| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Desktop schwarz, Startmenü leer, HDDWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.06.2011, 01:13
| #1 |
 |  Desktop schwarz, Startmenü leer, HDD Servus, ihr seid meine letzt Hoffnung bevor ich komplett am Rad drehe hier. Wie auch schon ein paar andere hatte ich heute urplötzlich eine Fehlermeldung meine Festplatte betreffend. Ich startete den Computer neu und wurde sofort von einem Programm a la Hard Drive Diagnostics begrüst (wie´s genau hiess weis ich nur nicht). Nach längerer recherche im Inet hab ich mir dann das Malwarebytes gezogen und einen kompletten Scan durchgeführt. Insgesamt wurden 6 verschiedene Infizierte Dinge gefunden (logs im Anhang) die anschliessend auch von mir gelöscht wurden. 4 weitere scanns mit Malware auch mit erneuter akutalisierung waren ohne befund. Beim Neustart danach waren nun zwar alle Fehlermeldungen weg aber auch mein kompletter Desktop sowie Starmenu und Schnellstartleiste bleiben verschollen, auf manche Dateien kann ich zudem garnicht zugreifen. Zwischenzeitlich hab ich es dann auch mit unhide versucht allerdings ohne erfolg, hab es auch als Admin durchlaufen zu lassen. Eventuell liegts auch an meinem Avira wo ich zwar den Guard ausgestellt bekomme das Programm aber nicht. Auch eine Systemwiederherstellung war erfolglos, es hiess dann beim Neustart das ein fehler aufgetreten sei und die Wiederherstellung nicht möglich gewesen sei. OTL hab ich auch bereits laufen lassen und häng auch hiervon das Log mal mit an, wobei es da bei mir aufhört könnte auch alles auf esperanto geschrieben sein. ICH BIN MIT MEINEM LATEIN VÖLLIG AM ENDE UND BITTE INSTÄNDIG UM HILFE! Liebe Grüsse |
|
05.06.2011, 17:14
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Desktop schwarz, Startmenü leer, HDD Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.27 18:01:16 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d5092d12-5efd-11e0-8bf8-001fc610204b}\Shell - "" = AutoRun
O33 - MountPoints2\{d5092d12-5efd-11e0-8bf8-001fc610204b}\Shell\AutoRun\command - "" = F:\autorun.exe
[2011.06.04 16:53:15 | 000,000,384 | ---- | M] () -- C:\ProgramData\31055608
[2011.06.04 16:50:02 | 000,000,144 | ---- | M] () -- C:\ProgramData\~31055608r
[2011.06.04 16:50:02 | 000,000,120 | ---- | M] () -- C:\ProgramData\~31055608
[2011.06.04 16:38:09 | 000,000,597 | ---- | M] () -- C:\Users\HP\Desktop\Windows Vista Recovery.lnk
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
05.06.2011, 18:18
| #3 |
| | Desktop schwarz, Startmenü leer, HDD erledigt, Rechner wurde nicht neu gestartet falls das wichtig ist!
__________________Code:
ATTFilter ========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5092d12-5efd-11e0-8bf8-001fc610204b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5092d12-5efd-11e0-8bf8-001fc610204b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5092d12-5efd-11e0-8bf8-001fc610204b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5092d12-5efd-11e0-8bf8-001fc610204b}\ not found.
File F:\autorun.exe not found.
C:\ProgramData\31055608 moved successfully.
C:\ProgramData\~31055608r moved successfully.
C:\ProgramData\~31055608 moved successfully.
C:\Users\HP\Desktop\Windows Vista Recovery.lnk moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.23.0 log created on 06052011_191559
|
|
05.06.2011, 18:33
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, Startmenü leer, HDD Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.06.2011, 19:10
| #5 |
| | Desktop schwarz, Startmenü leer, HDD So Kaspersky sagt garnichts, nichts gefunden. Code:
ATTFilter 2011/06/05 19:45:50.0477 4336 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 19:45:50.0631 4336 ================================================================================
2011/06/05 19:45:50.0631 4336 SystemInfo:
2011/06/05 19:45:50.0631 4336
2011/06/05 19:45:50.0631 4336 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/05 19:45:50.0631 4336 Product type: Workstation
2011/06/05 19:45:50.0631 4336 ComputerName: HP-PC
2011/06/05 19:45:50.0631 4336 UserName: HP
2011/06/05 19:45:50.0631 4336 Windows directory: C:\Windows
2011/06/05 19:45:50.0631 4336 System windows directory: C:\Windows
2011/06/05 19:45:50.0631 4336 Processor architecture: Intel x86
2011/06/05 19:45:50.0631 4336 Number of processors: 4
2011/06/05 19:45:50.0631 4336 Page size: 0x1000
2011/06/05 19:45:50.0631 4336 Boot type: Normal boot
2011/06/05 19:45:50.0631 4336 ================================================================================
2011/06/05 19:45:51.0227 4336 Initialize success
2011/06/05 19:46:24.0130 4224 ================================================================================
2011/06/05 19:46:24.0130 4224 Scan started
2011/06/05 19:46:24.0130 4224 Mode: Manual;
2011/06/05 19:46:24.0130 4224 ================================================================================
2011/06/05 19:46:24.0597 4224 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/05 19:46:24.0643 4224 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/05 19:46:24.0695 4224 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/05 19:46:24.0737 4224 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/05 19:46:24.0774 4224 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/05 19:46:24.0939 4224 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/05 19:46:24.0999 4224 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/05 19:46:25.0036 4224 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/05 19:46:25.0086 4224 aliide (c392b591746961b60f89fe1cbca7b4fb) C:\Windows\system32\drivers\aliide.sys
2011/06/05 19:46:25.0115 4224 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/05 19:46:25.0146 4224 amdide (f5f8d2885d1df33c74764ea2c06c0028) C:\Windows\system32\drivers\amdide.sys
2011/06/05 19:46:25.0188 4224 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/05 19:46:25.0207 4224 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/05 19:46:25.0384 4224 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/05 19:46:25.0431 4224 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/05 19:46:25.0499 4224 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/05 19:46:25.0560 4224 atapi (bfd3df48c9ed81934fe21e8e3cfc2496) C:\Windows\system32\drivers\atapi.sys
2011/06/05 19:46:25.0745 4224 atikmdag (38973519d2a61e33e49a09c6b05621cd) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/05 19:46:25.0988 4224 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/05 19:46:26.0021 4224 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/05 19:46:26.0083 4224 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/05 19:46:26.0241 4224 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/05 19:46:26.0287 4224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/05 19:46:26.0309 4224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/05 19:46:26.0349 4224 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/05 19:46:26.0374 4224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/05 19:46:26.0402 4224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/05 19:46:26.0425 4224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/05 19:46:26.0461 4224 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/05 19:46:26.0508 4224 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/05 19:46:26.0567 4224 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/05 19:46:26.0612 4224 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/05 19:46:26.0672 4224 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/05 19:46:26.0743 4224 cmdide (78d56fe738f63d7fefcc7b396c5dcb67) C:\Windows\system32\drivers\cmdide.sys
2011/06/05 19:46:26.0791 4224 cmnsusbser (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
2011/06/05 19:46:26.0824 4224 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/05 19:46:26.0858 4224 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/05 19:46:26.0890 4224 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/05 19:46:26.0981 4224 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/05 19:46:27.0067 4224 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/05 19:46:27.0115 4224 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/05 19:46:27.0179 4224 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/05 19:46:27.0251 4224 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/05 19:46:27.0347 4224 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/05 19:46:27.0539 4224 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/05 19:46:27.0642 4224 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/05 19:46:27.0724 4224 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/05 19:46:27.0759 4224 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/05 19:46:27.0836 4224 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/05 19:46:27.0894 4224 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/05 19:46:27.0943 4224 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/05 19:46:28.0003 4224 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/05 19:46:28.0095 4224 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/05 19:46:28.0162 4224 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/05 19:46:28.0223 4224 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/05 19:46:28.0300 4224 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/05 19:46:28.0371 4224 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/05 19:46:28.0420 4224 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/05 19:46:28.0490 4224 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/05 19:46:28.0617 4224 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/05 19:46:28.0704 4224 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/05 19:46:28.0745 4224 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/05 19:46:28.0820 4224 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/05 19:46:28.0893 4224 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
2011/06/05 19:46:28.0959 4224 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/05 19:46:28.0990 4224 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/05 19:46:29.0107 4224 IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/05 19:46:29.0254 4224 intelide (e08fb545eda9d1e3ca689b4b3f6e4c22) C:\Windows\system32\drivers\intelide.sys
2011/06/05 19:46:29.0321 4224 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/05 19:46:29.0433 4224 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/05 19:46:29.0488 4224 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/05 19:46:29.0544 4224 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/05 19:46:29.0621 4224 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/05 19:46:29.0648 4224 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/05 19:46:29.0685 4224 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/05 19:46:29.0713 4224 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/05 19:46:29.0735 4224 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/05 19:46:29.0788 4224 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/05 19:46:29.0816 4224 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/06/05 19:46:29.0867 4224 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/05 19:46:29.0946 4224 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/05 19:46:30.0027 4224 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/05 19:46:30.0050 4224 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/05 19:46:30.0104 4224 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/05 19:46:30.0155 4224 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/05 19:46:30.0228 4224 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/05 19:46:30.0368 4224 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/05 19:46:30.0428 4224 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/05 19:46:30.0455 4224 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/05 19:46:30.0510 4224 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/05 19:46:30.0560 4224 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/05 19:46:30.0620 4224 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/05 19:46:30.0678 4224 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/05 19:46:30.0717 4224 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/05 19:46:30.0793 4224 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/05 19:46:30.0843 4224 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/05 19:46:30.0886 4224 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/05 19:46:30.0934 4224 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/05 19:46:31.0023 4224 msahci (d537c241db604fa86e46328da0fd83d6) C:\Windows\system32\drivers\msahci.sys
2011/06/05 19:46:31.0062 4224 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/05 19:46:31.0131 4224 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/05 19:46:31.0186 4224 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/05 19:46:31.0250 4224 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/05 19:46:31.0284 4224 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/05 19:46:31.0308 4224 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/05 19:46:31.0343 4224 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/05 19:46:31.0416 4224 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/05 19:46:31.0489 4224 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/05 19:46:31.0526 4224 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/05 19:46:31.0666 4224 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/05 19:46:31.0759 4224 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/05 19:46:31.0844 4224 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/05 19:46:31.0905 4224 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/05 19:46:31.0959 4224 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/05 19:46:32.0006 4224 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/05 19:46:32.0057 4224 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/05 19:46:32.0112 4224 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/05 19:46:32.0195 4224 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/05 19:46:32.0298 4224 NinjaUSB (16220ba146234625b50c055f413edf03) C:\Windows\system32\drivers\NinjaUSB.sys
2011/06/05 19:46:32.0383 4224 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/05 19:46:32.0444 4224 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/05 19:46:32.0525 4224 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/05 19:46:32.0584 4224 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/05 19:46:32.0630 4224 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/05 19:46:32.0655 4224 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/05 19:46:32.0728 4224 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/05 19:46:32.0759 4224 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/05 19:46:32.0989 4224 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/05 19:46:33.0101 4224 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/05 19:46:33.0167 4224 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/05 19:46:33.0197 4224 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/05 19:46:33.0456 4224 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/05 19:46:33.0498 4224 pciide (a88ff9e32aaa9af398ae89b9a082870b) C:\Windows\system32\drivers\pciide.sys
2011/06/05 19:46:33.0556 4224 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/05 19:46:33.0673 4224 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/05 19:46:33.0835 4224 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/05 19:46:33.0879 4224 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/05 19:46:34.0023 4224 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/06/05 19:46:34.0100 4224 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/05 19:46:34.0275 4224 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/05 19:46:34.0399 4224 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/05 19:46:34.0507 4224 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/05 19:46:34.0564 4224 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/05 19:46:34.0625 4224 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/05 19:46:34.0686 4224 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/05 19:46:34.0735 4224 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/05 19:46:34.0795 4224 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/05 19:46:34.0887 4224 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/05 19:46:34.0924 4224 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/05 19:46:34.0980 4224 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/05 19:46:35.0041 4224 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/05 19:46:35.0118 4224 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/05 19:46:35.0158 4224 RTL8169 (c347a3cde57077056e7e73d3498f7d7d) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/05 19:46:35.0225 4224 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/05 19:46:35.0276 4224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/05 19:46:35.0340 4224 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/06/05 19:46:35.0402 4224 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/05 19:46:35.0480 4224 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/05 19:46:35.0620 4224 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/05 19:46:35.0723 4224 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/06/05 19:46:35.0748 4224 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/05 19:46:35.0815 4224 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/05 19:46:35.0840 4224 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/05 19:46:35.0899 4224 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/05 19:46:35.0962 4224 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/05 19:46:36.0014 4224 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/05 19:46:36.0114 4224 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/05 19:46:36.0303 4224 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/05 19:46:36.0370 4224 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/05 19:46:36.0417 4224 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/05 19:46:36.0451 4224 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/05 19:46:36.0552 4224 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/05 19:46:36.0673 4224 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/05 19:46:36.0717 4224 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/05 19:46:36.0781 4224 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/05 19:46:36.0805 4224 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/05 19:46:36.0974 4224 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/05 19:46:37.0049 4224 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/05 19:46:37.0124 4224 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/05 19:46:37.0196 4224 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/05 19:46:37.0256 4224 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/05 19:46:37.0310 4224 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/05 19:46:37.0365 4224 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/05 19:46:37.0455 4224 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/05 19:46:37.0622 4224 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/05 19:46:37.0691 4224 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/05 19:46:37.0773 4224 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/05 19:46:37.0847 4224 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/05 19:46:37.0915 4224 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/05 19:46:37.0957 4224 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/05 19:46:38.0013 4224 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/05 19:46:38.0065 4224 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/05 19:46:38.0140 4224 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/05 19:46:38.0200 4224 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/05 19:46:38.0268 4224 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/05 19:46:38.0315 4224 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/05 19:46:38.0380 4224 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/05 19:46:38.0417 4224 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/05 19:46:38.0448 4224 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/05 19:46:38.0491 4224 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/05 19:46:38.0549 4224 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/05 19:46:38.0614 4224 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/05 19:46:38.0655 4224 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/05 19:46:38.0706 4224 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/05 19:46:38.0733 4224 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/05 19:46:38.0756 4224 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/05 19:46:38.0845 4224 viaide (f2eb2e6e21b008695d3d28e69937da9c) C:\Windows\system32\drivers\viaide.sys
2011/06/05 19:46:38.0919 4224 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/05 19:46:38.0988 4224 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/05 19:46:39.0027 4224 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/05 19:46:39.0083 4224 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/05 19:46:39.0124 4224 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/05 19:46:39.0175 4224 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 19:46:39.0192 4224 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/05 19:46:39.0283 4224 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/05 19:46:39.0352 4224 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/05 19:46:39.0483 4224 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/05 19:46:39.0597 4224 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/05 19:46:39.0666 4224 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/05 19:46:39.0902 4224 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/05 19:46:39.0959 4224 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
2011/06/05 19:46:40.0121 4224 ================================================================================
2011/06/05 19:46:40.0121 4224 Scan finished
2011/06/05 19:46:40.0121 4224 ================================================================================
2011/06/05 19:46:40.0133 6124 Detected object count: 0
2011/06/05 19:46:40.0133 6124 Actual detected object count: 0
Startleiste leer, Schnellstartleiste nicht vorhanden und Desktop fast ohne funktion - ich kann das Hintergrundbild z.B. ändern kann aber nichts drauf ziehen oder gar etwas markieren. Das einzige was davon unbetroffen ist, ist diese Custom leiste rechts wo man sich Uhr und Kalender und was auch immer einrichten kann. |
|
05.06.2011, 19:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, Startmenü leer, HDD Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Desktop schwarz, Startmenü leer, HDD |
|
05.06.2011, 20:35
| #7 |
| | Desktop schwarz, Startmenü leer, HDD Hier der Log von Combofix Code:
ATTFilter ComboFix 11-06-05.02 - HP 05.06.2011 21:22:05.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2047.1064 [GMT 2:00]
ausgeführt von:: c:\users\HP\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hpe5521.dll
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-05 bis 2011-06-05 ))))))))))))))))))))))))))))))
.
.
2011-06-05 19:27 . 2011-06-05 19:28 -------- d-----w- c:\users\HP\AppData\Local\temp
2011-06-05 19:27 . 2011-06-05 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-05 17:15 . 2011-06-05 17:15 -------- d-----w- C:\_OTL
2011-06-04 23:23 . 2011-06-04 23:23 -------- d-----w- c:\users\HP\AppData\Local\Microsoft_Corporation
2011-06-04 15:17 . 2011-06-04 15:17 -------- d-----w- c:\users\HP\AppData\Roaming\Malwarebytes
2011-06-04 15:17 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-04 15:17 . 2011-06-04 15:17 -------- d-----w- c:\programdata\Malwarebytes
2011-06-04 15:16 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 15:16 . 2011-06-04 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-03 23:27 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A567B45-3919-4212-9251-4AD2A7E8A0C6}\mpengine.dll
2011-05-18 23:52 . 2011-04-14 16:40 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-18 23:52 . 2011-04-14 16:40 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-18 23:52 . 2011-04-14 16:40 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-18 23:52 . 2011-04-14 16:40 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-18 23:52 . 2011-04-14 16:40 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-18 23:52 . 2011-04-14 16:40 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-18 23:52 . 2010-01-01 08:00 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-18 23:52 . 2010-01-01 08:00 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-10 22:59 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-21 16:44 . 2011-03-21 16:44 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-21 16:44 . 2011-03-21 16:44 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-21 16:44 . 2011-03-21 16:44 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-21 16:44 . 2011-03-21 16:44 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-21 16:44 . 2011-03-21 16:44 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-21 16:44 . 2011-03-21 16:44 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-21 16:44 . 2011-03-21 16:44 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-21 16:44 . 2011-03-21 16:44 367104 ----a-w- c:\windows\system32\html.iec
2011-03-21 16:44 . 2011-03-21 16:44 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-21 16:44 . 2011-03-21 16:44 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-21 16:44 . 2011-03-21 16:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-21 16:44 . 2011-03-21 16:44 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-21 16:44 . 2011-03-21 16:44 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-21 16:44 . 2011-03-21 16:44 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-21 16:44 . 2011-03-21 16:44 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-21 16:44 . 2011-03-21 16:44 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-21 16:44 . 2011-03-21 16:44 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-21 16:44 . 2011-03-21 16:44 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-21 16:44 . 2011-03-21 16:44 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-21 16:44 . 2011-03-21 16:44 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-21 16:44 . 2011-03-21 16:44 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-12 21:55 . 2011-04-26 17:24 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-15 22:01 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 22:01 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 16:40 . 2011-05-18 23:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-03-18 12:50 154720 ----a-w- c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2011-03-14 13:31 1486944 ----a-w- c:\program files\GMX Toolbar IE8\uitb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "c:\program files\GMX Toolbar IE8\uitb.dll" [2011-03-14 1486944]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C424171E-592A-415A-9EB1-DFD6D95D3530}"= "c:\program files\GMX Toolbar IE8\uitb.dll" [2011-03-14 1486944]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
[HKEY_CLASSES_ROOT\uitb.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]
[HKEY_CLASSES_ROOT\uitb.Toolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Ocs_SM"="c:\users\HP\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-10-09 106496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"starter4g"="c:\windows\starter4g.exe" [2009-06-17 157968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-11-15 44168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-930429919-1944263884-273559092-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2008-10-31 103424]
R3 NinjaUSB;Freecom Turbo USB 2.0;c:\windows\system32\drivers\NinjaUSB.sys [2010-07-31 24704]
R3 PCD5SRVC{1EBE63EB-3F8FC80B-05040000};PCD5SRVC{1EBE63EB-3F8FC80B-05040000} - PCDR Kernel Mode Service Helper Driver;c:\pcdr5\PCD5SRVC.pkms [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\HP\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-10-09 40960]
S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2009-06-22 304592]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2009-06-17 125200]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.net/?kid=A1000000
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>;*.local
IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 5.0\resources\de-de\local\search.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\GMX Toolbar IE8\uitb.dll
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\54yufaq7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-AOL Toolbar - c:\program files\AOL\AOL Toolbar 5.0\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-05 21:28
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{1EBE63EB-3F8FC80B-05040000}]
"ImagePath"="\??\c:\pcdr5\PCD5SRVC.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-06-05 21:30:40
ComboFix-quarantined-files.txt 2011-06-05 19:30
.
Vor Suchlauf: 10 Verzeichnis(se), 73.647.185.920 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 74.133.135.360 Bytes frei
.
- - End Of File - - CB35B9FBB8B4DAA38EC4573BA01BCB8C
|
|
05.06.2011, 20:49
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, Startmenü leer, HDD Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.06.2011, 22:44
| #9 |
| | Desktop schwarz, Startmenü leer, HDD Sodelle OSAM Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 23:40:06 on 05.06.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\HP\AppData\Local\Temp\catchme.sys (File not found) "Freecom Turbo USB 2.0" (NinjaUSB) - ? - C:\Windows\System32\drivers\NinjaUSB.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "mbr" (mbr) - ? - C:\cofi.exe\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PCD5SRVC{1EBE63EB-3F8FC80B-05040000} - PCDR Kernel Mode Service Helper Driver" (PCD5SRVC{1EBE63EB-3F8FC80B-05040000}) - ? - C:\PCDR5\PCD5SRVC.pkms (File not found) "PCDRNDISUIO Usermode I/O Protocol" (PcdrNdisuio) - ? - C:\Windows\System32\DRIVERS\pcdrndisuio.sys (File not found) "pgldipoc" (pgldipoc) - ? - C:\Users\HP\AppData\Local\Temp\pgldipoc.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} "GMX NewTab Protocol" - "1und1 Mail und Media GmbH" - C:\Program Files\GMX Toolbar IE8\uitb.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\MLSHEXT.DLL {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "AOL Toolbar" - ? - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (File not found) <binary data> "GMX Toolbar" - "1und1 Mail und Media GmbH" - C:\Program Files\GMX Toolbar IE8\uitb.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "Java Plug-in 1.6.0_01" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - ? - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (File not found) "ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - ? - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (File not found) <binary data> "GMX Toolbar" - "1und1 Mail und Media GmbH" - C:\Program Files\GMX Toolbar IE8\uitb.dll {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} "AOL Toolbar Launcher" - ? - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (File not found) {17166733-40EA-4432-A85C-AE672FF0E236} "GMX Konfiguration" - "1&1 Mail & Media GmbH" - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} "GMX Toolbar BHO" - "1und1 Mail und Media GmbH" - C:\Program Files\GMX Toolbar IE8\uitb.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "hpsysdrv" - "Hewlett-Packard Company" - c:\hp\support\hpsysdrv.exe "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "KBD" - ? - C:\HP\KBD\KbdStub.EXE (File found, but it contains no detailed information) "NeroFilterCheck" - "Ahead Software Gmbh" - C:\Windows\system32\NeroCheck.exe "Ocs_SM" - "OCS" - C:\Users\HP\AppData\Roaming\OCS\SM\SearchAnonymizer.exe "OsdMaestro" - "OsdMaestro" - "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "starter4g" - "4G Systems GmbH & Co. KG" - C:\Windows\starter4g.exe "SunJavaUpdateReg" - "Sun Microsystems, Inc." - "C:\Windows\system32\jureg.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" -----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )----- "Launcher" - "soft thinks" - %WINDIR%\SMINST\launcher.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\HP\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe "Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information) "WTGService" (WTGService) - ? - C:\Program Files\XSManager\WTGService.exe (File found, but it contains no detailed information) "XS Stick Service" (XS Stick Service) - "4G Systems GmbH & Co. KG" - C:\Windows\service4g.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-05 23:40:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST336032 rev.3.CH
Running: 8tcosvmm.exe; Driver: C:\Users\HP\AppData\Local\Temp\pgldipoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8C208000, 0x1F5F94, 0xE8000020]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\HP\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4452] USER32.dll!GetWindowInfo 7586428E 5 Bytes JMP 60927187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4452] USER32.dll!TrackPopupMenu 758714F3 5 Bytes JMP 60927781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5148] ntdll.dll!LdrLoadDll 76E493A8 5 Bytes JMP 01041410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73D07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73D5A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73D0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73CFF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73D075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73CFE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73D38395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73D0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73CFFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73CFFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73CF71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73D8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73D2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73CFD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73CF6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73CF687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4768] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73D02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73D07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73D5A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73D0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73CFF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73D075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73CFE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73D38395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73D0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73CFFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73CFFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73CF71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73D8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73D2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73CFD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73CF6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73CF687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5136] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73D02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS1B0D0.log 131072 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: KQ468AA-ABD a6429.de
Logical Drives Mask: 0x000003dc
Kernel Drivers (total 135):
0x8204E000 \SystemRoot\system32\ntkrnlpa.exe
0x8201B000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80479000 \SystemRoot\system32\PSHED.dll
0x8048A000 \SystemRoot\system32\BOOTVID.dll
0x80492000 \SystemRoot\system32\CLFS.SYS
0x804D3000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8260D000 \SystemRoot\system32\drivers\iastor.sys
0x826E7000 \SystemRoot\system32\drivers\fltmgr.sys
0x82719000 \SystemRoot\system32\drivers\fileinfo.sys
0x82729000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87E05000 \SystemRoot\system32\drivers\ndis.sys
0x87F10000 \SystemRoot\system32\drivers\msrpc.sys
0x87F3B000 \SystemRoot\system32\drivers\NETIO.SYS
0x8800D000 \SystemRoot\System32\drivers\tcpip.sys
0x880F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88319000 \SystemRoot\system32\drivers\volsnap.sys
0x88352000 \SystemRoot\System32\Drivers\spldr.sys
0x8835A000 \SystemRoot\System32\Drivers\mup.sys
0x88369000 \SystemRoot\System32\drivers\ecache.sys
0x88390000 \SystemRoot\system32\drivers\disk.sys
0x883A1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x883C2000 \SystemRoot\system32\drivers\crcdisk.sys
0x883D8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x883E3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x883EC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8C207000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8C6CD000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C76D000 \SystemRoot\System32\drivers\watchdog.sys
0x8C779000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C784000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C7C2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C80C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C899000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8C8B5000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8C8C5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8C8D3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C8E6000 \SystemRoot\system32\DRIVERS\PS2.sys
0x8C8EB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C8F6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C90E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C914000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C943000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C984000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C98F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C9A6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C9B1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C9D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8C9E3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8C7D1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8C7E6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C800000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C9F7000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x8C9FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x87F76000 \SystemRoot\system32\DRIVERS\ks.sys
0x8C7F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x881EC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x87FA0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x87FD5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CC0F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8CE1C000 \SystemRoot\system32\drivers\portcls.sys
0x8CE49000 \SystemRoot\system32\drivers\drmk.sys
0x8CE6E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8CE77000 \SystemRoot\System32\Drivers\Null.SYS
0x8CE7E000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CE85000 \SystemRoot\System32\drivers\vga.sys
0x8CE91000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CEB2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CEBA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CEC2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CECD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CEDB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CEE4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CEFA000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CF0E000 \SystemRoot\system32\drivers\afd.sys
0x8CF56000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CF88000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CF9E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CFAC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CFBF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8279A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CFC5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CFCF000 \SystemRoot\System32\Drivers\dfsc.sys
0x827D6000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8CFE6000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88112000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x87FE6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8CFF3000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8078C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CFF5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x807A3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8CC00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8CC07000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x918D0000 \SystemRoot\System32\win32k.sys
0x883CB000 \SystemRoot\System32\drivers\Dxapi.sys
0x807B3000 \SystemRoot\system32\DRIVERS\monitor.sys
0x91AF0000 \SystemRoot\System32\TSDDD.dll
0x91B10000 \SystemRoot\System32\cdd.dll
0x807C2000 \SystemRoot\system32\drivers\luafv.sys
0x807DD000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x98607000 \SystemRoot\system32\drivers\spsys.sys
0x986B7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x986C7000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x986DA000 \SystemRoot\system32\drivers\HTTP.sys
0x98747000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x98764000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9877D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98792000 \SystemRoot\system32\drivers\mrxdav.sys
0x987B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x805B3000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x987D2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99A0E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x99A36000 \SystemRoot\System32\DRIVERS\srv.sys
0x99A85000 \SystemRoot\system32\drivers\peauth.sys
0x99B63000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99B6D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x99B79000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x99B8E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x99BA0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x99BB6000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x99BB8000 \??\C:\Users\HP\AppData\Local\Temp\catchme.sys
0x99BC7000 \??\C:\Users\HP\AppData\Local\Temp\pgldipoc.sys
0x76E20000 \Windows\System32\ntdll.dll
Processes (total 72):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
544 csrss.exe
604 C:\Windows\System32\wininit.exe
616 csrss.exe
648 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
672 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\winlogon.exe
860 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\Ati2evxx.exe
1100 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\audiodg.exe
1296 C:\Windows\System32\svchost.exe
1312 C:\Windows\System32\SLsvc.exe
1368 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1596 C:\Windows\System32\Ati2evxx.exe
1740 C:\Windows\System32\spoolsv.exe
1768 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1900 C:\Windows\System32\svchost.exe
1908 C:\Windows\System32\dwm.exe
2024 C:\Windows\System32\taskeng.exe
640 C:\Windows\System32\taskeng.exe
2172 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2200 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2220 C:\Program Files\Bonjour\mDNSResponder.exe
2252 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2300 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2360 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2416 C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
2440 C:\Program Files\CDBurnerXP\NMSAccessU.exe
2520 C:\Windows\System32\svchost.exe
2556 C:\Users\HP\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2616 C:\Windows\System32\svchost.exe
2648 C:\Windows\System32\svchost.exe
2688 C:\Windows\System32\SearchIndexer.exe
2760 C:\Program Files\XSManager\WTGService.exe
2796 C:\Windows\service4g.exe
2924 WUDFHost.exe
3620 C:\Windows\System32\SearchProtocolHost.exe
4056 C:\Windows\starter4g.exe
812 C:\Program Files\Windows Defender\MSASCui.exe
2120 C:\Windows\RtHDVCpl.exe
2124 C:\hp\support\hpsysdrv.exe
856 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
2488 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2088 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1532 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2568 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
1840 C:\Program Files\iTunes\iTunesHelper.exe
1784 C:\Program Files\Windows Media Player\wmpnscfg.exe
1204 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3404 C:\Program Files\Windows Media Player\wmpnetwk.exe
3512 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3664 C:\Program Files\iPod\bin\iPodService.exe
2952 C:\Windows\System32\svchost.exe
4028 C:\hp\KBD\kbd.exe
1248 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4216 C:\Windows\System32\mobsync.exe
4324 C:\Windows\System32\conime.exe
4768 C:\Windows\explorer.exe
4648 C:\Program Files\Mozilla Firefox\firefox.exe
4128 C:\Program Files\Mozilla Firefox\plugin-container.exe
5380 C:\Windows\System32\SearchFilterHost.exe
4048 C:\Windows\explorer.exe
5588 C:\Users\HP\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000051`44640600 (NTFS)
PhysicalDrive0 Model Number: ST3360320AS, Rev: 3.CHQ
Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: F362CE084BC77B454330005C1657154A64FB9456
Done!
|
|
06.06.2011, 11:28
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, Startmenü leer, HDD Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2011, 11:13
| #11 |
| | Desktop schwarz, Startmenü leer, HDD Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=cf4b036eb071e3469b7a2078f0ae0a3f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-07 01:55:36
# local_time=2011-06-07 03:55:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 167488 43934954 0 0
# compatibility_mode=5892 16776573 100 100 254491 144930861 0 0
# compatibility_mode=8192 67108863 100 0 106 106 0 0
# scanned=241965
# found=2
# cleaned=0
# scan_time=13602
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IOZUFHZA\track[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QZICYY58\73030[1].pdf JS/Exploit.Pdfka.OXB.Gen trojan (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6788
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
06.06.2011 22:52:50
mbam-log-2011-06-06 (22-52-50).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 374759
Laufzeit: 4 Stunde(n), 18 Minute(n), 42 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 06/06/2011 at 11:33 PM
Application Version : 4.53.1000
Core Rules Database Version : 7211
Trace Rules Database Version: 5023
Scan type : Complete Scan
Total Scan Time : 04:55:35
Memory items scanned : 696
Memory threats detected : 0
Registry items scanned : 8909
Registry threats detected : 0
File items scanned : 235902
File threats detected : 80
Adware.Tracking Cookie
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@tradedoubler[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@serving-sys[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@ad2.adfarm1.adition[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@partypoker[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@zanox-affiliate[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@mediaplex[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@thefind[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@apmebf[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@ad.yieldmanager[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@content.yieldmanager[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@bs.serving-sys[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@www.xxxpower[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@doubleclick[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@zanox[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@content.yieldmanager[3].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@webmasterplan[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@traffictrack[2].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@adfarm1.adition[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@ad4.adfarm1.adition[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@lfstmedia[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@atwola[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@2o7[1].txt
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\hp@ads.ad4game[2].txt
4porno.tv [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
aka-cdn-ns.adtech.de [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
akamai.smartadserver.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
animalsexshare.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
bc.youporn.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
cdn-www.pornhub.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
cdn.eyewonder.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
cdn.insights.gravity.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
cdn1.eyewonder.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
cdn5.specificclick.net [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
cloud.video.unrulymedia.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
enterotracker.de [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
flvtools.spacash.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
furry-yiff.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
ia.media-imdb.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
ictv-tf-ec.indieclicktv.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
imagesrv.adition.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
m1.emea.2mdn.net [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
macromedia.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
media.kyte.tv [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
media.mtvnservices.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
media.rofl.to [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
media.scanscout.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
media.stage-entertainment.de [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
media.wouldyoukindly.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
media01.kyte.tv [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
media1.break.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
media1.nfb.ca [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
mediadb.kicker.de [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
naiadsystems.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
s0.2mdn.net [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
secure-uk.imrworldwide.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
secure-us.imrworldwide.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
serving-sys.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
sexspielzeug.joyclub.de [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
static.plymedia.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
static.xxxbunker.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
track.webgains.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
tuporno.tv [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
vaginagamer.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
vfsexe.gmx.net [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
vidii.hardsextube.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.adservercentral.info [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.euros4click.de [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.freeporn.to [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.gotgayporn.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.haporn.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.mofosex.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.naiadsystems.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.pornari.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.pornerbros.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.pornhub.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.realgfporn.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.sexbot.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
www.teenist.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
xxxbunker.com [ C:\Users\HP\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MY8SRB8L ]
Trojan.Agent/Gen-FakeAV
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX
|
|
07.06.2011, 12:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, Startmenü leer, HDD Sieht ok aus, da wurden nur Cookies und ein paar Überreste gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2011, 12:50
| #13 |
| | Desktop schwarz, Startmenü leer, HDD leider gibt es keine verbesserung bei mir. Der Recovery Dreck samt den ettlichen fehlermeldungen war ja mit dem ersten mal Malware durchlaufen lassen auch wieder weg aber der Desktop bleibt tot genauso wie das Schnellstart Menü und das Start Menü. Unhide hab ich inzwischen auch etliche male durchlaufen lassen ohne jeglichen erfolg |
|
07.06.2011, 13:14
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, Startmenü leer, HDD Durch die Infektion wurde dein Startmenü leergefegt, bei mir bisher bekannten Varianten verschiebt der Schädling alle Verknüpfungen nach %tmp%\smtmp Eigentlich sollte unhide die Verküpfungen selbst zurück an die richtige Stelle kopieren. Wenn nicht, mach es selbst. Deine Verknüpfungen sollten jetzt hier sein: C:\Users\[DEIN_NAME]\AppData\Local\Temp\smtmp Sie müssen passend nach C:\ProgramData\Microsoft\Windows\Start Menu\Programs kopiert werden. Wenn aber die Symbole dort nicht zu finden sind, sind sie wohl weg. Den Desktophintergrund musst du auch manuell wieder zurückstellen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2011, 13:21
| #15 |
| | Desktop schwarz, Startmenü leer, HDD Den von dir angegebenen Pfad gibt es bis Temp, weiter allerdings nicht. Und wie meinst du den Desktop selber wiederherstellen. Ich kann auf dem Desktop tatsächlich nämlich garnichts machen, wenn ich z.B. ein Programm/Datei auf den Desktop legen will passiert garnichts, zwar find ich die Datei dann im Ordner Desktop aber das wars auch schon. Das Teil ist nicht nur leergefegt sondern regelrecht tot, nichtmal das markieren funktioniert hier mehr. |
|
| Themen zu Desktop schwarz, Startmenü leer, HDD |
| anhang, avira, computer, dateien, desktop, diagnostics, dinge, fehlermeldung, fehlermeldungen, festplatte, gelöscht, guard, ics, infizierte, komplett, leer, malwarebytes, neu, neustart, nicht möglich, platte, programm, scan, schwarz, startmenü leer, systemwiederherstellung, verschiedene |
Linear-Darstellung
