| |
| |||||||
Log-Analyse und Auswertung: Infektion mit diverser MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.05.2011, 04:28
| #1 |
 |  Infektion mit diverser Malware Guten Morgen, vor ein paar Tagen hat mir Avira eine Vireninfektion angezeigt (Logfiles siehe unten). Das System wurde auch merklich langsamer, insbesondere Firefox hat auf Eingaben nur sehr verzögert reagiert, ebenso beim Seitenaufbau. Hatte Firefox neu installiert und diverse nicht mehr benötigte Software deinstalliert. Ein Lauf von Malwarebytes hat dann weitere Infektionen ergeben. Nachdem die betroffenen Dateien in Quarantäne verschoben wurden, wird beim Systemstart die Meldung angezeigt: Code:
ATTFilter Fehler beim Laden von C:\users\***\tloadF4.dll
Das angegebene Modul wurde nicht gefunden.
Jetzt wüsste ich gerne, wie ich da weiter vorgehen soll. OTL: Code:
ATTFilter OTL logfile created on: 28.05.2011 04:50:48 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\***\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,04% Memory free 4,24 Gb Paging File | 3,37 Gb Available in Paging File | 79,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 34,88 Gb Free Space | 46,81% Space Free | Partition Type: NTFS Drive D: | 64,76 Gb Total Space | 64,49 Gb Free Space | 99,59% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.04.28 16:18:06 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.16 16:47:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.03 15:31:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.10 18:15:46 | 001,265,664 | ---- | M] (www.bid-o-matic.org) -- C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.07.09 18:14:06 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe PRC - [2008.06.25 04:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe PRC - [2008.06.19 21:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe PRC - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2008.03.17 08:17:31 | 005,320,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.02 00:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe PRC - [2008.01.24 00:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe PRC - [2007.12.04 19:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe PRC - [2007.10.12 06:44:28 | 000,106,496 | ---- | M] (ASUS) -- C:\Windows\System32\ASUSTPE.exe PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe ========== Modules (SafeList) ========== MOD - [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Unknown | Stopped] -- -- (WPFFontCache_v0400) SRV - [2011.04.28 16:18:06 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.16 16:47:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.03.18 21:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== DRV - [2011.03.16 16:47:13 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.22 21:23:06 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.06.03 23:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\lullaby.sys -- (lullaby) DRV - [2008.05.01 03:09:59 | 007,448,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.04.27 20:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.03.21 21:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007.11.16 06:09:03 | 000,048,128 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH) DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm) DRV - [2007.08.03 21:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP) DRV - [2006.12.15 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.27 20:42:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.27 21:14:42 | 000,000,000 | ---D | M] [2011.05.27 20:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.05.27 21:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2009.05.15 20:13:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} File not found (No name found) -- [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.07.19 19:47:11 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.05 23:13:00 | 000,307,170 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10575 more lines... O2 - BHO: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe () O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [NvCplDaemonTool] File not found O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Biet-O-Matic.lnk = C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe (www.bid-o-matic.org) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.28 04:23:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbam logdateien [2011.05.28 04:19:46 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\avira ereignisse [2011.05.28 04:14:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUSTek ASUSDVD [2011.05.27 22:44:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.05.27 20:22:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DriverCure [2011.05.27 20:22:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ParetoLogic [2011.05.27 20:22:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic [2011.05.27 20:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic [2011.05.27 20:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2011.05.27 20:22:03 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic [2011.05.27 19:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue [2011.05.27 19:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2011.05.27 19:51:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} [2011.05.27 19:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue [2011.05.27 19:49:44 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8 [2011.05.27 19:49:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PackageAware [2011.05.26 15:57:37 | 005,249,448 | ---- | C] (ParetoLogic Inc.) -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor_de.exe [2011.05.16 17:05:02 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\rechtssoziologie [2011.05.04 22:56:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SnapDragon Games [2011.05.04 22:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\SnapDragon Games [2011.04.29 17:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2011.04.29 14:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2011.04.29 14:58:30 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2011.04.29 14:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.04.29 14:54:46 | 000,000,000 | ---D | C] -- C:\Program Files\Software Informer [2008.06.03 23:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys ========== Files - Modified Within 30 Days ========== [2011.05.28 04:23:49 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.28 04:16:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.28 04:16:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.28 04:15:10 | 000,042,749 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.28 04:13:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.28 00:31:16 | 000,000,272 | ---- | M] () -- C:\Users\***\Desktop\fehlermeldung beim start.rtf [2011.05.27 22:45:55 | 000,302,080 | ---- | M] () -- C:\Users\***\Desktop\ksdu5jyf.exe [2011.05.27 22:44:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.05.27 22:18:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.05.27 22:13:44 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl [2011.05.27 22:05:07 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.27 22:05:07 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.27 22:05:07 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.27 22:05:07 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.27 20:42:21 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.27 20:23:18 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2011.05.27 20:22:20 | 000,000,909 | ---- | M] () -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor.lnk [2011.05.27 20:22:20 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2011.05.27 20:22:20 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job [2011.05.27 20:22:20 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job [2011.05.27 19:52:36 | 000,000,220 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.05.27 19:52:19 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk [2011.05.27 19:31:57 | 000,323,216 | ---- | M] () -- C:\Users\***\Desktop\bookmarks-2011-05-27.json [2011.05.26 20:39:33 | 000,047,584 | ---- | M] () -- C:\Users\***\Desktop\werbung.jpg [2011.05.26 15:58:24 | 005,249,448 | ---- | M] (ParetoLogic Inc.) -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor_de.exe [2011.05.15 17:27:03 | 000,057,800 | ---- | M] () -- C:\Users\***\Desktop\alle affen gaffen.jpg [2011.05.14 14:46:09 | 000,388,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.14 03:20:35 | 000,105,656 | ---- | M] () -- C:\Users\***\Desktop\denkt denn niemand an die kinder.jpg [2011.05.13 00:49:56 | 003,575,463 | ---- | M] () -- C:\Users\***\Desktop\Come And Join Us - Bob Leaper And His Prophets.mp3 [2011.05.12 14:16:00 | 000,796,672 | ---- | M] (Qsc) -- C:\Windows\GPInstall.exe [2011.05.11 19:14:42 | 004,267,781 | ---- | M] () -- C:\Users\***\Desktop\Gabriella Cilmi - Sweet about me (unplugged).mp3 [2011.05.10 13:31:25 | 000,008,120 | ---- | M] () -- C:\Users\***\Desktop\denglisch.rtf [2011.05.09 20:40:14 | 000,000,548 | ---- | M] () -- C:\Users\***\Desktop\MinimogueVA.exe - Verknüpfung.lnk [2011.05.09 15:41:36 | 001,887,144 | ---- | M] () -- C:\Users\***\Desktop\2003-10-16_10-23-208_2005-12-02_11-19-376.pdf [2011.05.05 15:57:52 | 000,107,077 | ---- | M] () -- C:\Users\***\Desktop\claudia roth preis.pdf [2011.05.02 22:11:27 | 005,068,826 | ---- | M] () -- C:\Users\***\Desktop\Aloe Blacc - Loving You Is Killing Me (Live in Studio).mp3 [2011.05.02 21:54:13 | 000,050,061 | ---- | M] () -- C:\Users\***\Desktop\zimmer.jpg [2011.04.29 17:43:13 | 000,148,340 | ---- | M] () -- C:\Windows\hphins33.dat [2011.04.29 15:29:03 | 001,316,262 | ---- | M] () -- C:\Users\***\Desktop\dj169en.exe [2011.04.29 15:16:27 | 000,175,504 | ---- | M] () -- C:\Windows\hphins26.dat [2011.04.29 15:01:47 | 000,175,517 | ---- | M] () -- C:\Windows\hphins26.dat.temp ========== Files Created - No Company Name ========== [2011.05.28 00:31:16 | 000,000,272 | ---- | C] () -- C:\Users\***\Desktop\fehlermeldung beim start.rtf [2011.05.27 22:45:24 | 000,302,080 | ---- | C] () -- C:\Users\***\Desktop\ksdu5jyf.exe [2011.05.27 22:13:44 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl [2011.05.27 21:25:49 | 000,006,739 | ---- | C] () -- C:\Users\***\Documents\wavepurity.ini.bak [2011.05.27 20:42:21 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.27 20:42:21 | 000,000,853 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.27 20:23:18 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2011.05.27 20:22:20 | 000,000,909 | ---- | C] () -- C:\Users\***\Desktop\ParetoLogic PC Health Advisor.lnk [2011.05.27 20:22:20 | 000,000,422 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2011.05.27 20:22:20 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job [2011.05.27 20:22:20 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job [2011.05.27 19:52:36 | 000,000,220 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2011.05.27 19:52:19 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk [2011.05.27 19:31:56 | 000,323,216 | ---- | C] () -- C:\Users\***\Desktop\bookmarks-2011-05-27.json [2011.05.26 20:39:32 | 000,047,584 | ---- | C] () -- C:\Users\***\Desktop\werbung.jpg [2011.05.15 17:25:38 | 000,057,800 | ---- | C] () -- C:\Users\***\Desktop\alle affen gaffen.jpg [2011.05.14 03:20:35 | 000,105,656 | ---- | C] () -- C:\Users\***\Desktop\denkt denn niemand an die kinder.jpg [2011.05.13 00:49:54 | 003,575,463 | ---- | C] () -- C:\Users\***\Desktop\Come And Join Us - Bob Leaper And His Prophets.mp3 [2011.05.11 19:14:37 | 004,267,781 | ---- | C] () -- C:\Users\***\Desktop\Gabriella Cilmi - Sweet about me (unplugged).mp3 [2011.05.09 20:40:14 | 000,000,548 | ---- | C] () -- C:\Users\***\Desktop\MinimogueVA.exe - Verknüpfung.lnk [2011.05.09 15:41:29 | 001,887,144 | ---- | C] () -- C:\Users\***\Desktop\2003-10-16_10-23-208_2005-12-02_11-19-376.pdf [2011.05.05 15:57:50 | 000,107,077 | ---- | C] () -- C:\Users\***\Desktop\claudia roth preis.pdf [2011.05.02 22:10:44 | 005,068,826 | ---- | C] () -- C:\Users\***\Desktop\Aloe Blacc - Loving You Is Killing Me (Live in Studio).mp3 [2011.05.02 21:54:13 | 000,050,061 | ---- | C] () -- C:\Users\***\Desktop\zimmer.jpg [2011.04.29 17:38:11 | 000,148,340 | ---- | C] () -- C:\Windows\hphins33.dat [2011.04.29 17:38:11 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat [2011.04.29 15:28:55 | 001,316,262 | ---- | C] () -- C:\Users\***\Desktop\dj169en.exe [2011.04.29 15:13:52 | 000,175,517 | ---- | C] () -- C:\Windows\hphins26.dat.temp [2011.04.29 15:13:52 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat.temp [2011.04.29 14:57:48 | 000,175,504 | ---- | C] () -- C:\Windows\hphins26.dat [2011.04.29 14:57:48 | 000,000,787 | ---- | C] () -- C:\Windows\hphmdl26.dat [2010.08.03 20:43:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.03 20:42:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.05.20 12:36:28 | 000,000,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\qvjsge.dat [2010.04.07 22:46:32 | 000,000,073 | ---- | C] () -- C:\Windows\wininit.ini [2010.04.07 22:42:44 | 000,000,326 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.04.30 14:34:46 | 000,000,167 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.02.10 20:55:09 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009.01.05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe [2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini [2008.12.06 19:36:56 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2008.10.18 18:01:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.18 15:08:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2008.09.24 04:46:36 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.09.24 04:46:34 | 000,042,749 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.09.24 04:40:32 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe [2008.09.24 04:40:21 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008.04.16 11:30:52 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.16 11:30:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.16 11:30:52 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.16 11:30:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.16 11:01:43 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe [2006.11.02 14:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:44:53 | 000,388,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== LOP Check ========== [2009.09.22 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.config [2011.05.27 21:15:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.05.28 04:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM [2011.05.27 21:20:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON [2011.05.27 20:22:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure [2011.03.11 00:27:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.24 18:01:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2010.03.30 23:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.05.27 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze [2010.05.02 17:22:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2010.05.01 15:29:31 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec [2008.10.18 18:45:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.05.27 20:22:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ParetoLogic [2009.09.07 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qualcomm [2011.01.08 04:26:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER [2011.05.27 19:52:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue [2011.05.27 20:23:18 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job [2011.05.27 20:22:20 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job [2011.05.27 20:22:20 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job [2011.05.27 20:22:20 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job [2011.05.27 19:52:36 | 000,000,220 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2009.02.05 18:04:07 | 000,021,986 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.10.18 15:15:02 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.09.24 04:49:22 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS [2010.08.03 21:17:07 | 000,000,000 | -HSD | M] -- C:\Boot [2011.05.28 03:09:18 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2010.03.11 16:57:36 | 000,000,000 | ---D | M] -- C:\ct [2009.04.13 00:45:19 | 000,000,000 | ---D | M] -- C:\cwplayer [2008.10.18 15:01:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.05.05 00:40:23 | 000,000,000 | ---D | M] -- C:\dos [2008.10.30 16:21:34 | 000,000,000 | ---D | M] -- C:\logs [2011.05.09 20:40:20 | 000,000,000 | ---D | M] -- C:\minimoog [2008.01.21 04:43:50 | 000,000,000 | ---D | M] -- C:\PerfLogs [2009.06.15 17:51:29 | 000,000,000 | ---D | M] -- C:\postda [2011.05.27 22:17:50 | 000,000,000 | R--D | M] -- C:\Program Files [2011.05.27 21:40:24 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.12.06 19:12:12 | 000,000,000 | ---D | M] -- C:\qb [2010.04.07 22:46:14 | 000,000,000 | ---D | M] -- C:\SIERRA [2011.05.28 04:52:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.10.18 15:08:26 | 000,000,000 | R--D | M] -- C:\Users [2011.01.25 22:10:35 | 000,000,000 | ---D | M] -- C:\vst [2011.05.27 22:13:44 | 000,000,000 | ---D | M] -- C:\Windows [2009.09.22 18:03:02 | 000,000,000 | ---D | M] -- C:\xtender < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:34:42 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-28 01:09:47 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:C10F9B26 < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.05.2011 00:31:21 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\***\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,37% Memory free
4,23 Gb Paging File | 3,28 Gb Available in Paging File | 77,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 34,36 Gb Free Space | 46,11% Space Free | Partition Type: NTFS
Drive D: | 64,76 Gb Total Space | 64,49 Gb Free Space | 99,59% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C44C9B8-6FA2-4E57-96A1-F1A613941342}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3912536B-2707-456D-B4A9-2E0BFBD13EB7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{43D4CF31-CC80-4003-B456-01462B3E2027}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65400965-145C-4B37-B8BA-CB160F537165}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFA048CA-6731-4CE0-80BC-D81F5DEA2B0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EED069AF-F199-4E20-9267-EAEDDF1439CD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F51C7C49-D339-4A1B-8135-E733D223F48D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD47045D-17EB-473A-B22C-298DFEEBB612}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15B82674-B505-418A-B1C7-5A943354E1E5}" = protocol=6 | dir=in | app=c:\program files\ftp explorer\ftpx.exe |
"{7ED725E5-9CB9-43CF-A0DC-29A6160CA23B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{95024D4A-F3B6-40DA-A908-5A53B05EDFB3}" = protocol=17 | dir=in | app=c:\program files\ftp explorer\ftpx.exe |
"{B280AB1F-4344-43A8-8E2E-44F59A1F5B57}" = dir=in | app=c:\program files\asustek\asusdvd\powerdvd.exe |
"{EB73C2B2-0F81-4953-AF29-0DF69B4B66BB}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{F7B4AB7F-75DB-454A-B183-A901836CC404}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"TCP Query User{149C703E-0CD0-42C2-A9CD-EBC7B9B6B1BB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{37E0E16A-5102-4D19-94F2-F35F52D8F047}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B723F0A3-2454-4230-B1B4-F3D8BADF0C00}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D642D53B-3EA7-4D11-A8E2-59C21CCFB754}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F7DB53C0-EC2F-4B0E-AADE-196AF5290D80}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1FFBB0E6-A643-4B21-94D0-AE23BF915D21}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{99A4B196-54E2-4581-B7A6-863E97366FFF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CE1D5C9B-B9B0-4BCE-A409-77C7F304637E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{D353F28E-A797-43FD-9FFB-71A9B614F9BA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{ED3BB049-97F1-44BC-B548-C355A98E645B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F4EF69-CFE4-49D7-9459-3873D0FB2BDA}" = SmartFTP Client German (Germany) MUI
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0BC990FA-89D8-4F70-AFA9-0C01557FB7B3}" = SmartFTP Client
"{167F938F-5AD3-40e2-B05D-2B7C6F0FDE48}" = HP Deskjet D1500 Printer Driver 10.0 Rel .3
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo WinOptimizer 4 FREE_is1" = Ashampoo WinOptimizer 4 FREE
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"Biet-O-Matic v2.8.3" = Biet-O-Matic v2.8.3
"Caesar 3" = Caesar 3
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Native Instruments Pro-53 Demo" = Native Instruments Pro-53 Demo
"NVIDIA Drivers" = NVIDIA Drivers
"Security Task Manager" = Security Task Manager 1.7h
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tone Stack Calculator" = Tone Stack Calculator
"Uniblue RegistryBooster" = Uniblue RegistryBooster
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.05.2011 06:32:54 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.05.2011 06:32:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.05.2011 06:32:55 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.05.2011 06:32:56 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.05.2011 06:32:56 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.05.2011 06:32:58 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.05.2011 06:32:58 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.05.2011 06:33:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.05.2011 06:33:00 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.05.2011 19:04:26 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3909 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 39c Anfangszeit: 01cc187c6c279488 Zeitpunkt der Beendigung:
60
[ System Events ]
Error - 27.05.2011 15:42:40 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 27.05.2011 15:45:37 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 27.05.2011 15:45:39 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 27.05.2011 15:46:04 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 27.05.2011 15:46:05 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 27.05.2011 15:51:01 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 27.05.2011 16:12:33 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 27.05.2011 16:22:22 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description =
Error - 27.05.2011 16:31:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 27.05.2011 16:31:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-28 04:10:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: ksdu5jyf.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys
---- Kernel code sections - GMER 1.0.15 ----
? System32\drivers\fvxllon.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8BC04340, 0x3DC4A7, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[2644] ntdll.dll!LdrLoadDll 77AE93A8 5 Bytes JMP 011F1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
---- Files - GMER 1.0.15 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6694
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
28.05.2011 00:22:42
mbam-log-2011-05-28 (00-22-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 265425
Laufzeit: 1 Stunde(n), 34 Minute(n), 19 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Heuristics.Shuriken) -> Value: NvCplDaemonTool -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scancdiskd60.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\***\tloadF4.dll (Heuristics.Shuriken) -> No action taken.
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\E45NVVOV\about[1].exe (Heuristics.Shuriken) -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
|
|
29.05.2011, 11:00
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infektion mit diverser MalwareZitat:
Mach danach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.05.27 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze
[2010.05.01 15:29:31 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2011.05.27 22:18:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.05.20 12:36:28 | 000,000,016 | ---- | C] () -- C:\Users\***\AppData\Roaming\qvjsge.dat
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:C10F9B26
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
29.05.2011, 15:20
| #3 |
| | Infektion mit diverser Malware Zunächst mal: Der Registry-Booster war nur eine Testversion und hat, meines Wissens, nichts an der Registry verändert. Habe ich aber jetzt deinstalliert.
__________________Hier das neue OTL-Log: Code:
ATTFilter ========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\***\AppData\Roaming\Gutscheinmieze folder moved successfully.
C:\Users\***\AppData\Roaming\lowsec folder moved successfully.
C:\Windows\System32\acovcnt.exe moved successfully.
C:\Users\***\AppData\Roaming\qvjsge.dat moved successfully.
ADS C:\ProgramData\Temp:C10F9B26 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.23.0 log created on 05292011_161307
|
|
29.05.2011, 15:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit diverser Malware Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.05.2011, 17:05
| #5 |
| | Infektion mit diverser Malware Also hier das TDSS-Log: Code:
ATTFilter 2011/05/29 18:00:19.0981 2476 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 18:00:20.0049 2476 ================================================================================
2011/05/29 18:00:20.0049 2476 SystemInfo:
2011/05/29 18:00:20.0049 2476
2011/05/29 18:00:20.0049 2476 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/29 18:00:20.0049 2476 Product type: Workstation
2011/05/29 18:00:20.0049 2476 ComputerName: ***-PC
2011/05/29 18:00:20.0050 2476 UserName: ***
2011/05/29 18:00:20.0050 2476 Windows directory: C:\Windows
2011/05/29 18:00:20.0050 2476 System windows directory: C:\Windows
2011/05/29 18:00:20.0050 2476 Processor architecture: Intel x86
2011/05/29 18:00:20.0050 2476 Number of processors: 1
2011/05/29 18:00:20.0050 2476 Page size: 0x1000
2011/05/29 18:00:20.0050 2476 Boot type: Normal boot
2011/05/29 18:00:20.0050 2476 ================================================================================
2011/05/29 18:00:21.0404 2476 Initialize success
2011/05/29 18:00:39.0587 3092 ================================================================================
2011/05/29 18:00:39.0587 3092 Scan started
2011/05/29 18:00:39.0587 3092 Mode: Manual;
2011/05/29 18:00:39.0587 3092 ================================================================================
2011/05/29 18:00:41.0291 3092 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/29 18:00:41.0369 3092 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/29 18:00:41.0447 3092 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/29 18:00:41.0494 3092 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/29 18:00:41.0603 3092 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/29 18:00:41.0728 3092 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/29 18:00:41.0822 3092 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/29 18:00:41.0916 3092 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/29 18:00:41.0962 3092 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/29 18:00:42.0041 3092 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/29 18:00:42.0087 3092 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/29 18:00:42.0134 3092 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/29 18:00:42.0197 3092 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/29 18:00:42.0244 3092 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/29 18:00:42.0337 3092 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/29 18:00:42.0400 3092 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/29 18:00:42.0478 3092 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
2011/05/29 18:00:42.0806 3092 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/05/29 18:00:43.0087 3092 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/29 18:00:43.0150 3092 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/29 18:00:43.0244 3092 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/05/29 18:00:43.0775 3092 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/29 18:00:43.0978 3092 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/29 18:00:44.0166 3092 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/29 18:00:44.0275 3092 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/29 18:00:44.0369 3092 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/29 18:00:44.0431 3092 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/29 18:00:44.0509 3092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/29 18:00:44.0556 3092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/29 18:00:44.0650 3092 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/29 18:00:44.0712 3092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/29 18:00:44.0775 3092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/29 18:00:44.0822 3092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/29 18:00:44.0869 3092 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/29 18:00:44.0931 3092 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/29 18:00:44.0994 3092 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/29 18:00:45.0072 3092 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/29 18:00:45.0166 3092 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/29 18:00:45.0259 3092 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/29 18:00:45.0306 3092 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/29 18:00:45.0369 3092 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/29 18:00:45.0416 3092 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/29 18:00:45.0478 3092 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/29 18:00:45.0650 3092 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/29 18:00:45.0775 3092 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/29 18:00:45.0869 3092 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/29 18:00:45.0947 3092 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/29 18:00:45.0994 3092 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/29 18:00:46.0087 3092 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/29 18:00:46.0212 3092 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/29 18:00:46.0275 3092 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/29 18:00:46.0384 3092 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/29 18:00:46.0447 3092 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/29 18:00:46.0697 3092 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/29 18:00:46.0822 3092 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/29 18:00:46.0900 3092 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/29 18:00:46.0962 3092 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/29 18:00:47.0228 3092 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/29 18:00:47.0291 3092 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/29 18:00:47.0353 3092 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/29 18:00:47.0431 3092 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/29 18:00:47.0525 3092 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/29 18:00:47.0603 3092 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/29 18:00:47.0962 3092 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/05/29 18:00:48.0181 3092 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/29 18:00:48.0275 3092 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/29 18:00:48.0337 3092 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/29 18:00:48.0384 3092 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/29 18:00:48.0462 3092 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/29 18:00:48.0541 3092 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/29 18:00:48.0603 3092 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/05/29 18:00:48.0666 3092 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/29 18:00:48.0728 3092 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/29 18:00:48.0775 3092 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/29 18:00:48.0853 3092 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/29 18:00:48.0994 3092 IntcAzAudAddService (dcdfe561f177105e1e365733f09f3e30) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/29 18:00:49.0119 3092 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/29 18:00:49.0166 3092 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/29 18:00:49.0244 3092 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/29 18:00:49.0353 3092 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/29 18:00:49.0400 3092 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/29 18:00:49.0494 3092 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/29 18:00:49.0556 3092 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/29 18:00:49.0619 3092 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/29 18:00:49.0681 3092 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/29 18:00:49.0744 3092 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/29 18:00:49.0791 3092 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/29 18:00:49.0869 3092 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/29 18:00:49.0916 3092 kbfiltr (27bd4ac228ef6c0d490617c32e86a672) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/05/29 18:00:49.0994 3092 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/29 18:00:50.0103 3092 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/29 18:00:50.0197 3092 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/29 18:00:50.0259 3092 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/29 18:00:50.0369 3092 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/29 18:00:50.0447 3092 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/29 18:00:50.0525 3092 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
2011/05/29 18:00:50.0603 3092 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/29 18:00:50.0681 3092 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/29 18:00:50.0775 3092 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/29 18:00:50.0837 3092 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/05/29 18:00:50.0900 3092 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/29 18:00:50.0962 3092 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/29 18:00:51.0025 3092 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/29 18:00:51.0087 3092 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/29 18:00:51.0181 3092 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/29 18:00:51.0259 3092 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/29 18:00:51.0337 3092 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/29 18:00:51.0447 3092 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/29 18:00:51.0525 3092 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/29 18:00:51.0603 3092 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/29 18:00:51.0681 3092 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/29 18:00:51.0775 3092 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/29 18:00:51.0853 3092 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/29 18:00:51.0994 3092 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/29 18:00:52.0072 3092 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/29 18:00:52.0181 3092 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/29 18:00:52.0275 3092 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/29 18:00:52.0353 3092 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/29 18:00:52.0431 3092 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/29 18:00:52.0541 3092 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/29 18:00:52.0603 3092 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/29 18:00:52.0681 3092 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/05/29 18:00:52.0791 3092 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/29 18:00:52.0900 3092 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/29 18:00:53.0025 3092 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/29 18:00:53.0119 3092 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/29 18:00:53.0181 3092 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/29 18:00:53.0291 3092 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/29 18:00:53.0384 3092 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/29 18:00:53.0587 3092 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/29 18:00:53.0666 3092 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/29 18:00:53.0806 3092 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/29 18:00:53.0900 3092 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/29 18:00:53.0994 3092 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/29 18:00:54.0134 3092 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/29 18:00:54.0228 3092 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/29 18:00:54.0306 3092 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/29 18:00:54.0619 3092 nvlddmkm (340c9a91d457e4ae849f42b2688800e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/29 18:00:54.0853 3092 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/29 18:00:54.0947 3092 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/29 18:00:55.0025 3092 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/29 18:00:55.0212 3092 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/29 18:00:55.0322 3092 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/29 18:00:55.0416 3092 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/29 18:00:55.0572 3092 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/29 18:00:55.0697 3092 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/29 18:00:55.0791 3092 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/29 18:00:55.0869 3092 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/29 18:00:55.0978 3092 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/29 18:00:56.0259 3092 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/29 18:00:56.0337 3092 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/29 18:00:56.0462 3092 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/29 18:00:56.0603 3092 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/29 18:00:56.0697 3092 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/29 18:00:56.0791 3092 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/29 18:00:56.0869 3092 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/29 18:00:56.0947 3092 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/29 18:00:57.0056 3092 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/29 18:00:57.0150 3092 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/29 18:00:57.0244 3092 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/29 18:00:57.0353 3092 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/29 18:00:57.0494 3092 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/29 18:00:57.0619 3092 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/29 18:00:57.0744 3092 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/29 18:00:57.0947 3092 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/29 18:00:58.0025 3092 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/29 18:00:58.0119 3092 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/29 18:00:58.0275 3092 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/29 18:00:58.0369 3092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/29 18:00:58.0509 3092 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/29 18:00:58.0587 3092 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/29 18:00:58.0650 3092 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/29 18:00:58.0806 3092 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/29 18:00:58.0884 3092 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/29 18:00:58.0947 3092 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/29 18:00:59.0025 3092 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/29 18:00:59.0150 3092 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/29 18:00:59.0228 3092 SiSGbeLH (73838461f11fc7daee7922c945b2d74f) C:\Windows\system32\DRIVERS\SiSGB6.sys
2011/05/29 18:00:59.0306 3092 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/29 18:00:59.0384 3092 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/29 18:00:59.0572 3092 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/29 18:00:59.0712 3092 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/05/29 18:00:59.0853 3092 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/29 18:00:59.0994 3092 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/29 18:01:00.0134 3092 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/29 18:01:00.0212 3092 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/29 18:01:00.0353 3092 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/29 18:01:00.0494 3092 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/29 18:01:00.0603 3092 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/29 18:01:00.0666 3092 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/29 18:01:00.0744 3092 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/29 18:01:00.0822 3092 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/29 18:01:01.0009 3092 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/29 18:01:01.0150 3092 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/29 18:01:01.0306 3092 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/29 18:01:01.0400 3092 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/29 18:01:01.0556 3092 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/29 18:01:01.0681 3092 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/29 18:01:01.0822 3092 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/29 18:01:02.0056 3092 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/29 18:01:02.0134 3092 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/29 18:01:02.0244 3092 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/29 18:01:02.0337 3092 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/29 18:01:02.0431 3092 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/29 18:01:02.0619 3092 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/29 18:01:02.0759 3092 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/29 18:01:02.0869 3092 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/29 18:01:02.0962 3092 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/29 18:01:03.0072 3092 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/29 18:01:03.0228 3092 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/29 18:01:03.0337 3092 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/29 18:01:03.0494 3092 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/29 18:01:03.0837 3092 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/29 18:01:03.0931 3092 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/29 18:01:04.0041 3092 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/29 18:01:04.0134 3092 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/29 18:01:04.0337 3092 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/29 18:01:04.0462 3092 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/29 18:01:04.0587 3092 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/29 18:01:04.0681 3092 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/29 18:01:04.0853 3092 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/29 18:01:05.0025 3092 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/29 18:01:05.0119 3092 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/29 18:01:05.0228 3092 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/29 18:01:05.0431 3092 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/29 18:01:05.0603 3092 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/29 18:01:05.0744 3092 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/29 18:01:05.0962 3092 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/29 18:01:06.0041 3092 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 18:01:06.0103 3092 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 18:01:06.0322 3092 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/29 18:01:06.0431 3092 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/29 18:01:06.0869 3092 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/29 18:01:07.0134 3092 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/29 18:01:07.0291 3092 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/29 18:01:07.0416 3092 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/29 18:01:07.0572 3092 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
2011/05/29 18:01:07.0650 3092 ================================================================================
2011/05/29 18:01:07.0650 3092 Scan finished
2011/05/29 18:01:07.0650 3092 ================================================================================
2011/05/29 18:01:07.0697 3468 Detected object count: 0
2011/05/29 18:01:07.0697 3468 Actual detected object count: 0
|
|
29.05.2011, 17:47
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit diverser Malware Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Infektion mit diverser Malware |
|
30.05.2011, 15:40
| #7 |
| | Infektion mit diverser Malware Also hier das ComboFix-Log: Code:
ATTFilter ComboFix 11-05-29.02 - *** 30.05.2011 16:07:22.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.2047.1256 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-28 bis 2011-05-30 ))))))))))))))))))))))))))))))
.
.
2011-05-30 14:24 . 2011-05-30 14:24 -------- d-----w- c:\users\***\AppData\Local\temp
2011-05-30 14:24 . 2011-05-30 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 01:02 . 2011-05-30 01:02 -------- d-----w- c:\program files\Microsoft.NET
2011-05-29 14:13 . 2011-05-29 14:13 -------- d-----w- C:\_OTL
2011-05-28 23:13 . 2011-05-28 23:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-27 18:22 . 2011-05-27 18:22 -------- d-----w- c:\users\***\AppData\Roaming\DriverCure
2011-05-27 18:22 . 2011-05-27 18:22 -------- d-----w- c:\users\***\AppData\Roaming\ParetoLogic
2011-05-27 18:22 . 2011-05-27 18:22 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-05-27 18:22 . 2011-05-27 18:22 -------- d-----w- c:\programdata\ParetoLogic
2011-05-27 18:22 . 2011-05-27 18:22 -------- d-----w- c:\program files\ParetoLogic
2011-05-27 17:49 . 2011-05-27 17:49 -------- d-----w- c:\windows\BDOSCAN8
2011-05-27 17:49 . 2011-05-27 17:49 -------- d-----w- c:\users\***\AppData\Local\PackageAware
2011-05-27 12:21 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE71612A-A3E1-4650-8A1D-7BBC6B900133}\mpengine.dll
2011-05-11 11:14 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-04 20:56 . 2011-05-27 19:40 -------- d-----w- c:\program files\SnapDragon Games
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-12 12:16 . 2009-02-16 21:03 796672 ----a-w- c:\windows\GPInstall.exe
2011-03-16 14:47 . 2010-02-11 17:05 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-12 21:55 . 2011-04-27 07:30 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-13 21:59 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-13 21:59 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-13 21:59 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 07:30 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-27 07:30 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 07:30 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 07:30 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 07:30 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-27 07:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-13 21:58 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-13 21:59 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2011-04-14 16:40 . 2011-05-27 18:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD\Language\Language.exe" [2008-02-22 62760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-01 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-01 92704]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-17 5320704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Biet-O-Matic.lnk - c:\program files\Biet-O-Matic\Biet-O-Matic.exe [2008-12-6 1265664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-11-16 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-27 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:51]
.
2011-05-27 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:51]
.
2011-05-27 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
2011-05-27 c:\windows\Tasks\PC Health Advisor.job
- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xvhu1y2j.default\
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-NvCplDaemonTool - c:\users\***\tloadF4.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-30 16:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2904)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
Zeit der Fertigstellung: 2011-05-30 16:31:12
ComboFix-quarantined-files.txt 2011-05-30 14:31
.
Vor Suchlauf: 16 Verzeichnis(se), 35.847.831.552 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 36.034.375.680 Bytes frei
.
- - End Of File - - 8DF4CA82AF9E90FF3987D555FDF566C9
|
|
30.05.2011, 16:14
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit diverser Malware Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2011, 18:56
| #9 |
| | Infektion mit diverser Malware Okay, also hier die neuen Logfiles: neues GMER-Log: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-30 19:39:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: ksdu5jyf.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B809340, 0x3DC4A7, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7440A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [743E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7443CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [743DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
---- Files - GMER 1.0.15 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:47:14 on 30.05.2011 OS: Windows Vista Home Basic Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "ParetoLogic Registration3.job" - ? - C:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll "ParetoLogic Update Version3.job" - "ParetoLogic Inc." - C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe "PC Health Advisor.job" - "ParetoLogic, Inc." - C:\Program Files\ParetoLogic\PCHA\PCHA.exe "PC Health Advisor Defrag.job" - "ParetoLogic, Inc." - C:\Program Files\ParetoLogic\PCHA\PCHA.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "Data Security Manager Driver" (AsDsm) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\system32\drivers\AsDsm.sys "ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lullaby" (lullaby) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\lullaby.sys "pwliyfow" (pwliyfow) - ? - C:\Users\***\AppData\Local\Temp\pwliyfow.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" - "ASUS" - C:\Windows\system32\TPESetting.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll (File found, but it contains no detailed information) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {82AA9188-44E0-40B9-B956-43A10C315B4F} "RootShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} "ShellDragDropHandler Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll {7568C3F3-DF7E-436A-95C2-772819DF58B4} "ShellFolderExternal Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll {119310E6-5FB7-4eeb-BEDB-9E229E76B9B4} "ShellFolderMultiUploadDestination Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll {3B164627-7060-47BB-A1BE-DF5540B02821} "ShellFolderMultiUploadSource Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll {6E0A0931-B89D-45B7-8BF0-F221A6D67257} "ShellFolderRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll {EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} "ShellFolderSearchRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} "SmartFTP ContextMenu Shell Extension" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} "SmartFTP Drop ShellIconOverlayHandler" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll {FD504287-1372-40d2-ACA6-216A8FCC243D} "SmartFTP FavoritesShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll {0848278D-D88B-445b-BEDC-7DFBDB061F5F} "SmartFTP FavoritesShellFolderDesktop class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll {40FDFA48-5F4E-4627-A78E-6A49A3D4492F} "SmartFTP ShellDropHandler Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfShellTools.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "Exec" - ? - C:\Windows\bdoscandel.exe (File found, but it contains no detailed information) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} "{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - ? - C:\Program Files\Java\jre6\bin\jp2ssv.dll (File not found) {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Biet-O-Matic.lnk" - "www.bid-o-matic.org" - C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SpybotSD TeaTimer" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ASUSTPE" - "ASUS" - C:\Windows\system32\ASUSTPE.exe "ATKMEDIA" - "ASUS" - C:\Program Files\ASUS\ATK Media\DMedia.exe "ATKOSD2" - ? - "C:\Program Files\ATKOSD2\ATKOSD2.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HControlUser" - ? - "C:\Program Files\ATK Hotkey\HcontrolUser.exe" "LanguageShortcut" - ? - "C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe" " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "hpfll70v.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpfll70v.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "ADSM Service" (ADSMService) - ? - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe "ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Scheduler" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F5C
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 151):
0x81E0D000 \SystemRoot\system32\ntkrnlpa.exe
0x821C7000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068F000 \SystemRoot\system32\drivers\acpi.sys
0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E6000 \SystemRoot\system32\drivers\pci.sys
0x8070D000 \SystemRoot\System32\drivers\partmgr.sys
0x8071C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80729000 \SystemRoot\system32\drivers\volmgr.sys
0x80738000 \SystemRoot\System32\drivers\volmgrx.sys
0x80782000 \SystemRoot\system32\drivers\pciide.sys
0x80789000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80797000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A7000 \SystemRoot\system32\drivers\atapi.sys
0x807AF000 \SystemRoot\system32\drivers\ataport.SYS
0x807CD000 \SystemRoot\system32\drivers\fltmgr.sys
0x805BE000 \SystemRoot\system32\drivers\fileinfo.sys
0x805CE000 \SystemRoot\System32\Drivers\AsDsm.sys
0x805D8000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x87802000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87873000 \SystemRoot\system32\drivers\ndis.sys
0x8797E000 \SystemRoot\system32\drivers\msrpc.sys
0x879A9000 \SystemRoot\system32\drivers\NETIO.SYS
0x87A09000 \SystemRoot\System32\drivers\tcpip.sys
0x87AF3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87C07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87D17000 \SystemRoot\system32\drivers\wd.sys
0x87D1F000 \SystemRoot\system32\drivers\volsnap.sys
0x87D58000 \SystemRoot\System32\Drivers\spldr.sys
0x87D60000 \SystemRoot\System32\Drivers\mup.sys
0x87D6F000 \SystemRoot\System32\drivers\ecache.sys
0x87D96000 \SystemRoot\system32\drivers\disk.sys
0x87DA7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87DC8000 \SystemRoot\system32\drivers\crcdisk.sys
0x87DF1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87B0E000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87B17000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x87B1F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B809000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BF24000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BFC4000 \SystemRoot\System32\drivers\watchdog.sys
0x8BFD0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8BFE3000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8BFEB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x87B2E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8BFF6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x87B5D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87B68000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87B72000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87BB0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87BBF000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
0x87BCF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C000000 \SystemRoot\system32\DRIVERS\athr.sys
0x8C0E4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C171000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8C175000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C1A4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C1E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x87BE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C1F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C40B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C42E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C43D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C451000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C466000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C476000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C478000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C4A2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C4AC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C4B9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C4EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C600000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C4FF000 \SystemRoot\system32\drivers\portcls.sys
0x8C52C000 \SystemRoot\system32\drivers\drmk.sys
0x8C801000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8C927000 \SystemRoot\system32\drivers\modem.sys
0x8C934000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x8C93E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C947000 \SystemRoot\System32\Drivers\Null.SYS
0x8C94E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C95E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C965000 \SystemRoot\System32\drivers\vga.sys
0x8C971000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C992000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C99A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C9A2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C9AD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C9BB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C9C4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C9DA000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C551000 \SystemRoot\system32\drivers\afd.sys
0x8C599000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C5CB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C9EE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C5E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C955000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CA0F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CA4B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CA55000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CA6C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8CA92000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8CA94000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CAAB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CAB4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8CAC4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8CACD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CADA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8CAE5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8CAED000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x942D0000 \SystemRoot\System32\win32k.sys
0x8CAFF000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CB09000 \SystemRoot\system32\DRIVERS\monitor.sys
0x944F0000 \SystemRoot\System32\TSDDD.dll
0x94510000 \SystemRoot\System32\cdd.dll
0x8CB18000 \SystemRoot\system32\drivers\luafv.sys
0x8CB33000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8CB48000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8CB58000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8CB82000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8CB8C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9C409000 \SystemRoot\system32\drivers\spsys.sys
0x9C4B9000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x9C4C0000 \SystemRoot\system32\drivers\HTTP.sys
0x9C52D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C54A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9C560000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C579000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C58E000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C5AF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8CB9F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C5CE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8CBD8000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E408000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E457000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x9E45A000 \SystemRoot\system32\drivers\peauth.sys
0x9E538000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9E560000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E56A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E576000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9E58B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9E59D000 \??\C:\Users\***\AppData\Local\Temp\pwliyfow.sys
0x771C0000 \Windows\System32\ntdll.dll
Processes (total 68):
0 System Idle Process
4 System
420 C:\Windows\System32\smss.exe
484 csrss.exe
532 C:\Windows\System32\wininit.exe
540 csrss.exe
580 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
624 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\nvvsvc.exe
872 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\audiodg.exe
1180 C:\Windows\System32\SLsvc.exe
1236 C:\Windows\System32\rundll32.exe
1364 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\svchost.exe
1580 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1604 C:\Windows\System32\wlanext.exe
1648 C:\Program Files\ATK Hotkey\AsLdrSrv.exe
1668 C:\Windows\System32\dwm.exe
1700 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1720 C:\Windows\explorer.exe
1800 C:\Windows\System32\spoolsv.exe
1884 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1944 C:\Windows\System32\rundll32.exe
1952 C:\Program Files\ATK Hotkey\HControlUser.exe
1960 C:\Program Files\ATKOSD2\ATKOSD2.exe
1968 C:\Windows\RtHDVCpl.exe
1980 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1988 C:\Windows\System32\ASUSTPE.exe
1996 C:\Program Files\ASUS\ATK Media\DMedia.exe
2004 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2032 C:\Windows\System32\svchost.exe
2044 C:\Program Files\ATK Hotkey\HControl.exe
196 C:\Program Files\ATK Hotkey\MsgTranAgt.exe
204 C:\Program Files\Wireless Console 2\wcourier.exe
240 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
264 C:\Program Files\P4G\BatteryLife.exe
284 C:\Program Files\ASUS\Splendid\ACMON.exe
1380 ACEngSvr.exe
1472 C:\Program Files\ATK Hotkey\ATKOSD.exe
1568 C:\Program Files\ATK Hotkey\KBFiltr.exe
300 C:\Program Files\ATK Hotkey\WDC.exe
1248 C:\Windows\System32\agrsmsvc.exe
2076 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2116 C:\Windows\System32\svchost.exe
2172 C:\Windows\System32\svchost.exe
2264 C:\Windows\System32\svchost.exe
2300 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2352 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2404 C:\Windows\System32\svchost.exe
2444 C:\Windows\System32\svchost.exe
2492 C:\Windows\System32\SearchIndexer.exe
2536 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2600 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2784 WUDFHost.exe
884 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3492 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\wuauclt.exe
3648 C:\Windows\System32\SearchProtocolHost.exe
3364 C:\Windows\System32\SearchFilterHost.exe
1940 C:\Users\***\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000015`1262f400 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
|
|
30.05.2011, 19:38
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit diverser Malware Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten. Hast Du noch andere Betriebssysteme außer Vista installiert? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2011, 21:44
| #11 |
| | Infektion mit diverser Malware Den MBR habe ich gefixt und hier die neuen Logfiles: MBRCheck: HTML-Code: MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F5C
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 150):
0x81E36000 \SystemRoot\system32\ntkrnlpa.exe
0x81E03000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047B000 \SystemRoot\system32\PSHED.dll
0x8048C000 \SystemRoot\system32\BOOTVID.dll
0x80494000 \SystemRoot\system32\CLFS.SYS
0x804D5000 \SystemRoot\system32\CI.dll
0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80680000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068D000 \SystemRoot\system32\drivers\acpi.sys
0x806D3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DC000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E4000 \SystemRoot\system32\drivers\pci.sys
0x8070B000 \SystemRoot\System32\drivers\partmgr.sys
0x8071A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80727000 \SystemRoot\system32\drivers\volmgr.sys
0x80736000 \SystemRoot\System32\drivers\volmgrx.sys
0x80780000 \SystemRoot\system32\drivers\pciide.sys
0x80787000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80795000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A5000 \SystemRoot\system32\drivers\atapi.sys
0x807AD000 \SystemRoot\system32\drivers\ataport.SYS
0x807CB000 \SystemRoot\system32\drivers\fltmgr.sys
0x805B5000 \SystemRoot\system32\drivers\fileinfo.sys
0x805C5000 \SystemRoot\System32\Drivers\AsDsm.sys
0x805CF000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x87800000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87871000 \SystemRoot\system32\drivers\ndis.sys
0x8797C000 \SystemRoot\system32\drivers\msrpc.sys
0x879A7000 \SystemRoot\system32\drivers\NETIO.SYS
0x87A02000 \SystemRoot\System32\drivers\tcpip.sys
0x87AEC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87C0A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87D1A000 \SystemRoot\system32\drivers\wd.sys
0x87D22000 \SystemRoot\system32\drivers\volsnap.sys
0x87D5B000 \SystemRoot\System32\Drivers\spldr.sys
0x87D63000 \SystemRoot\System32\Drivers\mup.sys
0x87D72000 \SystemRoot\System32\drivers\ecache.sys
0x87D99000 \SystemRoot\system32\drivers\disk.sys
0x87DAA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87DCB000 \SystemRoot\system32\drivers\crcdisk.sys
0x87DF4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87C00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87B07000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x87B0F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B408000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BB23000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BBC3000 \SystemRoot\System32\drivers\watchdog.sys
0x8BBCF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8BBE2000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8BBEA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x87B1E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8BBF5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x87B4D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87B58000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87B62000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87BA0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87BAF000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
0x87BBF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B006000 \SystemRoot\system32\DRIVERS\athr.sys
0x8B0EA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B177000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B17B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B1AA000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B1EB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x87BD7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x87BEE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x805D7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x879E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BC09000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BC1D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8BC32000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BC42000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BC44000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BC6E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BC78000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BC85000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BCBA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8BE00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BCCB000 \SystemRoot\system32\drivers\portcls.sys
0x8BCF8000 \SystemRoot\system32\drivers\drmk.sys
0x8C00E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8C134000 \SystemRoot\system32\drivers\modem.sys
0x8C141000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x8C14B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C154000 \SystemRoot\System32\Drivers\Null.SYS
0x8C15B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C16B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C172000 \SystemRoot\System32\drivers\vga.sys
0x8C17E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C19F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C1A7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C1AF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C1BA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C1C8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C1D1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C1E7000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BD1D000 \SystemRoot\system32\drivers\afd.sys
0x8BD65000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BD97000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C000000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BDAD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C162000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8BDC0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B1F6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C402000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C419000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8C43F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8C441000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C458000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8C461000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8C471000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C47A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C487000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C492000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8C49A000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x93A40000 \SystemRoot\System32\win32k.sys
0x8C4AC000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C4B6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93C60000 \SystemRoot\System32\TSDDD.dll
0x93C80000 \SystemRoot\System32\cdd.dll
0x8C4C5000 \SystemRoot\system32\drivers\luafv.sys
0x8C4E0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8C4F5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C505000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8C52F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8C539000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8C54C000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x9BE04000 \SystemRoot\system32\drivers\spsys.sys
0x9BEB4000 \SystemRoot\system32\drivers\HTTP.sys
0x9BF21000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9BF3E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9BF54000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9BF6D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9BF82000 \SystemRoot\system32\drivers\mrxdav.sys
0x9BFA3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9BFC2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8C553000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8C56B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x8C593000 \SystemRoot\System32\DRIVERS\srv.sys
0x9BFFB000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0xA060D000 \SystemRoot\system32\drivers\peauth.sys
0xA06EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA06F5000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA071D000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0729000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA073E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x770E0000 \Windows\System32\ntdll.dll
Processes (total 68):
0 System Idle Process
4 System
396 C:\Windows\System32\smss.exe
464 csrss.exe
508 C:\Windows\System32\wininit.exe
516 csrss.exe
556 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
600 C:\Windows\System32\winlogon.exe
764 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\nvvsvc.exe
848 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\audiodg.exe
1160 C:\Windows\System32\SLsvc.exe
1212 C:\Windows\System32\rundll32.exe
1344 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1548 C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
1564 C:\Program Files\ATK Hotkey\AsLdrSrv.exe
1576 C:\Windows\System32\wlanext.exe
1604 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1704 C:\Windows\System32\spoolsv.exe
1736 C:\Windows\System32\dwm.exe
1752 C:\Windows\explorer.exe
1864 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1892 C:\Windows\System32\svchost.exe
1936 C:\Windows\System32\rundll32.exe
1944 C:\Program Files\ATK Hotkey\HControlUser.exe
1952 C:\Program Files\ATKOSD2\ATKOSD2.exe
1960 C:\Windows\RtHDVCpl.exe
1968 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1988 C:\Windows\System32\ASUSTPE.exe
2000 C:\Program Files\ASUS\ATK Media\DMedia.exe
2012 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2020 C:\Program Files\ATK Hotkey\HControl.exe
2036 C:\Program Files\ATK Hotkey\MsgTranAgt.exe
2044 C:\Program Files\Wireless Console 2\wcourier.exe
196 C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
204 C:\Program Files\P4G\BatteryLife.exe
240 C:\Program Files\ASUS\Splendid\ACMON.exe
1124 ACEngSvr.exe
1596 C:\Program Files\ATK Hotkey\ATKOSD.exe
1464 C:\Program Files\ATK Hotkey\KBFiltr.exe
1784 C:\Program Files\ATK Hotkey\WDC.exe
1844 C:\Windows\System32\agrsmsvc.exe
2028 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
268 C:\Windows\System32\svchost.exe
2112 C:\Windows\System32\svchost.exe
2156 C:\Windows\System32\svchost.exe
2240 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2256 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2360 C:\Windows\System32\svchost.exe
2412 C:\Windows\System32\svchost.exe
2468 C:\Windows\System32\SearchIndexer.exe
2484 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2592 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2712 WUDFHost.exe
3512 WmiPrvSE.exe
3348 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2960 C:\Windows\System32\SearchProtocolHost.exe
4020 C:\Windows\System32\SearchFilterHost.exe
4044 C:\Windows\System32\svchost.exe
3692 C:\Users\***\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000015`1262f400 (NTFS)
PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done! GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-30 22:39:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: ksdu5jyf.exe; Driver: C:\Users\***\AppData\Local\Temp\pwliyfow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B408340, 0x3DC4A7, 0xE8000020]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7432A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [742DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [742CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74308395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [742DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7435CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [742C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [742D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)
---- Files - GMER 1.0.15 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 253952 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys 29752 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt 512 bytes
---- EOF - GMER 1.0.15 ----
|
|
31.05.2011, 10:00
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit diverser MalwareZitat:
Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2011, 15:55
| #13 |
| | Infektion mit diverser Malware Die MBAM- und SASW-Logs habe ich fertig. Den ESET-Scanner kriege ich aber gerade nicht zum Laufen, der zeigt an: Code:
ATTFilter Can not get update. Is proxy configured?
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6731
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
31.05.2011 17:59:15
mbam-log-2011-05-31 (17-59-15).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 281912
Laufzeit: 1 Stunde(n), 24 Minute(n), 24 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/01/2011 at 00:05 AM
Application Version : 4.53.1000
Core Rules Database Version : 7166
Trace Rules Database Version: 4978
Scan type : Complete Scan
Total Scan Time : 02:19:53
Memory items scanned : 573
Memory threats detected : 0
Registry items scanned : 7184
Registry threats detected : 0
File items scanned : 145156
File threats detected : 40
Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tacoda.at.atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@cdn.at.atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@ar.atwola[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@at.atwola[2].txt
acvs.mediaonenetwork.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
adserv.quality-channel.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
broadcast.piximedia.fr [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
cdn.insights.gravity.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
cdn1.eyewonder.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
cdn5.specificclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
content.oddcast.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
counter.cam-content.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
crackle.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
de.mediaplanet.streamingbolaget.se [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
googleads.g.doubleclick.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
ia.media-imdb.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
imagesrv.adition.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
inwmedia.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
m1.emea.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media.autobild.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media.bstdownload.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media.cnbc.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media.dreamhost.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media.ecommerceplayer.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media.filb.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media.mtvnservices.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media.rofl.to [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media.scanscout.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media01.kyte.tv [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
media1.break.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
mi.adinterax.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
oddcast.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
s0.2mdn.net [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
secure-uk.imrworldwide.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
secure-us.imrworldwide.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
www.ardmediathek.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
www.crossmedia2.de [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
www.pornme.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
www.royalmediamarketing.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FWXCDH56 ]
|
|
01.06.2011, 20:30
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infektion mit diverser MalwareZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2011, 23:20
| #15 |
| | Infektion mit diverser Malware Habe hier zwei verschiedene ESET-Logs: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
Code:
ATTFilter C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7575895d-2271c6fb a variant of Java/Agent.BP trojan
C:\Users\***\Desktop\WS\A2WSA.EXE probably a variant of Qres.316 virus
|
|
| Themen zu Infektion mit diverser Malware |
| 32 bit, alternate, antivir, audacity, autorun, avira, bho, c:\windows\system32\rundll32.exe, calculator, error, fehler, firefox, flash player, google, google earth, heuristics.shuriken, hijack, hijackthis, home, iexplore.exe, installation, malwar, malware, mozilla, ntdll.dll, nvlddmkm.sys, oldtimer, plug-in, realtek, registry, safer networking, scan, searchplugins, security, software, start menu, studio, svchost.exe, system, usb, usb 2.0, vista, {dfefcdee-cf1a-4fc8-88ad-48514e463b27} |
Linear-Darstellung
