Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Dropper.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.03.2011, 12:37   #1
Der Typ
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Hallo zusammen,

bei meinen Bekannten wurde auf dem Windows 7 Rechner der Trojaner/Virus TR/Dropper.Gen von AntiVir gefunden. Antivir kann diesen aber nicht entfernen. Des Weiteren kommt bei jedem Start die Meldung das die Windows Firewall nicht aktiviert ist. Unter "services.msc" ist der Firewall-Dienst aber auf automatisch aktiviert.

Hier die beiden OTL Logs (OTL & Extras):

Hier noch der Quick-Scan von Malwarebyte's Anti-Malware:
Angehängte Dateien
Dateityp: txt mbam-log-2011-03-27 (13-41-40).txt (2,4 KB, 213x aufgerufen)

Alt 28.03.2011, 11:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 29.03.2011, 10:53   #3
Der Typ
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Hi Arne,

bin in der Woche dienstlich unterwegs und erst am Samstag wieder an dem betroffenen Rechner. Der PC bleibt auf mein anraten über die Woche erstmal aus. Werde am Samstag nochmal Malwarebytes laufen lassen und Dir die entsprechenden Logs posten. Dank Dir schon mal für Deine Hilfe
__________________

Alt 01.04.2011, 21:35   #4
Der Typ
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Nabend Arne,

hier die aktuelle Log-Datei von Malwarebytes. Weitere Logs (ausser dem Log aus dem Ausgangspost) gibt es nicht. Antvir zeigt aber immer noch den Virus TR/Dropper.Gen an. Wäre wirklich nett wenn Du mir sagen könntest wie ich nun weiter verfahren kann um den Schädling zu entfernen. Dank Dir schon mal für Deine Hilfe
Angehängte Dateien
Dateityp: txt mbam-log-2011-04-01 (21-46-29).txt (1,0 KB, 172x aufgerufen)

Alt 02.04.2011, 13:41   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [Audio HD Driver] C:\Users\Reinhard\AppData\Local\Temp\PScZ5PLBzGTt.exe ()
O4 - HKCU..\Run: [HKCU] C:\Windows\SysWOW64\default\svchost.exe ()
O4 - HKLM..\Run: []  File not found
[2011/03/05 17:53:42 | 000,000,000 | ---- | C] () -- C:\Users\Reinhard\AppData\Roaming\chrtmp
[2011/03/05 17:51:32 | 000,423,424 | -H-- | C] () -- C:\Users\Reinhard\AppData\Roaming\PScZ5PLBzGTt.exe
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.04.2011, 14:18   #6
Der Typ
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Hi Arne,

hier das OTL - Logfile. Der Rechner ist einmal neu gestartet.

Zitat:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Audio HD Driver not found.
File C:\Users\Reinhard\AppData\Local\Temp\PScZ5PLBzGTt.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU not found.
File C:\Windows\SysWOW64\default\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Reinhard\AppData\Roaming\chrtmp moved successfully.
File C:\Users\Reinhard\AppData\Roaming\PScZ5PLBzGTt.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Reinhard
->Temp folder emptied: 107188 bytes
->Temporary Internet Files folder emptied: 401859 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 47135578 bytes
->Flash cache emptied: 615 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1039556 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04022011_151227

Files\Folders moved on Reboot...
C:\Users\Reinhard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
lg
Tom

Alt 03.04.2011, 13:21   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.04.2011, 13:45   #8
Der Typ
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Hi!

Hier das Logfile von ComboFix:

Code:
ATTFilter
ComboFix 11-04-02.03 - Reinhard 03.04.2011  14:36:59.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4095.2630 [GMT 2:00]
ausgeführt von:: c:\users\Reinhard\Desktop\Cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Reinhard\AppData\Roaming\SetupAnyDVD6770.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-03 bis 2011-04-03  ))))))))))))))))))))))))))))))
.
.
2011-04-03 12:40 . 2011-04-03 12:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-27 11:25 . 2011-03-27 11:25	--------	d-----w-	c:\program files (x86)\ERUNT
2011-03-27 11:10 . 2011-03-27 11:10	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-27 11:10 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-27 11:10 . 2011-03-27 11:10	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-27 11:10 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-15 17:24 . 2001-09-05 03:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-03-15 17:24 . 2001-09-05 03:18	225280	------w-	c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
2011-03-15 17:24 . 2001-09-05 03:14	176128	------w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-03-15 17:24 . 2001-09-05 03:13	32768	------w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-03-15 17:24 . 2000-01-04 05:39	212992	----a-w-	c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-03-15 17:23 . 2002-12-09 14:42	32768	------w-	c:\windows\SysWow64\UleadPhotoExplorer8_Res.dll
2011-03-15 17:23 . 2002-11-01 13:28	24576	------w-	c:\windows\SysWow64\Ulead Photo Explorer 8.scr
2011-03-15 17:23 . 2011-03-15 17:23	--------	d-----w-	c:\program files (x86)\Ulead Systems
2011-03-15 17:23 . 2011-03-15 17:23	--------	d-----w-	c:\program files (x86)\Common Files\Ulead Systems
2011-03-15 17:22 . 2011-03-15 17:23	--------	d-----w-	c:\programdata\Ulead Systems
2011-03-15 17:22 . 2002-08-05 09:46	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\ctor.dll
2011-03-15 17:22 . 2002-08-02 02:10	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\DotNetInstaller.exe
2011-03-15 17:22 . 2002-08-02 01:20	634880	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iKernel.dll
2011-03-15 17:22 . 2002-08-02 01:20	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iscript.dll
2011-03-15 17:22 . 2002-08-02 01:20	151552	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\iuser.dll
2011-03-15 17:22 . 2011-03-15 17:22	270468	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setup.dll
2011-03-15 17:22 . 2011-03-15 17:22	159876	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0700\Intel32\IGdi.dll
2011-03-14 18:31 . 2011-03-14 18:31	--------	d-----w-	c:\programdata\WEBREG
2011-03-14 18:29 . 2010-01-06 13:33	253440	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpfpp101.dll
2011-03-14 18:28 . 2011-03-27 12:38	--------	d-----w-	c:\program files (x86)\Microsoft
2011-03-14 18:28 . 2011-03-14 18:28	--------	d-----w-	c:\program files (x86)\MSN Toolbar Installer
2011-03-14 18:27 . 2011-03-14 18:27	--------	d-----w-	c:\programdata\HP Product Assistant
2011-03-14 18:25 . 2011-03-14 18:25	--------	d-----w-	c:\program files (x86)\Common Files\HP
2011-03-14 18:25 . 2011-03-14 18:25	--------	d-----w-	c:\program files (x86)\Common Files\Hewlett-Packard
2011-03-14 18:24 . 2010-01-20 18:03	525440	----a-w-	c:\windows\system32\hposc_p04a.dll
2011-03-14 18:24 . 2010-01-20 18:03	1412224	----a-w-	c:\windows\system32\hpost_p04h.dll
2011-03-14 18:24 . 2010-01-20 18:03	1179776	----a-w-	c:\windows\system32\hposwia_p04h.dll
2011-03-14 18:24 . 2010-01-20 18:03	643200	----a-w-	c:\windows\system32\hpzids40.dll
2011-03-14 18:24 . 2010-01-06 13:33	138752	----a-w-	c:\windows\system32\hpf3l101.dll
2011-03-14 18:23 . 2011-03-14 18:28	--------	d-----w-	c:\program files (x86)\HP
2011-03-14 18:18 . 2011-03-14 18:30	--------	d-----w-	c:\programdata\HP
2011-03-10 18:31 . 2011-03-10 18:31	--------	d-----w-	c:\windows\Sun
2011-03-06 19:48 . 2011-03-06 19:48	--------	d-----r-	C:\MSOCache
2011-03-05 20:08 . 1999-05-20 14:07	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2011-03-05 20:08 . 1999-05-20 14:07	57344	----a-w-	c:\windows\SysWow64\MFC40LOC.DLL
2011-03-05 20:08 . 1999-05-20 14:07	33792	----a-w-	c:\windows\SysWow64\CMDLGDE.DLL
2011-03-05 20:08 . 1999-05-20 14:07	667136	----a-w-	c:\windows\SysWow64\oik32.ocx
2011-03-05 20:08 . 1999-05-20 14:07	61952	----a-w-	c:\windows\SysWow64\twiz32.ocx
2011-03-05 20:08 . 1999-05-20 14:07	140096	----a-w-	c:\windows\SysWow64\COMDLG32.OCX
2011-03-05 20:08 . 1999-05-20 14:07	1062704	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2011-03-05 20:08 . 2011-03-05 20:08	--------	d-----w-	c:\program files (x86)\DATA BECKER
2011-03-05 20:08 . 1999-05-20 14:07	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2011-03-05 20:07 . 1998-11-17 12:44	328704	----a-w-	c:\windows\IsUn0407.exe
2011-03-05 19:09 . 2011-03-05 19:11	--------	d-----w-	c:\programdata\VirtualizedApplications
2011-03-05 16:55 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-03-05 16:55 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-03-05 16:53 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2011-03-05 16:48 . 2010-10-27 05:18	5510528	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-03-05 16:46 . 2010-10-16 05:23	112000	----a-w-	c:\windows\system32\consent.exe
2011-03-05 16:36 . 2011-03-05 16:36	--------	d--h--w-	c:\programdata\CanonBJ
2011-03-05 16:36 . 2009-07-14 01:40	83968	----a-w-	c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL
2011-03-05 16:24 . 2011-03-05 16:25	--------	d-----w-	c:\users\Public\CyberLink
2011-03-05 16:12 . 2011-03-05 16:52	--------	d-----w-	c:\program files (x86)\Microsoft Application Virtualization Client
2011-03-05 16:08 . 2011-03-05 16:08	--------	d-----w-	c:\program files\Common Files\Canon
2011-03-05 15:56 . 2011-03-27 11:50	--------	d-sh--r-	c:\windows\SysWow64\default
2011-03-05 15:54 . 2011-03-05 15:54	--------	d-----w-	c:\programdata\SlySoft
2011-03-05 15:52 . 2011-03-05 15:54	--------	d-----w-	c:\program files (x86)\SlySoft
2011-03-05 15:51 . 2011-03-05 15:51	--------	d-----w-	c:\program files (x86)\Elaborate Bytes
2011-03-05 15:48 . 2011-03-05 15:48	--------	d-----w-	c:\programdata\Canneverbe Limited
2011-03-05 15:44 . 2011-01-10 13:23	83120	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-03-05 15:44 . 2011-01-10 13:23	116568	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-05 15:44 . 2011-03-05 15:44	--------	d-----w-	c:\programdata\Avira
2011-03-05 15:44 . 2011-03-05 15:44	--------	d-----w-	c:\program files (x86)\Avira
2011-03-05 15:32 . 2011-03-05 15:32	--------	d-----w-	c:\program files\CCleaner
2011-03-05 15:27 . 2011-03-05 15:28	--------	d-----w-	c:\users\Reinhard
2011-03-05 15:26 . 2011-03-05 15:26	--------	d-----w-	c:\program files\PlayReady
2011-03-05 15:26 . 2011-03-05 15:26	--------	d-----w-	c:\program files (x86)\Common Files\Protexis
2011-03-05 15:26 . 2011-03-05 15:26	--------	d-----w-	c:\programdata\Corel
2011-03-05 15:25 . 2011-03-05 15:25	--------	d-----w-	c:\program files (x86)\Common Files\Corel
2011-03-05 15:25 . 2011-03-05 15:25	--------	d-----w-	c:\program files (x86)\Corel
2011-03-05 15:24 . 2011-03-05 15:55	--------	d-----w-	c:\programdata\Partner
2011-03-05 15:24 . 2011-03-05 15:55	--------	d-----w-	c:\program files\Google
2011-03-05 15:24 . 2011-03-05 16:29	--------	d-----w-	c:\program files (x86)\Google
2011-03-05 15:22 . 2011-03-05 15:22	--------	d-sh--we	C:\Documents and Settings
2011-03-05 15:22 . 2011-03-05 15:22	--------	d-----w-	C:\Recovery
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-09 07:41 . 2010-06-24 18:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-01-13 4800120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-14 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Ulead AutoDetector"="c:\program files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-03-24 45056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Scanner Finder.lnk - c:\program files (x86)\ScanWizard 5\ScannerFinder.exe [2011-3-15 315392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JAVA"="c:\windows\java.vbs" [2010-11-17 83]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-22 11490408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aldi.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\Reinhard\AppData\Roaming\Mozilla\Firefox\Profiles\oio1xzk7.default\
FF - prefs.js: browser.startup.homepage - hxxp://webmail.ish.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-03  14:42:09
ComboFix-quarantined-files.txt  2011-04-03 12:42
.
Vor Suchlauf: 7 Verzeichnis(se), 1.351.764.492.288 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 1.351.501.680.640 Bytes frei
.
- - End Of File - - 15D8BB4BC7182016660EBDD7551C8C09
         
Ging wirklich flott

Alt 03.04.2011, 14:40   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.04.2011, 14:47   #10
Der Typ
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Hier das Kaspersky - Logfile:

Code:
ATTFilter
2011/04/03 15:43:32.0584 5020	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/03 15:43:33.0005 5020	================================================================================
2011/04/03 15:43:33.0005 5020	SystemInfo:
2011/04/03 15:43:33.0005 5020	
2011/04/03 15:43:33.0005 5020	OS Version: 6.1.7600 ServicePack: 0.0
2011/04/03 15:43:33.0005 5020	Product type: Workstation
2011/04/03 15:43:33.0005 5020	ComputerName: REINHARD-PC
2011/04/03 15:43:33.0005 5020	UserName: Reinhard
2011/04/03 15:43:33.0005 5020	Windows directory: C:\Windows
2011/04/03 15:43:33.0005 5020	System windows directory: C:\Windows
2011/04/03 15:43:33.0005 5020	Running under WOW64
2011/04/03 15:43:33.0005 5020	Processor architecture: Intel x64
2011/04/03 15:43:33.0005 5020	Number of processors: 4
2011/04/03 15:43:33.0005 5020	Page size: 0x1000
2011/04/03 15:43:33.0005 5020	Boot type: Normal boot
2011/04/03 15:43:33.0005 5020	================================================================================
2011/04/03 15:43:33.0536 5020	Initialize success
2011/04/03 15:43:42.0911 2660	================================================================================
2011/04/03 15:43:42.0911 2660	Scan started
2011/04/03 15:43:42.0911 2660	Mode: Manual; 
2011/04/03 15:43:42.0911 2660	================================================================================
2011/04/03 15:43:44.0487 2660	1394ohci        (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/03 15:43:44.0534 2660	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/03 15:43:44.0565 2660	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/03 15:43:44.0627 2660	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/03 15:43:44.0674 2660	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/03 15:43:44.0705 2660	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/03 15:43:44.0783 2660	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/03 15:43:44.0815 2660	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/03 15:43:44.0846 2660	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/03 15:43:44.0893 2660	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/03 15:43:44.0924 2660	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/03 15:43:45.0095 2660	amdkmdag        (82c2b429ef87cd3c40b2355fa86e26f7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/03 15:43:45.0361 2660	amdkmdap        (53431e0ed701de33d322e039c8a4e0ba) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/03 15:43:45.0407 2660	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/03 15:43:45.0439 2660	amdsata         (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/03 15:43:45.0470 2660	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/03 15:43:45.0485 2660	amdxata         (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/03 15:43:45.0517 2660	amd_sata        (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
2011/04/03 15:43:45.0532 2660	amd_xata        (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
2011/04/03 15:43:45.0610 2660	AnyDVD          (821e7e501226ee344fdb0f40ee46109d) C:\Windows\system32\Drivers\AnyDVD.sys
2011/04/03 15:43:45.0626 2660	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/03 15:43:45.0735 2660	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/03 15:43:45.0766 2660	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/03 15:43:45.0813 2660	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/03 15:43:45.0829 2660	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/03 15:43:45.0875 2660	AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
2011/04/03 15:43:45.0922 2660	AtiPcie         (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
2011/04/03 15:43:45.0969 2660	avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/03 15:43:46.0016 2660	avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/03 15:43:46.0078 2660	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/03 15:43:46.0109 2660	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/03 15:43:46.0156 2660	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/03 15:43:46.0187 2660	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/03 15:43:46.0219 2660	bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/03 15:43:46.0234 2660	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/03 15:43:46.0265 2660	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/03 15:43:46.0312 2660	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/03 15:43:46.0328 2660	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/03 15:43:46.0359 2660	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/03 15:43:46.0390 2660	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/03 15:43:46.0421 2660	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/03 15:43:46.0484 2660	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/03 15:43:46.0499 2660	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/03 15:43:46.0546 2660	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/03 15:43:46.0577 2660	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/03 15:43:46.0640 2660	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/03 15:43:46.0671 2660	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/03 15:43:46.0718 2660	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/03 15:43:46.0749 2660	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/03 15:43:46.0780 2660	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/03 15:43:46.0811 2660	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/03 15:43:46.0874 2660	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/03 15:43:46.0889 2660	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/03 15:43:46.0921 2660	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/03 15:43:46.0999 2660	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/03 15:43:47.0045 2660	Dot4Print       (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/03 15:43:47.0077 2660	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/03 15:43:47.0108 2660	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/03 15:43:47.0155 2660	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/03 15:43:47.0279 2660	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/03 15:43:47.0435 2660	ElbyCDFL        (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/04/03 15:43:47.0482 2660	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/04/03 15:43:47.0513 2660	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/03 15:43:47.0560 2660	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/03 15:43:47.0607 2660	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/03 15:43:47.0623 2660	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/03 15:43:47.0654 2660	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/03 15:43:47.0701 2660	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/03 15:43:47.0716 2660	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/03 15:43:47.0747 2660	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/03 15:43:47.0779 2660	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/03 15:43:47.0810 2660	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/03 15:43:47.0825 2660	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/03 15:43:47.0872 2660	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/03 15:43:47.0888 2660	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/03 15:43:47.0935 2660	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/03 15:43:47.0966 2660	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/03 15:43:47.0997 2660	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/03 15:43:48.0028 2660	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/03 15:43:48.0044 2660	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/03 15:43:48.0075 2660	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/03 15:43:48.0106 2660	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/03 15:43:48.0215 2660	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/03 15:43:48.0262 2660	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/03 15:43:48.0293 2660	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/03 15:43:48.0325 2660	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/03 15:43:48.0387 2660	iaStorV         (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/03 15:43:48.0418 2660	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/03 15:43:48.0512 2660	IntcAzAudAddService (cdb772f707ac24b43a20c821852ca61f) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/03 15:43:48.0637 2660	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/03 15:43:48.0668 2660	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/03 15:43:48.0683 2660	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/03 15:43:48.0730 2660	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/03 15:43:48.0761 2660	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/03 15:43:48.0793 2660	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/03 15:43:48.0824 2660	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/03 15:43:48.0855 2660	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/03 15:43:48.0871 2660	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/03 15:43:48.0917 2660	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/03 15:43:48.0949 2660	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/03 15:43:48.0980 2660	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/03 15:43:48.0995 2660	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/03 15:43:49.0042 2660	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/03 15:43:49.0089 2660	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/03 15:43:49.0120 2660	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/03 15:43:49.0151 2660	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/03 15:43:49.0229 2660	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/03 15:43:49.0354 2660	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/03 15:43:49.0432 2660	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/03 15:43:49.0479 2660	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/03 15:43:49.0526 2660	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/03 15:43:49.0541 2660	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/03 15:43:49.0573 2660	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/03 15:43:49.0604 2660	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/03 15:43:49.0619 2660	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/03 15:43:49.0666 2660	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/03 15:43:49.0682 2660	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/03 15:43:49.0729 2660	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/03 15:43:49.0775 2660	mrxsmb          (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/03 15:43:49.0791 2660	mrxsmb10        (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/03 15:43:49.0822 2660	mrxsmb20        (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/03 15:43:49.0853 2660	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/03 15:43:49.0869 2660	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/03 15:43:49.0900 2660	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/03 15:43:49.0916 2660	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/03 15:43:49.0963 2660	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/03 15:43:50.0009 2660	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/03 15:43:50.0025 2660	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/03 15:43:50.0041 2660	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/03 15:43:50.0056 2660	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/03 15:43:50.0087 2660	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/03 15:43:50.0119 2660	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/03 15:43:50.0150 2660	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/03 15:43:50.0165 2660	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/03 15:43:50.0197 2660	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/03 15:43:50.0243 2660	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/03 15:43:50.0290 2660	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/03 15:43:50.0337 2660	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/03 15:43:50.0353 2660	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/03 15:43:50.0368 2660	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/03 15:43:50.0384 2660	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/03 15:43:50.0431 2660	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/03 15:43:50.0446 2660	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/03 15:43:50.0477 2660	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/03 15:43:50.0509 2660	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/03 15:43:50.0524 2660	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/03 15:43:50.0602 2660	Ntfs            (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
2011/04/03 15:43:50.0665 2660	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/03 15:43:50.0711 2660	nusb3hub        (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/04/03 15:43:50.0774 2660	nusb3xhc        (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/04/03 15:43:51.0039 2660	nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/03 15:43:51.0351 2660	nvraid          (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/03 15:43:51.0398 2660	nvstor          (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/03 15:43:51.0460 2660	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/03 15:43:51.0507 2660	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/03 15:43:51.0569 2660	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/03 15:43:51.0616 2660	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/03 15:43:51.0647 2660	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/03 15:43:51.0694 2660	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/03 15:43:51.0725 2660	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/03 15:43:51.0741 2660	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/03 15:43:51.0757 2660	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/03 15:43:51.0866 2660	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/03 15:43:51.0897 2660	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/03 15:43:51.0928 2660	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/03 15:43:51.0991 2660	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/03 15:43:52.0084 2660	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/03 15:43:52.0115 2660	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/03 15:43:52.0131 2660	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/03 15:43:52.0162 2660	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/03 15:43:52.0178 2660	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/03 15:43:52.0209 2660	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/03 15:43:52.0225 2660	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/03 15:43:52.0240 2660	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/03 15:43:52.0271 2660	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/03 15:43:52.0303 2660	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/03 15:43:52.0318 2660	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/03 15:43:52.0349 2660	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/03 15:43:52.0365 2660	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/03 15:43:52.0396 2660	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/03 15:43:52.0443 2660	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/03 15:43:52.0474 2660	RTL8167         (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/03 15:43:52.0537 2660	RTL8192su       (4629c5c4772d223b0ecd1ea8ba7a2a33) C:\Windows\system32\DRIVERS\RTL8192su.sys
2011/04/03 15:43:52.0568 2660	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/03 15:43:52.0599 2660	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/03 15:43:52.0630 2660	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/03 15:43:52.0693 2660	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/03 15:43:52.0724 2660	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/03 15:43:52.0755 2660	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/03 15:43:52.0802 2660	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/03 15:43:52.0833 2660	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/03 15:43:52.0849 2660	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/03 15:43:52.0880 2660	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/03 15:43:52.0942 2660	Sftfs           (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/04/03 15:43:53.0020 2660	Sftplay         (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/04/03 15:43:53.0051 2660	Sftredir        (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/04/03 15:43:53.0083 2660	Sftvol          (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/04/03 15:43:53.0129 2660	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/03 15:43:53.0192 2660	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/03 15:43:53.0239 2660	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/03 15:43:53.0285 2660	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/03 15:43:53.0348 2660	srv             (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/03 15:43:53.0379 2660	srv2            (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/03 15:43:53.0410 2660	srvnet          (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/03 15:43:53.0441 2660	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/03 15:43:53.0488 2660	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/03 15:43:53.0582 2660	Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/03 15:43:53.0707 2660	TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/03 15:43:53.0753 2660	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/03 15:43:53.0769 2660	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/03 15:43:53.0785 2660	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/03 15:43:53.0816 2660	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/03 15:43:53.0847 2660	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/03 15:43:53.0878 2660	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/03 15:43:53.0909 2660	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/03 15:43:53.0941 2660	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/03 15:43:53.0972 2660	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/03 15:43:54.0019 2660	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/03 15:43:54.0065 2660	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/03 15:43:54.0081 2660	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/03 15:43:54.0128 2660	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/03 15:43:54.0143 2660	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/03 15:43:54.0175 2660	usbehci         (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/03 15:43:54.0221 2660	usbfilter       (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/04/03 15:43:54.0253 2660	usbhub          (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/03 15:43:54.0284 2660	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/03 15:43:54.0315 2660	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/03 15:43:54.0346 2660	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/03 15:43:54.0377 2660	USBSTOR         (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/03 15:43:54.0409 2660	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/03 15:43:54.0455 2660	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/03 15:43:54.0518 2660	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/03 15:43:54.0549 2660	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/03 15:43:54.0580 2660	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/03 15:43:54.0611 2660	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/03 15:43:54.0627 2660	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/03 15:43:54.0658 2660	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/03 15:43:54.0689 2660	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/03 15:43:54.0736 2660	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/03 15:43:54.0752 2660	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/04/03 15:43:54.0767 2660	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/03 15:43:54.0799 2660	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/03 15:43:54.0830 2660	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/03 15:43:54.0861 2660	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 15:43:54.0877 2660	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 15:43:54.0923 2660	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/03 15:43:54.0955 2660	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/03 15:43:55.0001 2660	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/03 15:43:55.0017 2660	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/03 15:43:55.0095 2660	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/03 15:43:55.0142 2660	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/03 15:43:55.0173 2660	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/03 15:43:55.0189 2660	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/03 15:43:55.0329 2660	================================================================================
2011/04/03 15:43:55.0329 2660	Scan finished
2011/04/03 15:43:55.0329 2660	================================================================================
         
Das Programm hat nichts gefunden Sind wir jetzt durch? Dank Dir schon mal für Deine Hilfe, echt top

Alt 03.04.2011, 15:47   #11
Der Typ
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Hi Arne,

habe auch noch GMER und OSAM laufen lassen, hier die Logfiles. Haben anscheinend auch nichts mehr gefunden.

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:52:11 on 03.04.2011

OS: Windows 7 Home Premium Edition (Build 7600), 64-bit
Default Browser: Mozilla Corporation Firefox 4.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Cofi\catchme.sys  (File not found)
"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\Windows\System32\Drivers\ElbyCDFL.sys
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys
"iaStor" (iaStor) - ? - C:\Windows\system32\DRIVERS\iaStor.sys  (File not found)
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{8EF5DC20-419C-4E43-A088-DE5B5625CA47} "{8EF5DC20-419C-4E43-A088-DE5B5625CA47}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\Windows\SysWow64\OGACheckControl.DLL / hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Reinhard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
"Scanner Finder.lnk" - ? - C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AnyDVD" - "SlySoft, Inc." - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"CloneCDTray" - "SlySoft, Inc." - "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Microsoft Default Manager" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Ulead AutoDetector" - "Ulead Systems, Inc." - C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
Muss jetzt los, d.h. ich bin nicht mehr am Rechner meiner Bekannten. Falls ich noch was laufen lassen sollte las es mich wissen, das kann ich aber erst nächste Woche wieder machen. Dank Dir schon mal für Deine Hilfe

Geändert von Der Typ (03.04.2011 um 15:53 Uhr)

Alt 03.04.2011, 16:01   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.04.2011, 10:34   #13
Der Typ
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Hi Arne,

sorry für die späte Meldung, die beiden Logs (Malwarebytes und SASW) sind clean Kann dir diese nicht posten, da ich dieses WE nicht bei den Bekannten gewesen bin und diese beide Programme (nach Update) haben laufen lassen.

Dank Dir nochmals für Deine Hilfe, echt top

CU!

Alt 11.04.2011, 12:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen - Standard

TR/Dropper.Gen



Ok. Noch Probleme oder wieder alles ok?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/Dropper.Gen
aktiviert, antivir, automatisch, bekannte, entferne, extras, firewall, gefunde, hallo zusammen, meldung, rechner, start, tr/dropper.gen, troja, trojaner/virus, weiteren, windows, windows 7, windows firewall, zusammen



Ähnliche Themen: TR/Dropper.Gen


  1. (mehrere) Trojanermeldung(en) AVG (Win8.1) : "Trojaner: Dropper.Generic2.ANGG.dropper"
    Log-Analyse und Auswertung - 11.07.2014 (3)
  2. TR/Dropper.Gen
    Log-Analyse und Auswertung - 01.12.2011 (15)
  3. TR/Dropper.Gen
    Log-Analyse und Auswertung - 17.05.2011 (7)
  4. Trojaner TR/ Dropper.Gen u. Trojaner TR/ Dropper.Gen2 entfernt, dennoch überlastung
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (9)
  5. TR/Dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 12.01.2010 (11)
  6. TR/Dropper.gen
    Log-Analyse und Auswertung - 16.12.2009 (20)
  7. Dropper.Gen Log
    Log-Analyse und Auswertung - 12.12.2009 (1)
  8. TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 13.11.2009 (10)
  9. TR / Dropper :gen
    Log-Analyse und Auswertung - 12.11.2009 (1)
  10. TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 06.11.2009 (3)
  11. 2x TR/dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 29.10.2009 (2)
  12. TR/Dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 21.10.2009 (0)
  13. TR/dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 05.08.2009 (1)
  14. Dropper.gen
    Log-Analyse und Auswertung - 16.04.2009 (7)
  15. TR\Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 14.04.2009 (57)
  16. Dropper.Gen
    Log-Analyse und Auswertung - 06.04.2009 (0)
  17. tr/dropper gen
    Mülltonne - 23.09.2008 (0)

Zum Thema TR/Dropper.Gen - Hallo zusammen, bei meinen Bekannten wurde auf dem Windows 7 Rechner der Trojaner/Virus TR/Dropper.Gen von AntiVir gefunden. Antivir kann diesen aber nicht entfernen. Des Weiteren kommt bei jedem Start die - TR/Dropper.Gen...
Archiv
Du betrachtest: TR/Dropper.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.