|
Hab mir den GVU-Trojaner eingefangen Hallo zusammen! Tja, habe mir den genannten Trojaner eingefangen. Ich hatte mich NICHT mit meine Admin-Konto , sondern als "Standartbenutzer" (Windows 7 ) angemeldet, als ich den "lustigen" Bildschirm mit der Zahlungaufforderung bekam..Bekannter Maßen ging dann nix mehr. Ich habe mich darauf hin umgehend abgemeldet und dann über das Admin-Konto ( da hatte ich den Bildschirm mit der Zahlungaufforderung nicht) das besagte "Standart-Konto" gelöscht und auf Anfrage von Windows die Dateien NICHT behalten, sondern ebenfalls gelöscht. Was ich hier bisher gelesen habe müss ich nun aber noch einiges tun um mein System nun wieder sicher zu machen.Kann mir da jemand behilflich sein Ach so hatte dann mit SuperAntiSpyware lediglich `n Quickscan gemacht und da stand so einiges drin........ SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 01/31/2013 at 01:37 AM Application Version : 5.6.1014 Core Rules Database Version : 9949 Trace Rules Database Version: 7761 Scan type : Quick Scan Total Scan Time : 00:01:31 Operating System Information Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601) UAC On - Administrator Memory items scanned : 776 Memory threats detected : 0 Registry items scanned : 60533 Registry threats detected : 46 File items scanned : 10474 File threats detected : 4 PUP.BabylonToolbar (x86) HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} (x86) HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}#AppID (x86) HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\InprocServer32 (x86) HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\InprocServer32#ThreadingModel (x86) HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ProgID (x86) HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\Programmable (x86) HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\TypeLib (x86) HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\VersionIndependentProgID (x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} (x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}#AppID (x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32 (x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\InprocServer32#ThreadingModel (x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ProgID (x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\Programmable (x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\TypeLib (x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\VersionIndependentProgID (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B} (x86) HKCR\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} (x86) HKCR\bbylntlbr.bbylntlbrHlpr.1 (x86) HKCR\bbylntlbr.bbylntlbrHlpr.1\CLSID (x86) HKCR\bbylntlbr.bbylntlbrHlpr (x86) HKCR\bbylntlbr.bbylntlbrHlpr\CLSID (x86) HKCR\bbylntlbr.bbylntlbrHlpr\CurVer (x86) HKCR\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947} C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.8.7.2\BH\BABYLONTOOLBAR.DLL (x86) HKLM\Software\Microsoft\Internet Explorer\Toolbar#{98889811-442D-49dd-99D7-DC866BE87DBC} (x86) HKCR\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} (x86) HKCR\Babylon.dskBnd.1 (x86) HKCR\Babylon.dskBnd.1\CLSID (x86) HKCR\Babylon.dskBnd (x86) HKCR\Babylon.dskBnd\CLSID (x86) HKCR\Babylon.dskBnd\CurVer (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0 (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0 (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\0\win32 (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\FLAGS (x86) HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\1.0\HELPDIR C:\PROGRAM FILES (X86)\BABYLONTOOLBAR\BABYLONTOOLBAR\1.8.7.2\BABYLONTOOLBARTLBR.DLL PUP.bProtector (x86) HKU\S-1-5-21-153524545-3435180587-2222784198-1000\Software\Microsoft\Internet Explorer\Main#bProtector Start Page [ hxxp://search.babylon.com/?affID=117023&babsrc=HP_ss&mntrId=ceac1189000000000000902b341869df ] (x86) HKU\S-1-5-21-153524545-3435180587-2222784198-1000\Software\Microsoft\Internet Explorer\SearchScopes#bProtectorDefaultScope [ {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} ] (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#DisplayName (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstallString (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#UninstalLinkPath (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#Publisher (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#URLInfoAbout (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}#HelpLink Adware.Tracking Cookie C:\USERS\DERHOMMEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YQJ2ZA1L.txt [ Cookie:derhommel@doubleclick.net/ ] C:\USERS\DERHOMMEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5MAAGGOM.txt [ Cookie:derhommel@ad.yieldmanager.com/ ] |
:hallo: Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.2. Schritt Systemscan mit OTL (bebilderte Anleitung) |
Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.31.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 DerHommel :: DASDING [Administrator] 31.01.2013 11:11:51 mbam-log-2013-01-31 (11-11-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 524711 Laufzeit: 59 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
Hab mir den GVU-Trojaner eingefangen Hier die Logs von Otl Das 2te Otl-Log ist angeblich zu groß um es hier hoch zuladen...... "...OTL.Txt: Die Datei, die Sie anhängen möchten, ist zu groß. Die maximale Dateigröße für diesen Dateityp beträgt 97,7 KB. Ihre Datei ist 461,9 KB groß....." Wat nun? EDIT : Habs mal mit 7Zip geschrumpft.Hoffe das ist so ok...?? ... |
Auf dem PC wurde MB Anti-Rootkit und adwCleaner ausgefuehrt. Wo sind die logs dazu? |
"Ausgeführt" wurden die beiden noch nicht, hatte sie lediglich runtergeladen und noch nicht installiert.Werde ich heute abend machen, da ich diese Woche leider Spätschicht habe.Werde sie dann spätestens morgen mittag hochladen. |
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
Keine Funde....... --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6453923840 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6439301120 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6457987072 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6460305408 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6458847232 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6457319424 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6457245696 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6457131008 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456766464 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456766464 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456815616 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456565760 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456287232 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456565760 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456590336 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456365056 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456365056 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456270848 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456328192 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456414208 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456401920 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456426496 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456467456 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456393728 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456393728 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456401920 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456369152 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456328192 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456274944 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456397824 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456414208 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456287232 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456954880 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456963072 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456881152 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456877056 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456889344 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456926208 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456958976 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456913920 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456786944 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456705024 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456725504 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456713216 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456426496 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456537088 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456561664 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456524800 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456565760 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456520704 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456586240 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456594432 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456332288 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456434688 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456328192 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456393728 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456414208 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456385536 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456393728 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456320000 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456336384 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456283136 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456258560 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456262656 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456279040 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456147968 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1017 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.309000 GHz Memory total: 8572223488, free: 6456774656 ------------ Kernel report ------------ 01/31/2013 23:37:31 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\iaStorA.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\DRIVERS\iaStorF.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \??\D:\PGMS\SASKUTIL64.SYS \??\D:\PGMS\SASDIFSV64.SYS \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\System32\Drivers\EtronXHCI.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\System32\Drivers\av8zzaeq.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\EtronHub3.sys \SystemRoot\System32\Drivers\USBD.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\RtHDMIVX.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\drivers\XENfiltv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\RtNdPt60.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\cdfs.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\msvcrt.dll \Windows\System32\gdi32.dll \Windows\System32\rpcrt4.dll \Windows\System32\usp10.dll \Windows\System32\imagehlp.dll \Windows\System32\setupapi.dll \Windows\System32\msctf.dll \Windows\System32\Wldap32.dll \Windows\System32\ole32.dll \Windows\System32\advapi32.dll \Windows\System32\ws2_32.dll \Windows\System32\urlmon.dll \Windows\System32\difxapi.dll \Windows\System32\sechost.dll \Windows\System32\shlwapi.dll \Windows\System32\user32.dll \Windows\System32\kernel32.dll \Windows\System32\oleaut32.dll \Windows\System32\clbcatq.dll \Windows\System32\psapi.dll \Windows\System32\comdlg32.dll \Windows\System32\lpk.dll \Windows\System32\shell32.dll \Windows\System32\nsi.dll \Windows\System32\imm32.dll \Windows\System32\wininet.dll \Windows\System32\normaliz.dll \Windows\System32\iertutil.dll \Windows\System32\wintrust.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\comctl32.dll \Windows\System32\devobj.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8007848060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\ Lower Device Object: 0xfffffa8007592680 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007847060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\ Lower Device Object: 0xfffffa8007585680 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Downloaded database version: v2013.01.31.09 Downloaded database version: v2013.01.23.01 Initializing... Done! <<<2>>> Device number: 1, partition: 1 Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8007848060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007848b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007848060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800768ac50, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa8007592680, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a00aba52e0, 0xfffffa8007848060, 0xfffffa8008242790 Lower DeviceData: 0xfffff8a00aef8840, 0xfffffa8007592680, 0xfffffa8007507490 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007847060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007847b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007847060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80076898d0, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa8007585680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a00abd48c0, 0xfffffa8007847060, 0xfffffa80072b5790 Lower DeviceData: 0xfffff8a008fa7f90, 0xfffffa8007585680, 0xfffffa80080d0a40 Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 206848 Numsec = 624932864 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-206847-625122448-625142448)... Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: E4CB068E Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 204800000 Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 204802048 Numsec = 1748719616 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Done! Scan finished ======================================= AdwCleaner Logfile: Code: # AdwCleaner v2.109 - Datei am 31/01/2013 um 23:48:23 erstelltMalwarebytes Anti-Rootkit hab ich jetzt halt nur einmal ausgeführt, da beim 1. Durchlauf ja nix gefunden wurde.... |
Sehr gut! :daumenhoc Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
Pc läuft soweit ganz normal.Hab aber nach der Infektion noch nicht viel damit gemacht.... Emsisoft Anti-Malware - Version 7.0 Letztes Update: 01.02.2013 08:54:33 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 01.02.2013 09:23:08 C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{55263B3E-81DE-75D5-B3F2-BEB53BD4BE72}-ie_util.exe -> (Quarantine-PE) gefunden: Trojan.Generic.KDV.827363 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{5C801211-53C4-E0B1-2A7F-94091E8E9F62}-fedeul.exe -> (Quarantine-PE) gefunden: Trojan.Generic.KDZ.4530 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7EBB8276-985A-B7DF-3A06-4505604A6935}-ie_util.exe -> (Quarantine-PE) gefunden: Trojan.Generic.KDV.827363 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{97B5CC00-8D25-E65A-5D28-03968420C1D7}-ie_util.exe -> (Quarantine-PE) gefunden: Trojan.Generic.KDV.827363 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{B7B954A1-74B8-C275-85F0-EF2A7145B03B}-puam.exe -> (Quarantine-PE) gefunden: Gen:Variant.Kazy.135049 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{C35D4328-7483-347F-3A38-406ED851B06D}-ie_util.exe -> (Quarantine-PE) gefunden: Trojan.Generic.KDV.827363 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{E2D2A025-68AE-FB90-1321-1FFBEF6F4D51}-emhui.exe -> (Quarantine-PE) gefunden: Gen:Variant.Kazy.135049 (B) Gescannt 626902 Gefunden 7 Scan Ende: 01.02.2013 10:40:37 Scan Zeit: 1:17:29 C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{B7B954A1-74B8-C275-85F0-EF2A7145B03B}-puam.exe -> (Quarantine-PE) Quarantäne Gen:Variant.Kazy.135049 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{E2D2A025-68AE-FB90-1321-1FFBEF6F4D51}-emhui.exe -> (Quarantine-PE) Quarantäne Gen:Variant.Kazy.135049 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{5C801211-53C4-E0B1-2A7F-94091E8E9F62}-fedeul.exe -> (Quarantine-PE) Quarantäne Trojan.Generic.KDZ.4530 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{55263B3E-81DE-75D5-B3F2-BEB53BD4BE72}-ie_util.exe -> (Quarantine-PE) Quarantäne Trojan.Generic.KDV.827363 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{7EBB8276-985A-B7DF-3A06-4505604A6935}-ie_util.exe -> (Quarantine-PE) Quarantäne Trojan.Generic.KDV.827363 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{97B5CC00-8D25-E65A-5D28-03968420C1D7}-ie_util.exe -> (Quarantine-PE) Quarantäne Trojan.Generic.KDV.827363 (B) C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{C35D4328-7483-347F-3A38-406ED851B06D}-ie_util.exe -> (Quarantine-PE) Quarantäne Trojan.Generic.KDV.827363 (B) Quarantäne 7 |
Sehr gut! :daumenhoc Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
danach: Downloade Dir bitte  SecurityCheck und:
|
ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=d0dce57718d98845b07ff3c1cfb5ad1a # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-01 08:42:46 # local_time=2013-02-01 09:42:46 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 1908460 111381216 0 0 # scanned=315604 # found=2 # cleaned=2 # scan_time=5046 C:\Users\DerHommel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1959379d-67808c71 a variant of Java/Exploit.Agent.NFK trojan (deleted - quarantined) 446CF2EE0BABBB914BBD6A647F54FDF81DEB0F51 C C:\Users\DerHommel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\71e2992f-1a72e644 a variant of Java/Exploit.CVE-2013-0422.BA trojan (deleted - quarantined) 2394A325D7CF4C3D87C89F24FC67A557DC7DF1AE C -------------------------------------------------------------------------------------------------------------------------------------------------------------- Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 11.5.502.146 Adobe Reader XI Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Jo, bei Microsoft Security Essentials hatte ich für den Scan kurz den Echtzeitschutz rausgenommen..... |
Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
Java nach Anleitung ubgedatet und entsprechende Einstellungen vorgenommen. PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Opera 12.13 ist aktuell Flash (11,5,502,146) ist aktuell. Java (1,7,0,13) ist aktuell. Adobe Reader 11,0,1,0 ist aktuell. Zurück |
Liste der Anhänge anzeigen (Anzahl: 1) Hab Java in Opera wie im Bild (hoffentlich) richtig deaktiviert ????????????????? |
Der PlugInCheck sieht dann allerdings so aus : PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Opera 12.13 ist aktuell <div id="sec-app"></div> <div class="sec"><ul><li><a class="sec-inf" href="#"></a><ul class="children">Aktivieren Sie bitte JavaScript zur Überpüfung Ihrer Flash Version.</ul></li></ul></div> Zurück |
JavaScript ist was anderes, das kannst du wieder aktivieren. Versuch den Check dann nochmal. |
So, hab Javascript wieder aktiviert.Dann sieht dat so aus : PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Opera 12.13 ist aktuell Flash (11,5,502,146) ist aktuell. Java (1,7,0,13) ist aktuell. Adobe Reader 11,0,1,0 ist aktuell |
Liste der Anhänge anzeigen (Anzahl: 1) Ok, jetzt hab ich es auch gefunden.Hab erstmal nur das hier deaktiviert "Java(TM) Platform SE 7 U13 - 10.13.2.20" PluginCheck sieht dann so aus . Java ist Installiert aber nicht aktiviert. |
Sehr gut! :daumenhoc damit bist Du sauber und entlassen! :) adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
Gut, ok, hab alles nach Anleitung gemacht.Die Lektüre werd ich mir heute abend mal in Ruhe anschauen!!! Noch mal `ne Frage : Ich benutze als Antiviren-Software MircrosoftEssentail, natürlich samt "Echtzeitschutz". Die Tools Malwarebytes und SUPERAntiSpyware kann ich doch, natürlich OHNE deren Echtzeitschutz, eigentlich weiter als reine Scanner verwenden, ohne "beißt" sich dann irgendwas? |
Zitat:
Die passen alle gut zusammen. wuensche eine virenfreie Zeit. ;) |
Ok, dann erstmal ein FETTES (!!!!!!!!!!!!!!!!!!!!!!!!!!!!) DANKE für eure Hilfe!!! Allein hätte ich das NIEMALS hinbekommen!!! Super das es Leute wie euch gibt, die das Ganze eben mal so für nothing machen!!!! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 20:43 Uhr. |
Copyright ©2000-2025, Trojaner-Board