| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: exploit.java.cve-2011-3544 irreparabelWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.02.2012, 19:14
| #1 |
 |  exploit.java.cve-2011-3544 irreparabel Hallo zusammen, Kaspersky hat bei einer vollständigen Untersuchung folgende Infektion gefunden exploit.java.cve-2011-3544.ec exploit.java.cve-2011-3544.eb Er zeigt an das eine Desinfektion nicht möglich wäre, die Dateien konnten lediglich gelöscht werden. Ich vermute damit ist das Problem aber nicht behoben, es heisst ja immer das das Reine löschen nichts bringt. Leider habe ich was sowas betrifft null Erfahrung, was würdet ihr mir raten? Ursache des ganzen könnte meine gehackte Wordpress-Seite gewesen sein auf die etwas eingeschleust wurde vor einem halben Monat. Hier bekam ich bei der Anzeige dann immer Java-Sicherheitsmeldungen! Das Problem habe ich mittlerweile aber komplett behoben, die Seite ist komplett neu aufgesetzt und sauber! LG Sebastian |
|
03.02.2012, 10:49
| #2 |
| | exploit.java.cve-2011-3544 irreparabel Habe noch logs angefertigt
__________________defogger HTML-Code: defogger_disable by jpshortstuff (23.02.10.1) Log created at 19:48 on 02/02/2012 (Basti) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- dds HTML-Code: .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Basti at 20:14:31 on 2012-02-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.2033 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\pdf24\pdf24.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft OfficeNew\Office14\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3071207
uInternet Settings,ProxyOverride = *.local
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: SwissAcademic.Citavi.Picker.IEPicker: {609d670f-b735-4da7-ac6d-f3bd358e325e} - mscoree.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi61b6~1\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
BHO: Cooliris Plug-In for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\cooliris.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [PDFPrint] c:\program files\pdf24\pdf24.exe
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\basti\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft officenew\office14\ONENOTEM.EXE
StartupFolder: c:\users\basti\appdata\roaming\micros~1\windows\startm~1\programs\startup\poptray.lnk - c:\program files\poptray\PopTray.exe
StartupFolder: c:\users\basti\appdata\roaming\micros~1\windows\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Citavi Picker... - file://c:\programdata\swiss academic software\citavi picker\internet explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~1\mi61b6~1\office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\mi61b6~1\office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft officenew\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {619D670F-B735-4da7-AC6D-F3BD358E325E} - {609D670F-B735-4da7-AC6D-F3BD358E325E} - mscoree.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft officenew\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{391E020F-240F-4880-8365-575ECBC805E8} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\basti\appdata\roaming\mozilla\firefox\profiles\gq42k2w4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.heute.de/
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\users\basti\appdata\roaming\mozilla\firefox\profiles\gq42k2w4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\basti\appdata\roaming\mozilla\firefox\profiles\gq42k2w4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\basti\appdata\roaming\mozilla\firefox\profiles\gq42k2w4.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\progra~1\mi61b6~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi61b6~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\users\basti\appdata\roaming\mozilla\firefox\profiles\gq42k2w4.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\basti\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 54381946;54381946;c:\windows\system32\drivers\54381946.sys [2012-1-24 133208]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2008-7-22 3026]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
R1 SSHDRV84;SSHDRV84;c:\windows\system32\drivers\SSHDRV84.sys [2009-12-22 76800]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2011-9-16 108768]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2007-2-12 208896]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-25 21504]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2007-6-27 157912]
R2 NMSCore;Intel(R) NMSCore;c:\program files\common files\intel\inteldh\nms\nmscore\NMSCore.exe [2007-6-27 317656]
R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2007-2-18 5376]
R2 QualityManager;Intel(R) Quality Manager;c:\program files\intel\inteldh\intel media server\media server\bin\QualityManager.exe [2007-6-27 272600]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-8-8 235624]
R2 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Service.exe [2008-10-7 185640]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
R3 GT680xNT;715 USB Scanner Driver;c:\windows\system32\drivers\Gt680x.sys [2007-12-18 17376]
R3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-12-7 5632]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-12-11 105576]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-11-28 27632]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9bd96adc49da3;Google Update Service (gupdate1c9bd96adc49da3);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]
S3 BLC;BLC;c:\users\basti\appdata\local\temp\blc.exe --> c:\users\basti\appdata\local\temp\BLC.exe [?]
S3 camdrv41;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2007-4-23 1347584]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-3 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-3 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-3 72728]
S3 DHTRACE;Intel(R) DHTrace Controller;c:\program files\common files\intel\inteldh\bin\DHTraceController.exe [2007-6-27 39640]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-11-28 13224]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-15 133104]
S3 LCCNUQS;LCCNUQS;c:\users\basti\appdata\local\temp\lccnuqs.exe --> c:\users\basti\appdata\local\temp\LCCNUQS.exe [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-12-7 18432]
S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-12-7 19008]
S3 PTQ;PTQ;c:\users\basti\appdata\local\temp\ptq.exe --> c:\users\basti\appdata\local\temp\PTQ.exe [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\RpcAgentSrv.exe [2008-11-5 98488]
S3 TridVid;Trident Analog Video;c:\windows\system32\drivers\TridVid.sys [2008-7-16 201216]
.
=============== Created Last 30 ================
.
2012-02-02 16:18:40 476904 ----a-w- c:\program files\mozilla firefox\plugins\RENDECD.tmp
2012-02-02 13:35:51 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-02-02 13:35:51 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-02-02 13:35:41 110992 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-02-02 13:35:22 147856 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-02-02 13:32:15 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-02 13:32:15 -------- d-----w- c:\program files\Kaspersky Lab
2012-02-01 10:24:12 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-01 10:24:11 9728 ----a-w- c:\windows\system32\lsass.exe
2012-02-01 10:24:11 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-01 10:24:11 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-01 10:24:11 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-02-01 10:24:11 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 12:37:45 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2bbe77b2-f3ed-441d-829c-bf731041133c}\mpengine.dll
2012-01-25 10:18:45 -------- d-----w- c:\windows\pss
2012-01-24 20:49:04 133208 ----a-w- c:\windows\system32\drivers\54381946.sys
2012-01-24 20:14:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 20:09:26 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-24 20:09:26 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-24 20:09:24 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-24 20:09:11 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-24 20:09:10 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-24 20:09:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-24 20:09:06 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-24 20:09:06 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-24 18:23:37 -------- d-----w- c:\program files\Lavasoft
2012-01-21 04:41:41 -------- d-----w- c:\users\basti\appdata\roaming\Malwarebytes
2012-01-21 04:41:27 -------- d-----w- c:\programdata\Malwarebytes
2012-01-21 04:41:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-12-07 09:08:58 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 14:02:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 04:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 20:15:23,70 =============== HTML-Code: .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 07.12.2007 00:28:29
System Uptime: 02.02.2012 14:37:53 (6 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 234,546 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7,223 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C075\8&7D22A38&0&0024EF198E8D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C075\8&7D22A38&0&0024EF198E8D_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C075\8&7D22A38&0&0024EF198E8D_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C075\8&7D22A38&0&0024EF198E8D_C00000000
Service:
.
==== System Restore Points ===================
.
RP1270: 13.01.2012 11:01:06 - Windows Update
RP1271: 15.01.2012 01:05:35 - Geplanter Prüfpunkt
RP1272: 16.01.2012 00:20:24 - Geplanter Prüfpunkt
RP1273: 16.01.2012 14:01:31 - Geplanter Prüfpunkt
RP1274: 17.01.2012 13:12:09 - Windows Update
RP1275: 18.01.2012 17:31:00 - Geplanter Prüfpunkt
RP1276: 19.01.2012 13:42:05 - Geplanter Prüfpunkt
RP1277: 20.01.2012 09:56:08 - Windows Update
RP1278: 21.01.2012 06:58:46 - Geplanter Prüfpunkt
RP1279: 22.01.2012 19:00:04 - Geplanter Prüfpunkt
RP1280: 23.01.2012 15:23:35 - Geplanter Prüfpunkt
RP1281: 24.01.2012 09:36:22 - Windows Update
RP1282: 24.01.2012 18:45:00 - Wiederherstellungsvorgang
RP1283: 24.01.2012 19:17:31 - Installed Ad-Aware
RP1284: 24.01.2012 19:22:04 - Installed Ad-Aware
RP1286: 24.01.2012 20:35:31 - First Restore Point
RP1287: 24.01.2012 21:00:14 - Windows Update
RP1288: 24.01.2012 22:31:34 - Windows Update
RP1289: 25.01.2012 22:27:43 - Geplanter Prüfpunkt
RP1290: 26.01.2012 14:39:59 - Geplanter Prüfpunkt
RP1291: 27.01.2012 09:27:05 - Windows Update
RP1292: 28.01.2012 20:04:19 - Geplanter Prüfpunkt
RP1293: 31.01.2012 13:36:11 - Windows Update
RP1294: 01.02.2012 11:58:19 - Geplanter Prüfpunkt
RP1295: 01.02.2012 13:57:04 - Windows Update
RP1296: 02.02.2012 12:26:40 - Geplanter Prüfpunkt
RP1298: 02.02.2012 14:14:13 - First Restore Point
RP1299: 02.02.2012 14:26:17 - Installierte(s) Kaspersky Internet Security 2012.
RP1300: 02.02.2012 16:49:10 - Installed Adobe Reader X (10.1.0) - Deutsch.
RP1301: 02.02.2012 17:04:22 - Removed iTunes
RP1302: 02.02.2012 17:12:45 - Installed QuickTime
RP1303: 02.02.2012 17:16:46 - Installed Java(TM) 6 Update 30
.
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Digital Editions
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.2) - Deutsch
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Software Update
ASCOM Celestron Telescope Driver 5.0.10
ASCOM Platform 5.0a
Avanquest update
BabasChess
BabasChess Graphic Pack
BeCyPDFMetaEdit
Benutzerhandbuch
BLUDRUME
Bonjour
Brickshooter Egypt
Browser Address Error Redirector
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon RAW Codec
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.2
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Cartes du Ciel
Catalogue of Principal Galaxies 2007
CCleaner
Celestron HCupdate
Celestron MCupdate
Citavi
Compatibility Pack for the 2007 Office system
Cooliris for Internet Explorer
Creative MediaSource 5
DATA BECKER Creative MindMap 4 pro
DeepSkyStacker
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler
Dell Handbuch zum Einstieg
Detjeen-CD Physiologie
Digital Image Recovery 1.47
DRI Tool 2.0
Dropbox
Emsisoft HiJackFree 4.5
Eraser
Falk Navi-Manager
FileZilla Client 3.1.0.1
Garmin Lifetime Updater
Garmin Training Center
Garmin USB Drivers
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
GSview 4.9
Guidemaster Verion 2.0.14 Beta
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hugin 0.5 beta3
ICQ6.5
Image Analyzer
Indeo® software
Intel(R) PRO Network Connections 12.1.12.4
Intel® Viiv™ Software
InterVideo DeviceService
IPM Schulung Rev D
IPM Training Rev E
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) SE Runtime Environment 6
JPGVideo 1.05.0.0
Kaspersky Internet Security 2012
Logitech QuickCam
Logitech® Camera-Treiber
Malwarebytes Anti-Malware Version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office File Validation Add-In
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mouse Suite for Desktop Computers
MozBackup 1.4.7
Mozilla Firefox 10.0 (x86 de)
Mozilla Thunderbird (3.1.18)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
Neat Image v5 Demo (with plug-in)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OLYMPUS Raw Codec
OpenAL
OpticSlim 2400
PcWatt
PDF Encrypter
PDF Settings
PDF24 Creator 3.5.2
PDFCreator
phase5
Photocopier 3.05
PicLens for Internet Explorer
PixInsight LE 1.0
PL-2303 USB-to-Serial
PopTray 3.20
PRS-500 USB driver
QuickStores-Toolbar 1.1.0
QuickTime
Reader Library by Sony
RegiStar
RegiStax 5
RegiStax Version 4
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Premier
Roxio Creator Tools
Roxio EasyArchive
Roxio Express Labeler
Roxio MyDVD Premier
Roxio Update Manager
RuntimeLibsVC90
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SiSoftware Sandra Lite 2009.SP1
Skype™ 5.6
SmartSound Quicktracks Plugin
Sonic CinePlayer Decoder Pack
Sophos Anti-Rootkit 1.5.4
Sound Blaster X-Fi
Sprint & FineReader 5.0 Office Try&Buy
Stellarium 0.10.0
swMSM
TeamViewer 3
Trillian
TV-Browser 3.0.2
Ulead DVD DiskRecorder 2.1.1
Ulead VideoStudio 11
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VideoStudio
Virtual Moon Atlas Basic 3.5
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
WcCtrl - WebCam Control Utility
WIDCOMM Bluetooth Software 6.0.1.4300
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Writer
Windows Media Encoder 9-Reihe
Windows Media Player Firefox Plugin
Windows Mobile-Gerätecenter
Windows Mobile-Gerätecenter: Treiberupdate
ZipGenius 6 (6.0.3.1150)
.
==== End Of File =========================== GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-03 10:25:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3750640AS rev.3.ADG
Running: dims4kt3.exe; Driver: C:\Users\Basti\AppData\Local\Temp\fxlirpoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xDB43428A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0xDB44E342]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0xDB44E678]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0xDB44E9EE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0xDB434D04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0xDB44E02A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0xDB435276]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0xDB435164]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0xDB44E4E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0xDB434046]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0xDB43538E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0xDB4348BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xDB44E5B0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xDB43574E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xDB434D46]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0xDB436750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0xDB435840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0xDB435DAC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xDB44C840]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0xDB435308]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0xDB4351F0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0xDB4344C4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0xDB435B90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0xDB435420]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0xDB4343B8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0xDB43555C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0xDB44CA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0xDB4360D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0xDB4359E0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0xDB44E7DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xDB44E72A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xDB44E848]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0xDB4365F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0xDB44E1B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0xDB434BA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0xDB4355FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0xDB436222]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0xDB436316]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0xDB436450]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0xDB435670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0xDB434664]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0xDB4345BA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xDB435F8A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xDB434750]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0xDB434A2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0xDB4354A6]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 119 862E489C 4 Bytes [8A, 42, 43, DB]
.text ntkrnlpa.exe!KeSetEvent + 13D 862E48C0 8 Bytes [42, E3, 44, DB, 78, E6, 44, ...]
.text ntkrnlpa.exe!KeSetEvent + 181 862E4904 4 Bytes JMP 9967244D \SystemRoot\System32\drivers\CTEXFIFX.SYS (Creative XFi Effects/Creative Technology Ltd.)
.text ntkrnlpa.exe!KeSetEvent + 1A9 862E492C 4 Bytes [04, 4D, 43, DB]
.text ntkrnlpa.exe!KeSetEvent + 1C1 862E4944 4 Bytes [2A, E0, 44, DB]
.text ...
.text C:\Windows\system32\drivers\SSHDRV84.sys section is writeable [0x99799000, 0x233D4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\SSHDRV84.sys entry point in ".pklstb" section [0x997CB000]
.relo2 C:\Windows\system32\drivers\SSHDRV84.sys unknown last section [0x997E1000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\ACEDRV08.sys section is writeable [0x9B439000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV08.sys entry point in ".pklstb" section [0x9B47D000]
.relo2 C:\Windows\system32\drivers\ACEDRV08.sys unknown last section [0x9B499000, 0x8E, 0x42000040]
PAGE spsys.sys!?SPVersion@@3PADA + 1ABF 9B4E703F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9B4E70AF 1 Byte [16]
PAGE spsys.sys!?SPVersion@@3PADA + 1B2F 9B4E70AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB0 9B4E7130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB7 9B4E7137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
PAGE ...
? C:\Users\Basti\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2532] C:\Windows\system32\ntdll.dll time/date stamp mismatch; unknown module: secserv.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2532] ntdll.dll!NtProtectVirtualMemory 77824BA4 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2532] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2532] USER32.dll!SetScrollInfo + 7A8 77437980 4 Bytes [E0, 13, 54, 67]
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3112] C:\Windows\system32\ntdll.dll time/date stamp mismatch; unknown module: secserv.dll
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3112] ntdll.dll!NtProtectVirtualMemory 77824BA4 5 Bytes JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3112] C:\Windows\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[3112] USER32.dll!SetScrollInfo + 7A8 77437980 4 Bytes [E0, 13, 54, 67]
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029@0018130d74a1 0x97 0x4C 0x18 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029@0024ef198e8d 0xAD 0x1B 0x8D 0x52 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029@0018130d74a1 0x97 0x4C 0x18 0x13 ...
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029@0024ef198e8d 0xAD 0x1B 0x8D 0x52 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@ C:\Windows\system32\OLE32.DLL
---- EOF - GMER 1.0.15 ----[/HTML]
Hoffe das hilft weiter, LG Sebastian |
|
05.02.2012, 14:08
| #3 |
| | exploit.java.cve-2011-3544 irreparabel Hier noch das Kaspersky log
__________________Code:
ATTFilter Typ: Schwachstelle (2)
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=43269 Nicht gefunden 02.02.2012 17:37:43
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=46848 Nicht gefunden 02.02.2012 17:37:43
Typ: trojanisches Programm (9)
Exploit.Java.CVE-2011-3544.ec Desinfiziert 02.02.2012 18:49:43
Exploit.Java.CVE-2011-3544.ec Gelöscht 02.02.2012 18:49:43
Exploit.Java.CVE-2011-3544.ec Gelöscht 02.02.2012 18:49:12
Exploit.Java.CVE-2011-3544.ec Gelöscht 02.02.2012 18:48:58
Exploit.Java.CVE-2011-3544.eb Desinfiziert 02.02.2012 18:48:36
Exploit.Java.CVE-2011-3544.eb Gelöscht 02.02.2012 18:48:32
Exploit.Java.CVE-2011-3544.ec Gelöscht 02.02.2012 18:46:00
Exploit.Java.CVE-2011-3544.ec Gelöscht 02.02.2012 18:45:54
Exploit.Java.CVE-2011-3544.ec Gelöscht 02.02.2012 18:45:36
|
|
05.02.2012, 19:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | exploit.java.cve-2011-3544 irreparabel Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.02.2012, 14:41
| #5 |
| | exploit.java.cve-2011-3544 irreparabel Hallo, also, hier nun wie gewünscht die logs, zuerst mehrere mit Malewarebytes, zuerst der aktuelleste: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.05.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Basti :: DESKTOP01 [Administrator] 05.02.2012 20:51:10 mbam-log-2012-02-05 (20-51-10).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 678130 Laufzeit: 3 Stunde(n), 6 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ältere mbam-logs habe ich auch, nachdem ich das Problem mit meinem Wordpressblog hatte hatte ich erstmals Malewarebytes in Gebrauch, der hatte da auch promt was gefunden, diese gefundenen Sachen hatte ich dann gelöscht. Nachdem ich zu einem späteren Zeitpunkt eine Systemwiederherstellung gemacht hatte waren die Sachen wieder da und ich beseitigte sie erneut via Malwarebytes ... hier die Logs in chronologischer Reihenfolge: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.20.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Basti :: DESKTOP01 [Administrator] 21.01.2012 08:50:59 mbam-log-2012-01-21 (08-50-59).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222216 Laufzeit: 5 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.20.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Basti :: DESKTOP01 [Administrator] 21.01.2012 09:15:19 mbam-log-2012-01-21 (09-15-19).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 512490 Laufzeit: 1 Stunde(n), 58 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.24.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Basti :: DESKTOP01 [Administrator] 24.01.2012 21:17:20 mbam-log-2012-01-24 (21-17-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222713 Laufzeit: 11 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.24.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Basti :: DESKTOP01 [Administrator] 25.01.2012 11:08:20 mbam-log-2012-01-25 (11-08-20).txt Art des Suchlaufs: Benutzerdefinierter Suchlauf Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P Durchsuchte Objekte: 10404 Laufzeit: 10 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) nun noch das Eset-Log: Code:
ATTFilter SETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=258bce9d3b2aab4ca9ff528920fb672b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-06 01:23:57
# local_time=2012-02-06 02:23:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 103163730 103163730 0 0
# compatibility_mode=1280 16777215 100 0 333027 333027 0 0
# compatibility_mode=5892 16776637 100 100 86368 166051690 0 0
# compatibility_mode=8192 67108863 100 0 4512 4512 0 0
# scanned=540348
# found=7
# cleaned=0
# scan_time=15674
C:\DELL\drivers\R188694\PCTuneUp2.exe probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Basti\Desktop\Tools\PDFCreator-1_2_3_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Basti\Desktop\Tools\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
F:\BackUp\Tools\PDFCreator-1_2_3_setup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
F:\BackUp\Tools\Unlocker1.9.1.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
F:\THINK-PAED\Backup Set 2011-10-23 151743\Backup Files 2011-10-23 151743\Backup files 16.zip a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
An dieser Stelle schon mal vielen Dank für die umfassenden Mühen. LG Sebastian |
|
06.02.2012, 15:25
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | exploit.java.cve-2011-3544 irreparabel Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> exploit.java.cve-2011-3544 irreparabel |
|
06.02.2012, 17:03
| #7 |
| | exploit.java.cve-2011-3544 irreparabel Hallo, der Log ist zu lang zum posten, habe ihn als Archiv angehangen Gruß Sebastian |
|
06.02.2012, 19:46
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | exploit.java.cve-2011-3544 irreparabel Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - File not found [On_Demand | Stopped] -- -- (PTQ)
SRV - File not found [On_Demand | Stopped] -- -- (LCCNUQS)
SRV - File not found [On_Demand | Stopped] -- -- (BLC)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3071207
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
[2012.02.05 14:00:23 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-1.xml
[2009.03.28 12:34:18 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-10.xml
[2009.04.25 12:01:46 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-11.xml
[2009.04.29 15:54:41 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-12.xml
[2009.06.13 20:45:15 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-13.xml
[2009.07.06 15:01:34 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-14.xml
[2009.07.23 13:51:56 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-15.xml
[2009.08.06 12:57:37 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-16.xml
[2009.09.13 11:49:50 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-17.xml
[2009.10.31 15:14:42 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-18.xml
[2009.11.07 10:34:43 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-19.xml
[2008.02.10 21:21:52 | 000,000,949 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-2.xml
[2010.01.07 11:15:11 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-20.xml
[2010.01.15 14:39:56 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-21.xml
[2010.02.27 17:17:26 | 000,000,961 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-22.xml
[2010.03.24 07:02:13 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-23.xml
[2010.04.03 13:33:59 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-24.xml
[2010.04.05 10:19:45 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-25.xml
[2010.06.28 11:27:46 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-26.xml
[2010.07.30 10:02:27 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-27.xml
[2010.08.14 17:10:40 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-28.xml
[2008.03.27 15:23:02 | 000,000,949 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-3.xml
[2008.04.25 18:38:17 | 000,000,949 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-4.xml
[2008.04.26 16:42:28 | 000,000,949 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-5.xml
[2008.06.18 21:29:26 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-6.xml
[2008.07.02 22:22:22 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-7.xml
[2008.07.16 22:41:29 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-8.xml
[2009.03.23 11:01:38 | 000,000,950 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-9.xml
[2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin.xml
[2008.05.09 14:54:13 | 000,001,421 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\simbad-basic-search.xml
[2008.01.11 22:58:56 | 000,002,386 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\siteadvisor.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.12.14 10:00:22 | 000,008,192 | ---- | M] (Microsoft) - F:\AutoOff.exe -- [ NTFS ]
O32 - AutoRun File - [2010.11.02 14:29:16 | 000,000,073 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Menu.exe -- [2010.11.02 14:22:38 | 009,830,400 | ---- | M] (Markement GmbH )
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C97C8631
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2012, 20:24
| #9 |
| | exploit.java.cve-2011-3544 irreparabel Hallo, Fix habe ich durchgeführt, anbei das Log Code:
ATTFilter All processes killed
========== OTL ==========
Service PTQ stopped successfully!
Service PTQ deleted successfully!
Service LCCNUQS stopped successfully!
Service LCCNUQS deleted successfully!
Service BLC stopped successfully!
Service BLC deleted successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Prefs.js: "Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Secure Search" removed from browser.search.selectedEngine
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-27.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-28.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\simbad-basic-search.xml moved successfully.
C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\searchplugins\siteadvisor.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
F:\AutoOff.exe moved successfully.
F:\Autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
F:\Menu.exe moved successfully.
ADS C:\ProgramData\TEMP:C97C8631 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 548056 bytes
->Temporary Internet Files folder emptied: 401623 bytes
->Flash cache emptied: 84 bytes
User: All Users
User: Basti
->Temp folder emptied: 155769086 bytes
->Temporary Internet Files folder emptied: 808454 bytes
->Java cache emptied: 35787121 bytes
->FireFox cache emptied: 283982273 bytes
->Apple Safari cache emptied: 5465088 bytes
->Flash cache emptied: 121973 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: IUSR_NMPR
->Temp folder emptied: 1368 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 169527 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16490483 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 476,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02062012_201431
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Gruß Sebastian |
|
06.02.2012, 20:54
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | exploit.java.cve-2011-3544 irreparabel Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2012, 21:08
| #11 |
| | exploit.java.cve-2011-3544 irreparabel auch komplett: Code:
ATTFilter 21:09:06.0903 5472 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
21:09:07.0059 5472 ============================================================
21:09:07.0059 5472 Current date / time: 2012/02/06 21:09:07.0059
21:09:07.0059 5472 SystemInfo:
21:09:07.0059 5472
21:09:07.0059 5472 OS Version: 6.0.6002 ServicePack: 2.0
21:09:07.0059 5472 Product type: Workstation
21:09:07.0059 5472 ComputerName: DESKTOP01
21:09:07.0059 5472 UserName: Basti
21:09:07.0059 5472 Windows directory: C:\Windows
21:09:07.0059 5472 System windows directory: C:\Windows
21:09:07.0059 5472 Processor architecture: Intel x86
21:09:07.0059 5472 Number of processors: 4
21:09:07.0059 5472 Page size: 0x1000
21:09:07.0059 5472 Boot type: Normal boot
21:09:07.0059 5472 ============================================================
21:09:07.0543 5472 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:09:07.0574 5472 Drive \Device\Harddisk5\DR5 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:09:07.0590 5472 \Device\Harddisk0\DR0:
21:09:07.0590 5472 MBR used
21:09:07.0590 5472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1E00000
21:09:07.0590 5472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1B800, BlocksNum 0x5572A000
21:09:07.0590 5472 \Device\Harddisk5\DR5:
21:09:07.0590 5472 MBR used
21:09:07.0590 5472 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
21:09:07.0652 5472 Initialize success
21:09:07.0652 5472 ============================================================
21:09:40.0145 2768 ============================================================
21:09:40.0145 2768 Scan started
21:09:40.0145 2768 Mode: Manual; SigCheck; TDLFS;
21:09:40.0145 2768 ============================================================
21:09:40.0707 2768 54381946 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\54381946.sys
21:09:40.0816 2768 54381946 - ok
21:09:40.0878 2768 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
21:09:40.0910 2768 61883 - ok
21:09:40.0988 2768 ACEDRV08 (da06d89cdfdd0d24de75165cf6d4270b) C:\Windows\system32\drivers\ACEDRV08.sys
21:09:41.0003 2768 ACEDRV08 - ok
21:09:41.0034 2768 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:09:41.0034 2768 ACPI - ok
21:09:41.0128 2768 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:09:41.0144 2768 adp94xx - ok
21:09:41.0175 2768 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:09:41.0190 2768 adpahci - ok
21:09:41.0222 2768 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:09:41.0237 2768 adpu160m - ok
21:09:41.0253 2768 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:09:41.0268 2768 adpu320 - ok
21:09:41.0362 2768 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:09:41.0378 2768 AFD - ok
21:09:41.0440 2768 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
21:09:41.0456 2768 agp440 - ok
21:09:41.0518 2768 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:09:41.0534 2768 aic78xx - ok
21:09:41.0612 2768 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
21:09:41.0627 2768 aliide - ok
21:09:41.0674 2768 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
21:09:41.0690 2768 amdagp - ok
21:09:41.0721 2768 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
21:09:41.0736 2768 amdide - ok
21:09:41.0799 2768 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:09:41.0846 2768 AmdK7 - ok
21:09:41.0877 2768 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:09:41.0908 2768 AmdK8 - ok
21:09:41.0970 2768 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:09:41.0970 2768 arc - ok
21:09:42.0033 2768 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:09:42.0033 2768 arcsas - ok
21:09:42.0142 2768 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:42.0158 2768 AsyncMac - ok
21:09:42.0204 2768 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:09:42.0204 2768 atapi - ok
21:09:42.0251 2768 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
21:09:42.0282 2768 Avc - ok
21:09:42.0345 2768 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:09:42.0376 2768 Beep - ok
21:09:42.0423 2768 blbdrive - ok
21:09:42.0485 2768 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:09:42.0501 2768 bowser - ok
21:09:42.0579 2768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:09:42.0594 2768 BrFiltLo - ok
21:09:42.0672 2768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:09:42.0704 2768 BrFiltUp - ok
21:09:42.0735 2768 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:09:42.0782 2768 Brserid - ok
21:09:42.0828 2768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:09:42.0860 2768 BrSerWdm - ok
21:09:42.0984 2768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:09:43.0016 2768 BrUsbMdm - ok
21:09:43.0047 2768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:09:43.0094 2768 BrUsbSer - ok
21:09:43.0140 2768 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:09:43.0156 2768 BthEnum - ok
21:09:43.0218 2768 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
21:09:43.0234 2768 BTHMODEM - ok
21:09:43.0312 2768 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:09:43.0328 2768 BthPan - ok
21:09:43.0374 2768 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
21:09:43.0406 2768 BTHPORT - ok
21:09:43.0452 2768 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
21:09:43.0468 2768 BTHUSB - ok
21:09:43.0530 2768 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
21:09:43.0546 2768 btwaudio - ok
21:09:43.0562 2768 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
21:09:43.0562 2768 btwavdt - ok
21:09:43.0608 2768 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
21:09:43.0608 2768 btwrchid - ok
21:09:43.0702 2768 camdrv41 (2948ebd41fa73c5743162a5c49ebf224) C:\Windows\system32\DRIVERS\camdrv41.sys
21:09:43.0733 2768 camdrv41 - ok
21:09:43.0827 2768 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:09:43.0858 2768 cdfs - ok
21:09:43.0920 2768 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:09:43.0952 2768 cdrom - ok
21:09:43.0983 2768 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:09:44.0014 2768 circlass - ok
21:09:44.0045 2768 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:09:44.0061 2768 CLFS - ok
21:09:44.0123 2768 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
21:09:44.0139 2768 cmdide - ok
21:09:44.0186 2768 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:09:44.0186 2768 Compbatt - ok
21:09:44.0201 2768 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:09:44.0217 2768 crcdisk - ok
21:09:44.0232 2768 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:09:44.0279 2768 Crusoe - ok
21:09:44.0373 2768 CT20XUT (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\system32\drivers\CT20XUT.SYS
21:09:44.0373 2768 CT20XUT - ok
21:09:44.0404 2768 CT20XUT.DLL - ok
21:09:44.0435 2768 CT20XUT.SYS (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\System32\drivers\CT20XUT.SYS
21:09:44.0451 2768 CT20XUT.SYS - ok
21:09:44.0513 2768 ctac32k (7ec5c5f0b0c14ec186074fd095f0f370) C:\Windows\system32\drivers\ctac32k.sys
21:09:44.0529 2768 ctac32k - ok
21:09:44.0576 2768 ctaud2k (8dc02de5321499e6c1fe87e43d86a73b) C:\Windows\system32\drivers\ctaud2k.sys
21:09:44.0591 2768 ctaud2k - ok
21:09:44.0638 2768 CTEXFIFX (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\system32\drivers\CTEXFIFX.SYS
21:09:44.0669 2768 CTEXFIFX - ok
21:09:44.0716 2768 CTEXFIFX.DLL - ok
21:09:44.0778 2768 CTEXFIFX.SYS (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\System32\drivers\CTEXFIFX.SYS
21:09:44.0810 2768 CTEXFIFX.SYS - ok
21:09:44.0872 2768 CTHWIUT (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\system32\drivers\CTHWIUT.SYS
21:09:44.0888 2768 CTHWIUT - ok
21:09:44.0888 2768 CTHWIUT.DLL - ok
21:09:44.0903 2768 CTHWIUT.SYS (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\System32\drivers\CTHWIUT.SYS
21:09:44.0919 2768 CTHWIUT.SYS - ok
21:09:44.0966 2768 ctprxy2k (920b45bc9191f4e880ea2b75524d96ab) C:\Windows\system32\drivers\ctprxy2k.sys
21:09:44.0966 2768 ctprxy2k - ok
21:09:44.0997 2768 ctsfm2k (eac70ef0b40df7b8178bf5e80b5f4277) C:\Windows\system32\drivers\ctsfm2k.sys
21:09:44.0997 2768 ctsfm2k - ok
21:09:45.0075 2768 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:09:45.0075 2768 DfsC - ok
21:09:45.0184 2768 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:09:45.0200 2768 disk - ok
21:09:45.0278 2768 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:09:45.0293 2768 drmkaud - ok
21:09:45.0340 2768 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:09:45.0356 2768 DXGKrnl - ok
21:09:45.0465 2768 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
21:09:45.0465 2768 e1express - ok
21:09:45.0512 2768 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:09:45.0558 2768 E1G60 - ok
21:09:45.0621 2768 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:09:45.0636 2768 Ecache - ok
21:09:45.0714 2768 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:09:45.0714 2768 elxstor - ok
21:09:45.0808 2768 emupia (8b41f776beafda612cdf8ffa997b201e) C:\Windows\system32\drivers\emupia2k.sys
21:09:45.0808 2768 emupia - ok
21:09:45.0902 2768 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:09:45.0917 2768 exfat - ok
21:09:45.0948 2768 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:09:45.0964 2768 fastfat - ok
21:09:46.0042 2768 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:09:46.0089 2768 fdc - ok
21:09:46.0151 2768 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:09:46.0167 2768 FileInfo - ok
21:09:46.0182 2768 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:09:46.0214 2768 Filetrace - ok
21:09:46.0260 2768 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:46.0307 2768 flpydisk - ok
21:09:46.0370 2768 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:09:46.0385 2768 FltMgr - ok
21:09:46.0448 2768 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:09:46.0463 2768 Fs_Rec - ok
21:09:46.0494 2768 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:09:46.0510 2768 gagp30kx - ok
21:09:46.0572 2768 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:09:46.0572 2768 GEARAspiWDM - ok
21:09:46.0635 2768 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
21:09:46.0635 2768 ggflt - ok
21:09:46.0666 2768 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
21:09:46.0666 2768 ggsemc - ok
21:09:46.0760 2768 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
21:09:46.0760 2768 grmnusb - ok
21:09:46.0931 2768 GT680xNT (0827f8a536e7e33393308eae4285e1e3) C:\Windows\system32\drivers\gt680x.sys
21:09:46.0947 2768 GT680xNT - ok
21:09:47.0072 2768 ha20x2k (eda33b1d4721470bb924f082cf66d06a) C:\Windows\system32\drivers\ha20x2k.sys
21:09:47.0103 2768 ha20x2k - ok
21:09:47.0165 2768 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
21:09:47.0181 2768 hamachi - ok
21:09:47.0243 2768 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:09:47.0259 2768 HdAudAddService - ok
21:09:47.0290 2768 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:09:47.0321 2768 HDAudBus - ok
21:09:47.0352 2768 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
21:09:47.0368 2768 HidBth - ok
21:09:47.0415 2768 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:09:47.0446 2768 HidIr - ok
21:09:47.0508 2768 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:09:47.0524 2768 HidUsb - ok
21:09:47.0540 2768 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:09:47.0555 2768 HpCISSs - ok
21:09:47.0586 2768 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:09:47.0618 2768 HTTP - ok
21:09:47.0696 2768 hwinterface (448bb2fe30f1dde9eaa4f0e87b52b687) C:\Windows\system32\Drivers\hwinterface.sys
21:09:47.0696 2768 hwinterface ( UnsignedFile.Multi.Generic ) - warning
21:09:47.0696 2768 hwinterface - detected UnsignedFile.Multi.Generic (1)
21:09:47.0711 2768 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:09:47.0727 2768 i2omp - ok
21:09:47.0789 2768 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:09:47.0820 2768 i8042prt - ok
21:09:47.0836 2768 iaStor (bdc361489a7f22e568060fa6fb3c960e) C:\Windows\system32\drivers\iastor.sys
21:09:47.0852 2768 iaStor - ok
21:09:47.0867 2768 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:09:47.0883 2768 iaStorV - ok
21:09:47.0898 2768 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:09:47.0914 2768 iirsp - ok
21:09:47.0976 2768 IntelDH (7f440f8ced849fcdfa85bb3521b4f048) C:\Windows\system32\Drivers\IntelDH.sys
21:09:47.0992 2768 IntelDH - ok
21:09:48.0008 2768 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
21:09:48.0008 2768 intelide - ok
21:09:48.0054 2768 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:09:48.0086 2768 intelppm - ok
21:09:48.0132 2768 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:48.0164 2768 IpFilterDriver - ok
21:09:48.0164 2768 IpInIp - ok
21:09:48.0210 2768 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:09:48.0242 2768 IPMIDRV - ok
21:09:48.0288 2768 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:09:48.0320 2768 IPNAT - ok
21:09:48.0351 2768 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:09:48.0382 2768 IRENUM - ok
21:09:48.0413 2768 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
21:09:48.0413 2768 isapnp - ok
21:09:48.0476 2768 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:09:48.0491 2768 iScsiPrt - ok
21:09:48.0538 2768 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:09:48.0554 2768 iteatapi - ok
21:09:48.0616 2768 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:09:48.0616 2768 iteraid - ok
21:09:48.0647 2768 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:48.0663 2768 kbdclass - ok
21:09:48.0678 2768 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:48.0694 2768 kbdhid - ok
21:09:48.0772 2768 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
21:09:48.0788 2768 KL1 - ok
21:09:48.0803 2768 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
21:09:48.0819 2768 kl2 - ok
21:09:48.0866 2768 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
21:09:48.0897 2768 KLIF - ok
21:09:48.0928 2768 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
21:09:48.0928 2768 KLIM6 - ok
21:09:48.0975 2768 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
21:09:48.0975 2768 klmouflt - ok
21:09:49.0006 2768 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:09:49.0053 2768 KSecDD - ok
21:09:49.0100 2768 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:09:49.0131 2768 lltdio - ok
21:09:49.0178 2768 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:09:49.0178 2768 LSI_FC - ok
21:09:49.0193 2768 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:09:49.0209 2768 LSI_SAS - ok
21:09:49.0256 2768 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:09:49.0271 2768 LSI_SCSI - ok
21:09:49.0287 2768 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:09:49.0318 2768 luafv - ok
21:09:49.0427 2768 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
21:09:49.0474 2768 LVcKap - ok
21:09:49.0552 2768 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys
21:09:49.0599 2768 LVMVDrv - ok
21:09:49.0708 2768 lvpopflt (92990b040b68632cc3f80a742d163937) C:\Windows\system32\DRIVERS\lvpopflt.sys
21:09:49.0739 2768 lvpopflt - ok
21:09:49.0770 2768 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:09:49.0786 2768 LVPr2Mon - ok
21:09:49.0833 2768 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\Windows\system32\drivers\LVUSBSta.sys
21:09:49.0848 2768 LVUSBSta - ok
21:09:49.0926 2768 LVUVC (b0dfee7da5e6d04762e25e355d94d8b5) C:\Windows\system32\DRIVERS\lvuvc.sys
21:09:50.0004 2768 LVUVC - ok
21:09:50.0098 2768 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:09:50.0114 2768 megasas - ok
21:09:50.0145 2768 MEMSWEEP2 - ok
21:09:50.0176 2768 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:09:50.0207 2768 Modem - ok
21:09:50.0254 2768 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:09:50.0285 2768 monitor - ok
21:09:50.0301 2768 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:09:50.0316 2768 mouclass - ok
21:09:50.0332 2768 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:09:50.0363 2768 mouhid - ok
21:09:50.0394 2768 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:09:50.0394 2768 MountMgr - ok
21:09:50.0472 2768 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys
21:09:50.0472 2768 MPFP - ok
21:09:50.0504 2768 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:09:50.0504 2768 mpio - ok
21:09:50.0535 2768 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:09:50.0550 2768 mpsdrv - ok
21:09:50.0566 2768 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:09:50.0582 2768 Mraid35x - ok
21:09:50.0597 2768 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:09:50.0613 2768 MRxDAV - ok
21:09:50.0660 2768 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:50.0675 2768 mrxsmb - ok
21:09:50.0706 2768 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:50.0722 2768 mrxsmb10 - ok
21:09:50.0722 2768 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:50.0738 2768 mrxsmb20 - ok
21:09:50.0769 2768 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
21:09:50.0784 2768 msahci - ok
21:09:50.0800 2768 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:09:50.0816 2768 msdsm - ok
21:09:50.0878 2768 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
21:09:50.0894 2768 MSDV - ok
21:09:50.0940 2768 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:09:50.0972 2768 Msfs - ok
21:09:51.0018 2768 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:09:51.0034 2768 msisadrv - ok
21:09:51.0065 2768 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:09:51.0096 2768 MSKSSRV - ok
21:09:51.0143 2768 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:51.0159 2768 MSPCLOCK - ok
21:09:51.0174 2768 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:09:51.0206 2768 MSPQM - ok
21:09:51.0237 2768 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:09:51.0252 2768 MsRPC - ok
21:09:51.0299 2768 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:09:51.0299 2768 mssmbios - ok
21:09:51.0362 2768 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:09:51.0377 2768 MSTEE - ok
21:09:51.0408 2768 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:09:51.0424 2768 Mup - ok
21:09:51.0502 2768 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:09:51.0518 2768 NativeWifiP - ok
21:09:51.0596 2768 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:09:51.0611 2768 NDIS - ok
21:09:51.0658 2768 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:51.0674 2768 NdisTapi - ok
21:09:51.0720 2768 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:51.0752 2768 Ndisuio - ok
21:09:51.0783 2768 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:51.0798 2768 NdisWan - ok
21:09:51.0830 2768 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:09:51.0845 2768 NDProxy - ok
21:09:51.0892 2768 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:09:51.0908 2768 NetBIOS - ok
21:09:51.0954 2768 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:09:51.0986 2768 netbt - ok
21:09:52.0079 2768 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:09:52.0095 2768 nfrd960 - ok
21:09:52.0126 2768 nmsunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\nmsunidr.sys
21:09:52.0126 2768 nmsunidr - ok
21:09:52.0157 2768 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:09:52.0173 2768 Npfs - ok
21:09:52.0204 2768 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:09:52.0220 2768 nsiproxy - ok
21:09:52.0251 2768 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:09:52.0329 2768 Ntfs - ok
21:09:52.0360 2768 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:09:52.0407 2768 ntrigdigi - ok
21:09:52.0422 2768 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:09:52.0454 2768 Null - ok
21:09:52.0500 2768 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
21:09:52.0516 2768 NVHDA - ok
21:09:52.0812 2768 nvlddmkm (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:53.0062 2768 nvlddmkm - ok
21:09:53.0109 2768 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:09:53.0124 2768 nvraid - ok
21:09:53.0140 2768 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:09:53.0156 2768 nvstor - ok
21:09:53.0171 2768 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
21:09:53.0187 2768 nv_agp - ok
21:09:53.0202 2768 NwlnkFlt - ok
21:09:53.0202 2768 NwlnkFwd - ok
21:09:53.0280 2768 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:09:53.0296 2768 ohci1394 - ok
21:09:53.0358 2768 ossrv (ea7563de822696f1b9be9e589d33fa96) C:\Windows\system32\drivers\ctoss2k.sys
21:09:53.0374 2768 ossrv - ok
21:09:53.0421 2768 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:09:53.0452 2768 Parport - ok
21:09:53.0483 2768 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:09:53.0499 2768 partmgr - ok
21:09:53.0530 2768 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:09:53.0577 2768 Parvdm - ok
21:09:53.0608 2768 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:09:53.0624 2768 pci - ok
21:09:53.0639 2768 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:09:53.0655 2768 pciide - ok
21:09:53.0686 2768 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:09:53.0686 2768 pcmcia - ok
21:09:53.0780 2768 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:09:53.0826 2768 PEAUTH - ok
21:09:53.0904 2768 pmxmouse (fab495f1defeb596c44b9752a25e2a60) C:\Windows\system32\DRIVERS\pmxmouse.sys
21:09:53.0920 2768 pmxmouse - ok
21:09:53.0951 2768 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
21:09:53.0967 2768 pmxusblf - ok
21:09:54.0045 2768 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:09:54.0076 2768 PptpMiniport - ok
21:09:54.0107 2768 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:09:54.0138 2768 Processor - ok
21:09:54.0216 2768 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:09:54.0248 2768 PSched - ok
21:09:54.0279 2768 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
21:09:54.0294 2768 PxHelp20 - ok
21:09:54.0372 2768 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:09:54.0388 2768 ql2300 - ok
21:09:54.0435 2768 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:09:54.0450 2768 ql40xx - ok
21:09:54.0513 2768 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:09:54.0528 2768 QWAVEdrv - ok
21:09:54.0591 2768 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:09:54.0669 2768 R300 - ok
21:09:54.0716 2768 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:09:54.0747 2768 RasAcd - ok
21:09:54.0778 2768 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:54.0794 2768 Rasl2tp - ok
21:09:54.0825 2768 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:54.0840 2768 RasPppoe - ok
21:09:54.0887 2768 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:09:54.0903 2768 RasSstp - ok
21:09:54.0934 2768 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:09:54.0950 2768 rdbss - ok
21:09:54.0996 2768 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:55.0028 2768 RDPCDD - ok
21:09:55.0090 2768 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
21:09:55.0106 2768 rdpdr - ok
21:09:55.0121 2768 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:09:55.0152 2768 RDPENCDD - ok
21:09:55.0215 2768 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:09:55.0246 2768 RDPWD - ok
21:09:55.0293 2768 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:09:55.0308 2768 RFCOMM - ok
21:09:55.0340 2768 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:09:55.0371 2768 rspndr - ok
21:09:55.0418 2768 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
21:09:55.0433 2768 s117bus - ok
21:09:55.0449 2768 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
21:09:55.0464 2768 s117mdfl - ok
21:09:55.0480 2768 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
21:09:55.0496 2768 s117mdm - ok
21:09:55.0527 2768 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys
21:09:55.0527 2768 s117mgmt - ok
21:09:55.0542 2768 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys
21:09:55.0558 2768 s117nd5 - ok
21:09:55.0589 2768 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys
21:09:55.0605 2768 s117obex - ok
21:09:55.0636 2768 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys
21:09:55.0636 2768 s117unic - ok
21:09:55.0761 2768 SANDRA (1644ad672da94378b5564fbac4c7ce28) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys
21:09:55.0776 2768 SANDRA - ok
21:09:55.0808 2768 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:09:55.0823 2768 sbp2port - ok
21:09:55.0854 2768 SDDMI2 - ok
21:09:55.0901 2768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:09:55.0932 2768 secdrv - ok
21:09:56.0010 2768 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
21:09:56.0026 2768 seehcri - ok
21:09:56.0073 2768 Ser2pl (6cd8dc61304bf5ca16fe48dc3039cc05) C:\Windows\system32\DRIVERS\ser2pl.sys
21:09:56.0088 2768 Ser2pl - ok
21:09:56.0104 2768 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
21:09:56.0151 2768 Serenum - ok
21:09:56.0182 2768 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:09:56.0229 2768 Serial - ok
21:09:56.0260 2768 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:09:56.0291 2768 sermouse - ok
21:09:56.0322 2768 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
21:09:56.0322 2768 sffdisk - ok
21:09:56.0338 2768 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:09:56.0354 2768 sffp_mmc - ok
21:09:56.0369 2768 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
21:09:56.0385 2768 sffp_sd - ok
21:09:56.0400 2768 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:09:56.0447 2768 sfloppy - ok
21:09:56.0463 2768 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
21:09:56.0478 2768 sisagp - ok
21:09:56.0494 2768 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:09:56.0510 2768 SiSRaid2 - ok
21:09:56.0525 2768 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:09:56.0541 2768 SiSRaid4 - ok
21:09:56.0572 2768 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:09:56.0588 2768 Smb - ok
21:09:56.0650 2768 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:09:56.0666 2768 spldr - ok
21:09:56.0728 2768 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:09:56.0744 2768 srv - ok
21:09:56.0775 2768 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:09:56.0790 2768 srv2 - ok
21:09:56.0853 2768 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:09:56.0853 2768 srvnet - ok
21:09:56.0884 2768 SSHDRV84 (cfc9b1ca57b41323a721d5f01fb2f899) C:\Windows\system32\drivers\SSHDRV84.sys
21:09:56.0900 2768 SSHDRV84 ( UnsignedFile.Multi.Generic ) - warning
21:09:56.0900 2768 SSHDRV84 - detected UnsignedFile.Multi.Generic (1)
21:09:56.0931 2768 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:09:56.0946 2768 swenum - ok
21:09:57.0024 2768 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:09:57.0040 2768 Symc8xx - ok
21:09:57.0102 2768 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:09:57.0102 2768 Sym_hi - ok
21:09:57.0134 2768 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:09:57.0149 2768 Sym_u3 - ok
21:09:57.0227 2768 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:09:57.0258 2768 Tcpip - ok
21:09:57.0305 2768 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:09:57.0336 2768 Tcpip6 - ok
21:09:57.0383 2768 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:09:57.0399 2768 tcpipreg - ok
21:09:57.0461 2768 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:09:57.0477 2768 TDPIPE - ok
21:09:57.0492 2768 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:09:57.0524 2768 TDTCP - ok
21:09:57.0555 2768 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:09:57.0570 2768 tdx - ok
21:09:57.0602 2768 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:09:57.0617 2768 TermDD - ok
21:09:57.0648 2768 TridVid (edb4065c757df24db891e3d0b66c2b72) C:\Windows\system32\DRIVERS\TridVid.sys
21:09:57.0664 2768 TridVid ( UnsignedFile.Multi.Generic ) - warning
21:09:57.0664 2768 TridVid - detected UnsignedFile.Multi.Generic (1)
21:09:57.0773 2768 TSHWMDTCP (b56368b25a51cebda77e6b20764f07f2) C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
21:09:57.0773 2768 TSHWMDTCP - ok
21:09:57.0820 2768 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:09:57.0836 2768 tssecsrv - ok
21:09:57.0929 2768 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:09:57.0945 2768 tunmp - ok
21:09:57.0960 2768 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:09:57.0976 2768 tunnel - ok
21:09:58.0007 2768 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:09:58.0023 2768 uagp35 - ok
21:09:58.0054 2768 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:09:58.0070 2768 udfs - ok
21:09:58.0101 2768 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
21:09:58.0116 2768 uliagpkx - ok
21:09:58.0132 2768 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:09:58.0148 2768 uliahci - ok
21:09:58.0163 2768 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:09:58.0179 2768 UlSata - ok
21:09:58.0194 2768 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:09:58.0194 2768 ulsata2 - ok
21:09:58.0226 2768 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:09:58.0241 2768 umbus - ok
21:09:58.0319 2768 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
21:09:58.0335 2768 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
21:09:58.0335 2768 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
21:09:58.0366 2768 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:09:58.0397 2768 usbaudio - ok
21:09:58.0460 2768 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:09:58.0475 2768 usbccgp - ok
21:09:58.0506 2768 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:09:58.0553 2768 usbcir - ok
21:09:58.0569 2768 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:09:58.0600 2768 usbehci - ok
21:09:58.0631 2768 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:09:58.0647 2768 usbhub - ok
21:09:58.0662 2768 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:09:58.0709 2768 usbohci - ok
21:09:58.0725 2768 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:09:58.0756 2768 usbprint - ok
21:09:58.0803 2768 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:09:58.0834 2768 USBSTOR - ok
21:09:58.0850 2768 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:09:58.0881 2768 usbuhci - ok
21:09:58.0928 2768 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:09:58.0959 2768 vga - ok
21:09:58.0990 2768 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:09:59.0021 2768 VgaSave - ok
21:09:59.0052 2768 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
21:09:59.0052 2768 viaagp - ok
21:09:59.0068 2768 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:09:59.0115 2768 ViaC7 - ok
21:09:59.0130 2768 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
21:09:59.0146 2768 viaide - ok
21:09:59.0177 2768 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:09:59.0177 2768 volmgr - ok
21:09:59.0208 2768 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:09:59.0224 2768 volmgrx - ok
21:09:59.0286 2768 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:09:59.0302 2768 volsnap - ok
21:09:59.0318 2768 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:09:59.0333 2768 vsmraid - ok
21:09:59.0364 2768 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:09:59.0396 2768 WacomPen - ok
21:09:59.0427 2768 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:59.0458 2768 Wanarp - ok
21:09:59.0458 2768 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:09:59.0474 2768 Wanarpv6 - ok
21:09:59.0505 2768 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:09:59.0505 2768 Wd - ok
21:09:59.0567 2768 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:09:59.0583 2768 Wdf01000 - ok
21:09:59.0661 2768 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
21:09:59.0692 2768 WinUsb - ok
21:09:59.0708 2768 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:09:59.0754 2768 WmiAcpi - ok
21:09:59.0832 2768 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:09:59.0848 2768 WpdUsb - ok
21:09:59.0895 2768 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:09:59.0926 2768 ws2ifsl - ok
21:09:59.0973 2768 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:09:59.0988 2768 WUDFRd - ok
21:10:00.0004 2768 yeddef - ok
21:10:00.0035 2768 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:10:00.0207 2768 \Device\Harddisk0\DR0 - ok
21:10:00.0222 2768 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk5\DR5
21:10:00.0300 2768 \Device\Harddisk5\DR5 - ok
21:10:00.0316 2768 Boot (0x1200) (6d5a8c089733f2a0fa98493040fc0442) \Device\Harddisk0\DR0\Partition0
21:10:00.0332 2768 \Device\Harddisk0\DR0\Partition0 - ok
21:10:00.0332 2768 Boot (0x1200) (e98b6bbb6c07439fb11e84f7dfb7ca78) \Device\Harddisk0\DR0\Partition1
21:10:00.0332 2768 \Device\Harddisk0\DR0\Partition1 - ok
21:10:00.0332 2768 Boot (0x1200) (e1ead77bc452b15aca06b232ee72d747) \Device\Harddisk5\DR5\Partition0
21:10:00.0332 2768 \Device\Harddisk5\DR5\Partition0 - ok
21:10:00.0332 2768 ============================================================
21:10:00.0332 2768 Scan finished
21:10:00.0332 2768 ============================================================
21:10:00.0347 3412 Detected object count: 4
21:10:00.0347 3412 Actual detected object count: 4
21:10:09.0192 3412 hwinterface ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:09.0192 3412 hwinterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:09.0192 3412 SSHDRV84 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:09.0192 3412 SSHDRV84 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:09.0192 3412 TridVid ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:09.0192 3412 TridVid ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:09.0192 3412 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:09.0192 3412 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.02.2012, 21:12
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | exploit.java.cve-2011-3544 irreparabel Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.02.2012, 21:12
| #13 |
| | exploit.java.cve-2011-3544 irreparabel Sorry, hatte noch das OTL-Log im Zwischenspeicher, habe den Beitrag editiert und du findest jetzt das TDSS-Log, wie gewünscht LG Sebastian |
|
06.02.2012, 21:44
| #14 |
| | exploit.java.cve-2011-3544 irreparabel hier nun das Log von Combofix Code:
ATTFilter ComboFix 12-02-06.02 - Basti 06.02.2012 21:21:54.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3325.1895 [GMT 1:00]
ausgeführt von:: c:\users\Basti\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml92B0.tmp
c:\programdata\xml989A.tmp
c:\programdata\xml99A4.tmp
c:\programdata\xmlC70.tmp
c:\programdata\xmlCEE.tmp
c:\programdata\xmlF7B7.tmp
c:\users\Basti\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-06 bis 2012-02-06 ))))))))))))))))))))))))))))))
.
.
2012-02-06 20:33 . 2012-02-06 20:33 -------- d-----w- c:\users\Basti\AppData\Local\temp
2012-02-06 19:14 . 2012-02-06 19:14 -------- d-----w- C:\_OTL
2012-02-06 08:47 . 2012-02-06 08:47 -------- d-----w- c:\program files\ESET
2012-02-04 16:05 . 2012-02-04 16:06 -------- d-----w- c:\program files\Security Task Manager
2012-02-03 09:36 . 2012-01-17 03:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D92D1DDF-AFA7-4634-97CE-968493AD6D04}\mpengine.dll
2012-02-02 16:11 . 2012-02-02 16:11 -------- d-----w- c:\program files\Apple Software Update
2012-02-02 13:35 . 2012-02-02 13:59 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-02-02 13:35 . 2012-02-02 13:59 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-02-02 13:35 . 2011-04-24 22:13 110992 ----a-w- c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2\components\abhelperxpcom.dll
2012-02-02 13:35 . 2011-04-24 22:13 147856 ----a-w- c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2\components\kavlinkfilter.dll
2012-02-02 13:32 . 2012-02-06 20:12 -------- d-----w- c:\programdata\Kaspersky Lab
2012-02-02 13:32 . 2012-02-02 13:32 -------- d-----w- c:\program files\Kaspersky Lab
2012-02-01 10:24 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-02-01 10:24 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-01 10:24 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-02-01 10:24 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-02-01 10:24 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-01 10:24 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-24 20:49 . 2012-01-24 09:44 133208 ----a-w- c:\windows\system32\drivers\54381946.sys
2012-01-24 20:14 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 20:09 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-24 20:09 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-24 20:09 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-24 20:09 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-24 20:09 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-24 20:09 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-24 20:09 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-24 20:09 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-24 18:23 . 2012-01-24 18:23 -------- d-----w- c:\program files\Lavasoft
2012-01-21 04:41 . 2012-01-21 04:41 -------- d-----w- c:\users\Basti\AppData\Roaming\Malwarebytes
2012-01-21 04:41 . 2012-01-21 04:41 -------- d-----w- c:\programdata\Malwarebytes
2012-01-21 04:41 . 2012-01-31 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-03 06:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 14:02 . 2011-05-27 17:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-14 18:47 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 04:54 . 2010-04-29 19:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-31 18:22 . 2012-01-24 20:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Basti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-26 19982472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2011-08-05 220552]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft OfficeNew\Office14\ONENOTEM.EXE [2011-9-2 227712]
PopTray.lnk - c:\program files\PopTray\PopTray.exe [2006-9-16 1666048]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-8-18 2068832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABBYY Community Agent]
2001-01-31 14:32 241664 ----a-w- c:\program files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-22 23:03 916240 ----a-w- c:\program files\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 14:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-08-05 11:01 220552 ----a-w- c:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1110373458-1285038473-1068350359-1001]
"EnableNotificationsRef"=dword:00000001
.
S0 54381946;54381946;c:\windows\system32\DRIVERS\54381946.sys [2012-01-24 133208]
S2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2011-09-16 108768]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 42174787
*NewlyCreated* - 92871784
*Deregistered* - 42174787
*Deregistered* - 92871784
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 06:51]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 06:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~1\MI61B6~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI61B6~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\gq42k2w4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.heute.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-BLUDRUME - c:\program files\BLUDRUME\uninstall.exe
AddRemove-{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} - c:\program files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-06 21:33
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3C77.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-02-06 21:38:31
ComboFix-quarantined-files.txt 2012-02-06 20:38
.
Vor Suchlauf: 20 Verzeichnis(se), 248.034.656.256 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 247.936.229.376 Bytes frei
.
- - End Of File - - 875FF4ADF5DA222D2425DA8E1249BE4B
Gruß Sebastian |
|
06.02.2012, 21:55
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | exploit.java.cve-2011-3544 irreparabel Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu exploit.java.cve-2011-3544 irreparabel |
| anzeige, aufgesetzt, betrifft, dateien, desinfektion, erfahrung, exploit.java.cve-2011-3544, folge, folgende, gefunde, gehackte, gelöscht, hallo zusammen, infektion, komplett, konnte, löschen, neu, neu aufgesetzt, nicht möglich, nichts, problem, sauber, untersuchung, vollständige, würde, würdet, zusammen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
