.0579 4800 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/25 12:16:57.0626 4800 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/25 12:16:57.0704 4800 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/25 12:16:57.0782 4800 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
2011/05/25 12:16:57.0860 4800 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/25 12:16:58.0047 4800 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/25 12:16:58.0094 4800 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/25 12:16:58.0141 4800 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
2011/05/25 12:16:58.0188 4800 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/25 12:16:58.0281 4800 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/25 12:16:58.0359 4800 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/25 12:16:58.0422 4800 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2011/05/25 12:16:58.0484 4800 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/25 12:16:58.0547 4800 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/05/25 12:16:58.0640 4800 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/25 12:16:58.0718 4800 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/25 12:16:58.0874 4800 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/25 12:16:58.0952 4800 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/25 12:16:58.0999 4800 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/25 12:16:59.0077 4800 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/25 12:16:59.0139 4800 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/25 12:16:59.0171 4800 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/25 12:16:59.0233 4800 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/25 12:16:59.0280 4800 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/25 12:16:59.0311 4800 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/25 12:16:59.0405 4800 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/05/25 12:16:59.0451 4800 HdAudAddService (a08f4808fb19a40792a6056848187afe) C:\Windows\system32\drivers\CHDART.sys
2011/05/25 12:16:59.0514 4800 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/25 12:16:59.0623 4800 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/25 12:16:59.0670 4800 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/25 12:16:59.0717 4800 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/25 12:16:59.0795 4800 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/25 12:16:59.0888 4800 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/25 12:16:59.0982 4800 HSF_DPV (0d7a055a840c3099c37d576573a42cd5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/25 12:17:00.0044 4800 HSXHWAZL (bcc074692882c056b0e1ac97f3331a02) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/25 12:17:00.0091 4800 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/25 12:17:00.0200 4800 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/25 12:17:00.0263 4800 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/25 12:17:00.0356 4800 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/25 12:17:00.0403 4800 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/25 12:17:00.0450 4800 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/25 12:17:00.0528 4800 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/25 12:17:00.0590 4800 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/25 12:17:00.0684 4800 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/25 12:17:00.0746 4800 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/25 12:17:00.0809 4800 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/25 12:17:00.0902 4800 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/25 12:17:00.0949 4800 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/25 12:17:01.0027 4800 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/25 12:17:01.0074 4800 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/25 12:17:01.0121 4800 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/25 12:17:01.0183 4800 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/25 12:17:01.0230 4800 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/25 12:17:01.0292 4800 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/25 12:17:01.0386 4800 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/25 12:17:01.0479 4800 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/25 12:17:01.0526 4800 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/25 12:17:01.0557 4800 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/25 12:17:01.0620 4800 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/25 12:17:01.0667 4800 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/25 12:17:01.0713 4800 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/25 12:17:01.0776 4800 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/25 12:17:01.0823 4800 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/25 12:17:01.0885 4800 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/25 12:17:01.0979 4800 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/25 12:17:02.0010 4800 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/25 12:17:02.0072 4800 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/25 12:17:02.0119 4800 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/25 12:17:02.0166 4800 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/25 12:17:02.0228 4800 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/25 12:17:02.0275 4800 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/25 12:17:02.0322 4800 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/25 12:17:02.0369 4800 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/25 12:17:02.0415 4800 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/25 12:17:02.0447 4800 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/25 12:17:02.0525 4800 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/25 12:17:02.0571 4800 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/25 12:17:02.0634 4800 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/25 12:17:02.0681 4800 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/25 12:17:02.0712 4800 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/25 12:17:02.0759 4800 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/25 12:17:02.0790 4800 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/25 12:17:02.0837 4800 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/25 12:17:02.0883 4800 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/25 12:17:02.0977 4800 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/25 12:17:03.0024 4800 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/25 12:17:03.0086 4800 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/25 12:17:03.0133 4800 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/25 12:17:03.0180 4800 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/25 12:17:03.0227 4800 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/25 12:17:03.0320 4800 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/25 12:17:03.0383 4800 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/25 12:17:03.0461 4800 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/25 12:17:03.0523 4800 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/25 12:17:03.0585 4800 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/25 12:17:03.0663 4800 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/25 12:17:03.0710 4800 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/25 12:17:03.0757 4800 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/25 12:17:03.0835 4800 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/25 12:17:04.0100 4800 nvlddmkm (23188eea47d122c13327070aa5dbcf3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/25 12:17:04.0209 4800 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/25 12:17:04.0272 4800 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/05/25 12:17:04.0319 4800 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/25 12:17:04.0350 4800 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/25 12:17:04.0459 4800 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/25 12:17:04.0506 4800 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/25 12:17:04.0553 4800 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/25 12:17:04.0599 4800 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/25 12:17:04.0662 4800 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/25 12:17:04.0709 4800 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/25 12:17:04.0755 4800 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/25 12:17:04.0833 4800 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/25 12:17:04.0974 4800 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/25 12:17:05.0021 4800 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/25 12:17:05.0114 4800 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/25 12:17:05.0145 4800 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/25 12:17:05.0239 4800 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/25 12:17:05.0286 4800 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/25 12:17:05.0348 4800 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/25 12:17:05.0395 4800 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/25 12:17:05.0457 4800 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/25 12:17:05.0520 4800 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/25 12:17:05.0535 4800 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/25 12:17:05.0598 4800 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/25 12:17:05.0645 4800 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/25 12:17:05.0723 4800 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/25 12:17:05.0738 4800 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/25 12:17:05.0832 4800 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/25 12:17:05.0910 4800 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/05/25 12:17:05.0957 4800 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/05/25 12:17:05.0988 4800 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/05/25 12:17:06.0066 4800 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/25 12:17:06.0113 4800 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/25 12:17:06.0191 4800 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/25 12:17:06.0222 4800 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/25 12:17:06.0284 4800 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/25 12:17:06.0315 4800 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/25 12:17:06.0378 4800 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/25 12:17:06.0456 4800 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/25 12:17:06.0487 4800 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/25 12:17:06.0534 4800 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/25 12:17:06.0581 4800 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/25 12:17:06.0643 4800 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/25 12:17:06.0690 4800 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/25 12:17:06.0721 4800 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/25 12:17:06.0799 4800 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/25 12:17:06.0877 4800 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/25 12:17:06.0939 4800 SPLITCAM (c7c361a04742ab187e10583bbf4fa975) C:\Windows\system32\DRIVERS\splitcam.sys
2011/05/25 12:17:07.0033 4800 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/25 12:17:07.0080 4800 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/25 12:17:07.0127 4800 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/25 12:17:07.0189 4800 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/25 12:17:07.0220 4800 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
2011/05/25 12:17:07.0283 4800 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2011/05/25 12:17:07.0329 4800 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/25 12:17:07.0392 4800 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/25 12:17:07.0439 4800 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/25 12:17:07.0470 4800 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/25 12:17:07.0532 4800 SynTP (8327106d1c93e9a7b98e63b9fcc24bb7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/25 12:17:07.0626 4800 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/25 12:17:07.0688 4800 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/25 12:17:07.0735 4800 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/25 12:17:07.0782 4800 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/25 12:17:07.0829 4800 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/25 12:17:07.0891 4800 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/25 12:17:08.0000 4800 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/25 12:17:08.0109 4800 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/25 12:17:08.0172 4800 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/25 12:17:08.0203 4800 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/25 12:17:08.0250 4800 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/25 12:17:08.0297 4800 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/25 12:17:08.0359 4800 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/25 12:17:08.0406 4800 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/25 12:17:08.0437 4800 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/25 12:17:08.0468 4800 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/25 12:17:08.0531 4800 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/25 12:17:08.0593 4800 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/25 12:17:08.0640 4800 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/25 12:17:08.0671 4800 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/25 12:17:08.0718 4800 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/25 12:17:08.0765 4800 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/25 12:17:08.0796 4800 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/25 12:17:08.0858 4800 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/25 12:17:08.0921 4800 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/25 12:17:08.0952 4800 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/25 12:17:09.0014 4800 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/25 12:17:09.0077 4800 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/25 12:17:09.0123 4800 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/25 12:17:09.0201 4800 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/25 12:17:09.0233 4800 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/25 12:17:09.0264 4800 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/25 12:17:09.0311 4800 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/25 12:17:09.0373 4800 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/25 12:17:09.0420 4800 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/25 12:17:09.0451 4800 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/25 12:17:09.0513 4800 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/25 12:17:09.0560 4800 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 12:17:09.0576 4800 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 12:17:09.0638 4800 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/25 12:17:09.0701 4800 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/25 12:17:09.0825 4800 winachsf (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/25 12:17:09.0935 4800 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
2011/05/25 12:17:10.0013 4800 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/25 12:17:10.0091 4800 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/25 12:17:10.0137 4800 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/25 12:17:10.0231 4800 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/25 12:17:10.0278 4800 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/25 12:17:10.0356 4800 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
2011/05/25 12:17:10.0387 4800 ================================================================================
2011/05/25 12:17:10.0387 4800 Scan finished
2011/05/25 12:17:10.0387 4800 ================================================================================
2011/05/25 12:17:10.0418 4504 Detected object count: 0
2011/05/25 12:17:10.0418 4504 Actual detected object count: 0
Geändert von oltadela (25.05.2011 um 11:26 Uhr) |
|
25.05.2011, 13:23
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.05.2011, 18:45
| #10 |
| | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Combofix Logfile: Code:
ATTFilter ComboFix 11-05-24.06 - xxx 25.05.2011 19:14:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1117 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\scvideo.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-25 bis 2011-05-25 ))))))))))))))))))))))))))))))
.
.
2011-05-25 17:28 . 2011-05-25 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-25 17:12 . 2011-05-25 17:13 -------- d-----w- C:\32788R22FWJFW
2011-05-25 14:02 . 2011-05-25 14:17 -------- d-----w- C:\cofi
2011-05-25 07:30 . 2011-05-25 07:30 -------- d-----w- C:\_OTL
2011-05-24 08:09 . 2011-05-24 08:09 -------- d-----w- c:\program files\CCleaner
2011-05-23 14:29 . 2011-05-23 14:29 -------- d-----w- c:\users\Tamara\AppData\Roaming\Malwarebytes
2011-05-23 14:29 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 14:29 . 2011-05-23 14:29 -------- d-----w- c:\programdata\Malwarebytes
2011-05-23 14:29 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-23 14:28 . 2011-05-23 14:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-23 11:49 . 2011-05-23 11:49 98816 ----a-w- c:\windows\system32\mfps.dll
2011-05-23 11:46 . 2011-05-23 11:46 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-05-23 11:46 . 2011-05-23 11:46 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-05-23 11:46 . 2011-05-23 11:46 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-05-23 11:46 . 2011-05-23 11:46 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-05-23 11:46 . 2011-05-23 11:46 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-05-23 11:46 . 2011-05-23 11:46 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-05-23 11:46 . 2011-05-23 11:46 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-05-23 11:41 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-05-23 11:41 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-23 11:41 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-23 11:41 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-05-23 11:41 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-05-23 11:41 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-23 11:41 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-23 11:41 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-05-23 11:41 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-05-23 11:40 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-05-23 11:40 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-23 11:46 . 2011-05-23 11:46 4096 ----a-w- c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2011-03-16 10:27 . 2010-12-13 15:29 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 17:03 . 2011-04-15 06:43 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 06:43 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 06:43 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 13:25 . 2011-04-15 06:43 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 06:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-09 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-09 81920]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"HP LaserJet Professional CM1410 Series Fax"="c:\program files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe" [2010-04-09 2460472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-9 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 136176]
R3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-30 339624]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-03-08 421032]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-04-12 142336]
S2 iprip;RIP-Überwachung;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-24 5120]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avgntflt
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
LPDService REG_MULTI_SZ LPDSVC
ipripsvc REG_MULTI_SZ iprip
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 17:15]
.
2011-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-03 17:15]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Tamara\AppData\Roaming\Mozilla\Firefox\Profiles\1rbesmy0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-25 19:28
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "c:\program files\MSN Messenger\msnmsgr.exe" /background?g
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-55491585-2591372671-1561957175-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-25 19:37:43
ComboFix-quarantined-files.txt 2011-05-25 17:37
.
Vor Suchlauf: 12 Verzeichnis(se), 142.066.016.256 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 141.998.055.424 Bytes frei
.
- - End Of File - - D6BBBB1A9107002507B8B14F9EB2D6CB
|
|
25.05.2011, 21:23
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2011, 09:51
| #12 |
| | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-26 09:55:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: 7twej4gl.exe; Driver: C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys
---- System - GMER 1.0.15 ----
SSDT 88F27DEB ZwLoadDriver
SSDT 88F27DF0 ZwSetSystemInformation
SSDT 88F27DAF ZwTerminateProcess
SSDT 88F27DAA ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 37D 826F1B00 4 Bytes [EB, 7D, F2, 88]
.text ntkrnlpa.exe!KeSetEvent + 5DD 826F1D60 4 Bytes [F0, 7D, F2, 88]
.text ntkrnlpa.exe!KeSetEvent + 621 826F1DA4 4 Bytes [AF, 7D, F2, 88]
.text ntkrnlpa.exe!KeSetEvent + 681 826F1E04 4 Bytes [AA, 7D, F2, 88]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C800340, 0x3481E7, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7429F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7429E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [742ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7429FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7429FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7432CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7429D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74296853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7429687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 10:26:13 on 26.05.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\xxx\AppData\Local\Temp\catchme.sys (File not found) "Coach Digital Camera on USB" (CoachUsb) - "FotoNation Ltd." - C:\Windows\System32\DRIVERS\CoachUsb.sys "Coach Video Capture" (CoachVc) - "Accapella Ltd." - C:\Windows\System32\DRIVERS\CoachVc.sys "DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys "fwtiipog" (fwtiipog) - ? - C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys (Hidden registry entry, rootkit activity | File not found) "Generic Virtual HID Driver" (vhidmini) - ? - C:\Windows\System32\DRIVERS\walvhid.sys (File not found) "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Splitcam, WDM Camera Stream Splitter" (SPLITCAM) - "LoteSoft Co." - C:\Windows\System32\DRIVERS\splitcam.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys "Tablet Mouse Filter Driver" (moufiltr) - ? - C:\Windows\System32\DRIVERS\moufiltr.sys (File not found) "Telekom Netzmanager Packet Filter Driver" (TelekomNM3) - ? - C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma Loader.exe.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe "HP Health Check Scheduler" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "HP LaserJet Professional CM1410 Series Fax" - "Hewlett-Packard Company" - C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax" "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "HPUsageTracking" - " " - C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\" "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "ToolboxFX" - "Hewlett-Packard Company" - "C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on "WAWifiMessage" - "Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Fax Port" - "Hewlett-Packard Company" - C:\Windows\system32\hppfaxprintermon5.dll "HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE "Com4Qlb" (Com4Qlb) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe "CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe "CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "HP LaserJet Service" (HP LaserJet Service) - "HP" - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe "Symantec RemoteAssist" (Symantec RemoteAssist) - "Symantec, Inc." - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe "Windows Live Setup Service" (WLSetupSvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\installer\WLSetupSvc.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\system32\SVEN00~1.SCR (File not found) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9500 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 160):
0x82645000 \SystemRoot\system32\ntkrnlpa.exe
0x82612000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\PSHED.dll
0x8041A000 \SystemRoot\system32\BOOTVID.dll
0x80422000 \SystemRoot\system32\CLFS.SYS
0x80463000 \SystemRoot\system32\CI.dll
0x80543000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80606000 \SystemRoot\system32\drivers\acpi.sys
0x8064C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80655000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065D000 \SystemRoot\system32\drivers\pci.sys
0x80684000 \SystemRoot\System32\drivers\partmgr.sys
0x80693000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80696000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A0000 \SystemRoot\system32\drivers\volmgr.sys
0x806AF000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F9000 \SystemRoot\system32\drivers\pciide.sys
0x80700000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071E000 \SystemRoot\system32\drivers\atapi.sys
0x80726000 \SystemRoot\system32\drivers\ataport.SYS
0x80744000 \SystemRoot\system32\drivers\fltmgr.sys
0x80776000 \SystemRoot\system32\drivers\fileinfo.sys
0x80786000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8078F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88003000 \SystemRoot\system32\drivers\ndis.sys
0x8810E000 \SystemRoot\system32\drivers\msrpc.sys
0x88139000 \SystemRoot\system32\drivers\NETIO.SYS
0x88209000 \SystemRoot\System32\drivers\tcpip.sys
0x882F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8840D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8851D000 \SystemRoot\system32\drivers\wd.sys
0x88525000 \SystemRoot\system32\drivers\volsnap.sys
0x8855E000 \SystemRoot\System32\Drivers\spldr.sys
0x88566000 \SystemRoot\System32\Drivers\mup.sys
0x88575000 \SystemRoot\System32\drivers\ecache.sys
0x8859C000 \SystemRoot\system32\drivers\disk.sys
0x885AD000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885CE000 \SystemRoot\system32\drivers\crcdisk.sys
0x88400000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x885F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8830E000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8831E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88322000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88325000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88335000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8833C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88345000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x88348000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88352000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88390000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C409000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C50A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C597000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C5A7000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C5B5000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8C5CF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8C5DE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8839F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x88174000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C60F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C800000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CED0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CF70000 \SystemRoot\System32\drivers\watchdog.sys
0x8CF7C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CF8F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CF9A000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CFC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CFC7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CFD2000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8C695000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C6C4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CFDA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CFE5000 \SystemRoot\system32\DRIVERS\splitcam.sys
0x8CFEE000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8C705000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C72F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C746000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C751000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C774000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C783000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C797000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C7AC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CFFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C7BC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C7C6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C7D3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8818C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C7DC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x881C1000 \SystemRoot\system32\drivers\CHDART.sys
0x805CC000 \SystemRoot\system32\drivers\portcls.sys
0x8D602000 \SystemRoot\system32\drivers\drmk.sys
0x8D627000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D664000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D807000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D8BB000 \SystemRoot\system32\drivers\modem.sys
0x8D8C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D8DF000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D900000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D909000 \SystemRoot\System32\Drivers\Null.SYS
0x8D910000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D917000 \SystemRoot\System32\drivers\vga.sys
0x8D923000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D944000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D94C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D954000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D95F000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D96D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D976000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D98C000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D9A0000 \SystemRoot\system32\drivers\afd.sys
0x8D767000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D9E8000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8D799000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D9F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D800000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8D7AF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D7C2000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8DA0B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DA47000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DA51000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DA68000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8DA8E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DA9B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8DAA6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96650000 \SystemRoot\System32\win32k.sys
0x8DAAE000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DAB8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96870000 \SystemRoot\System32\TSDDD.dll
0x96890000 \SystemRoot\System32\cdd.dll
0x968A0000 \SystemRoot\System32\ATMFD.DLL
0x8DAC7000 \SystemRoot\system32\drivers\luafv.sys
0x8DAEA000 \SystemRoot\system32\drivers\spsys.sys
0x8DB9A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8DBAA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8DBD4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8DBDE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9DE00000 \SystemRoot\system32\drivers\HTTP.sys
0x9DE6D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9DE8A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9DEA3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9DEB8000 \SystemRoot\system32\drivers\mrxdav.sys
0x9DED9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DEF8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9DF31000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9DF49000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9DF71000 \SystemRoot\System32\DRIVERS\srv.sys
0x9DFD8000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9DFC0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9DFEE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA180D000 \SystemRoot\system32\drivers\peauth.sys
0xA18EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA18F5000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0xA18FC000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA1908000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA1910000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA1938000 \??\C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys
0x77590000 \Windows\System32\ntdll.dll
Processes (total 82):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
560 csrss.exe
612 C:\Windows\System32\wininit.exe
624 csrss.exe
656 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
828 C:\Windows\System32\winlogon.exe
848 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1260 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\SLsvc.exe
1320 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1700 C:\Windows\System32\spoolsv.exe
1728 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1740 C:\Windows\System32\svchost.exe
2036 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
276 C:\Windows\System32\svchost.exe
316 HP1006MC.EXE
336 C:\Windows\System32\CISVC.EXE
368 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
972 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1996 C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
2064 C:\Windows\System32\svchost.exe
2080 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2108 C:\Windows\System32\svchost.exe
2124 C:\Windows\System32\svchost.exe
2152 C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
2200 C:\Windows\System32\svchost.exe
2220 C:\Windows\System32\svchost.exe
2244 C:\Windows\System32\TCPSVCS.EXE
2264 C:\Windows\System32\svchost.exe
2308 C:\Windows\System32\svchost.exe
2344 C:\Windows\System32\svchost.exe
2380 C:\Windows\System32\SearchIndexer.exe
2572 C:\Windows\System32\drivers\XAudio.exe
2708 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3104 C:\Windows\System32\dwm.exe
3152 C:\Windows\System32\taskeng.exe
3160 C:\Windows\explorer.exe
3204 C:\Windows\System32\taskeng.exe
3596 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
3628 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
1352 C:\Windows\System32\alg.exe
3432 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2056 C:\Program Files\HP\QuickPlay\QPService.exe
2316 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1256 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1248 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
1180 C:\Program Files\FreePDF_XP\fpassist.exe
2256 C:\Program Files\HP\HP UT\bin\hppusg.exe
2964 C:\Windows\System32\rundll32.exe
1296 C:\Windows\WindowsMobile\wmdSync.exe
3392 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2824 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2508 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1300 C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
2196 C:\Windows\ehome\ehtray.exe
2368 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1304 C:\Windows\System32\rundll32.exe
3660 WmiPrvSE.exe
1976 C:\Windows\System32\svchost.exe
3836 C:\Windows\System32\wbem\unsecapp.exe
3936 C:\Program Files\Windows Media Player\wmpnscfg.exe
880 C:\Windows\ehome\ehmsas.exe
4196 C:\Program Files\Windows Media Player\wmpnetwk.exe
4464 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
6024 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
4960 C:\Windows\System32\conime.exe
4028 C:\Windows\System32\svchost.exe
4868 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
476 C:\Windows\System32\SearchProtocolHost.exe
3968 C:\Windows\System32\SearchFilterHost.exe
3084 C:\Windows\System32\SearchProtocolHost.exe
5236 C:\Users\xxx\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`561f5200 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
|
|
26.05.2011, 10:36
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten. Hast Du noch andere Betriebssysteme außer Vista installiert? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.05.2011, 16:28
| #14 |
| | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A Hallo Arne, nach 2 Versuchen hatte ich die CD gebrannt, starten wollte mein PC von der CD nicht. Ging erst nach 5 oder 6 mal Neu starten... plötzlich... nun, hier die Resultate: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9500 Notebook PC
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 160):
0x8260D000 \SystemRoot\system32\ntkrnlpa.exe
0x829C7000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\PSHED.dll
0x8041C000 \SystemRoot\system32\BOOTVID.dll
0x80424000 \SystemRoot\system32\CLFS.SYS
0x80465000 \SystemRoot\system32\CI.dll
0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80607000 \SystemRoot\system32\drivers\acpi.sys
0x8064D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80656000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065E000 \SystemRoot\system32\drivers\pci.sys
0x80685000 \SystemRoot\System32\drivers\partmgr.sys
0x80694000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80697000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A1000 \SystemRoot\system32\drivers\volmgr.sys
0x806B0000 \SystemRoot\System32\drivers\volmgrx.sys
0x806FA000 \SystemRoot\system32\drivers\pciide.sys
0x80701000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071F000 \SystemRoot\system32\drivers\atapi.sys
0x80727000 \SystemRoot\system32\drivers\ataport.SYS
0x80745000 \SystemRoot\system32\drivers\fltmgr.sys
0x80777000 \SystemRoot\system32\drivers\fileinfo.sys
0x80787000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8800E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8807F000 \SystemRoot\system32\drivers\ndis.sys
0x8818A000 \SystemRoot\system32\drivers\msrpc.sys
0x881B5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8820B000 \SystemRoot\System32\drivers\tcpip.sys
0x882F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8840C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8851C000 \SystemRoot\system32\drivers\wd.sys
0x88524000 \SystemRoot\system32\drivers\volsnap.sys
0x8855D000 \SystemRoot\System32\Drivers\spldr.sys
0x88565000 \SystemRoot\System32\Drivers\mup.sys
0x88574000 \SystemRoot\System32\drivers\ecache.sys
0x8859B000 \SystemRoot\system32\drivers\disk.sys
0x885AC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885CD000 \SystemRoot\system32\drivers\crcdisk.sys
0x88400000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x885F6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88310000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x88320000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88324000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x88327000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x88337000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8833E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88347000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8834A000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88354000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88392000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BA03000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8BB04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BB91000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BBA1000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BBAF000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8BBC9000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BBD8000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x883A1000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x80790000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BE0C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8C00E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C6DE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C77E000 \SystemRoot\System32\drivers\watchdog.sys
0x8C78A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C79D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C7A8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C7D3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C7D5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C7E0000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8BE92000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BEC1000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C7E8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C7F3000 \SystemRoot\system32\DRIVERS\splitcam.sys
0x8C000000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8BF02000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BF2C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BF43000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BF4E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BF71000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BF80000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BF94000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BFA9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C7FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BFB9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BFC3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BFD0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x807A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BFD9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x805CE000 \SystemRoot\system32\drivers\CHDART.sys
0x8CE02000 \SystemRoot\system32\drivers\portcls.sys
0x8CE2F000 \SystemRoot\system32\drivers\drmk.sys
0x8CE54000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8CE91000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D000000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D0B4000 \SystemRoot\system32\drivers\modem.sys
0x8D0C1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D0D8000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D0F9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D102000 \SystemRoot\System32\Drivers\Null.SYS
0x8D109000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D110000 \SystemRoot\System32\drivers\vga.sys
0x8D11C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D13D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D145000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D14D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D158000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D166000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D16F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D185000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D199000 \SystemRoot\system32\drivers\afd.sys
0x8CF94000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D1E1000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8D1EA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CFC6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CFD4000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8CFD6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CFE9000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8D204000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D240000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D24A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D261000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8D287000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D294000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D29F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95CA0000 \SystemRoot\System32\win32k.sys
0x8D2A7000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D2B1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95EC0000 \SystemRoot\System32\TSDDD.dll
0x95EE0000 \SystemRoot\System32\cdd.dll
0x95EF0000 \SystemRoot\System32\ATMFD.DLL
0x8D2C0000 \SystemRoot\system32\drivers\luafv.sys
0x8D2E3000 \SystemRoot\system32\drivers\spsys.sys
0x8D393000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D3A3000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D3CD000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D3D7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E00D000 \SystemRoot\system32\drivers\HTTP.sys
0x9E07A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E097000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E0B0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E0C5000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E0E6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E105000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E13E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E156000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E17E000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E1E5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9E1CD000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9E1FB000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA2E01000 \SystemRoot\system32\drivers\peauth.sys
0xA2EDF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA2EE9000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0xA2EF0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2EFC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA2F04000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA2F2A000 \SystemRoot\system32\drivers\MSPQM.sys
0x779C0000 \Windows\System32\ntdll.dll
Processes (total 79):
0 System Idle Process
4 System
408 C:\Windows\System32\smss.exe
476 csrss.exe
528 C:\Windows\System32\wininit.exe
540 csrss.exe
572 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
688 C:\Windows\System32\winlogon.exe
784 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\audiodg.exe
1168 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\SLsvc.exe
1232 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\spoolsv.exe
1648 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1660 C:\Windows\System32\svchost.exe
1948 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1988 C:\Windows\System32\svchost.exe
2000 C:\Windows\System32\CISVC.EXE
2016 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
200 HP1006MC.EXE
336 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
288 C:\Windows\System32\taskeng.exe
1324 C:\Windows\System32\dwm.exe
520 C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
2064 C:\Windows\explorer.exe
2148 C:\Windows\System32\svchost.exe
2164 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2228 C:\Windows\System32\svchost.exe
2248 C:\Windows\System32\svchost.exe
2280 C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
2352 C:\Windows\System32\svchost.exe
2396 C:\Windows\System32\svchost.exe
2484 C:\Windows\System32\TCPSVCS.EXE
2508 C:\Windows\System32\svchost.exe
2536 C:\Windows\System32\taskeng.exe
2596 C:\Windows\System32\svchost.exe
2624 C:\Windows\System32\svchost.exe
2644 C:\Windows\System32\SearchIndexer.exe
2792 C:\Windows\System32\drivers\XAudio.exe
2832 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3420 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
3452 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
212 C:\Windows\System32\alg.exe
3080 WmiPrvSE.exe
4088 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3828 C:\Program Files\HP\QuickPlay\QPService.exe
2136 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1224 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
2236 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2856 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2904 C:\Program Files\FreePDF_XP\fpassist.exe
3612 C:\Program Files\HP\HP UT\bin\hppusg.exe
3640 C:\Windows\System32\rundll32.exe
3720 C:\Windows\WindowsMobile\wmdSync.exe
3200 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
2872 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2816 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3816 C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
1208 C:\Windows\ehome\ehtray.exe
3544 C:\Program Files\Windows Media Player\wmpnscfg.exe
3472 C:\Windows\System32\rundll32.exe
1468 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3848 C:\Windows\System32\wbem\unsecapp.exe
3944 WmiPrvSE.exe
3580 C:\Program Files\Windows Media Player\wmpnetwk.exe
4072 C:\Windows\System32\svchost.exe
3592 C:\Windows\ehome\ehmsas.exe
4356 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
1204 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
5344 C:\Windows\System32\conime.exe
4692 C:\Users\xxx\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`561f5200 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-26 17:12:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-60UST0 rev.01.01A01
Running: 7twej4gl.exe; Driver: C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys
---- System - GMER 1.0.15 ----
SSDT 8CDF53A3 ZwLoadDriver
SSDT 8CDF53A8 ZwSetSystemInformation
SSDT 8CDF5367 ZwTerminateProcess
SSDT 8CDF5362 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 37D 826B9B00 4 Bytes [A3, 53, DF, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5DD 826B9D60 4 Bytes [A8, 53, DF, 8C]
.text ntkrnlpa.exe!KeSetEvent + 621 826B9DA4 4 Bytes [67, 53, DF, 8C]
.text ntkrnlpa.exe!KeSetEvent + 681 826B9E04 4 Bytes [62, 53, DF, 8C]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C00E340, 0x3481E7, 0xE8000020]
? C:\Users\xxx\AppData\Local\Temp\fwtiipog.sys Das System kann die angegebene Datei nicht finden. !
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7489F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7489E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [748D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [748ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7489FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7489FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7492CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [748CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7489D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74896853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7489687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
26.05.2011, 19:19
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.ACode:
ATTFilter 232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A |
| 32 bit, administrator, alt+f4, alternate, appdata, arbeits-pc, avira, datei, dateien, deutsch, ebanking, entfernen, exp/cve-2010-4452.a, exploits exp/cve-2010-4452, forum, frage, google, google earth, hotspot, install.exe, ip-adresse, java, launch, malware, namen, nvlddmkm.sys, oldtimer, panik, passwort, plug-in, problem, probleme, programme, recovery, recycle.bin, schließen, schreibfehler, searchplugins, shell32.dll, sierra, spyeyes, start menu, starten, studio, versteckte, viren, viren usw., vista, was soll ich machen, ändern |
Linear-Darstellung
