| |
| |||||||
Log-Analyse und Auswertung: Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
30.03.2011, 00:07
| #1 |
 |  Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Hallo, ich habe seit einigen Tagen ein Problem mit den oben genannten Schädlingen. Es fing an, als ich eine Website besuchte & kurz danach mein Browser (Firefox) abstürzte. Habe mir nichts dabei gedacht, da er desöfteren mal abstürzt. Am nächsten Tag als ich den PC anmachte, kamen dann zum ersten mal Meldungen von AntiVir, dass sowohl Ramnit.C und HTML/Drop.Agent.AB gefunden wurden. Als ich die Meldung entweder mit "Löschen" oder "Zugriff verweigern" schloss, kamen direkt 2 Neue. Es waren immer nur HTML-Dateien. Der Ordner war immer "Temporary Internet Files" in C://Users/***/AppData/blablabla.. Hier war jedoch nichts, darauf entdeckte ich den versteckten Ordner "content.IE5". Google-Recherchen haben ergeben dass dieser Ordner unbedenklich geleert werden kann. Dies habe ich getan und es war Ruhe. Später am selben Tag kamen die Meldungen wieder, diesmal aus einem anderen "Temp" Ordner (ebenfalls ein "Temp. Internet Files" Unterordner war dort drin). Nachdem ich diesen auch geleert habe war wieder Ruhe. Heute morgen kamen erneut Meldungen, jedoch von einer .EXE Datei in einem weiteren Temp-Ordner. Nachdem ich diese löschte war Ruhe bis jetzt. Alle Funde waren immer in Unterordnern des Verzeichnisses C://Users/***/AppData, nie außerhalb von diesem Verzeichnis. Ich hoffe ich habe es verständlich genug erklärt, auch wenn es ein wenig verwirrend klingt. Nun würde ich gerne wissen, ob mein System infiziert ist und ich irgendetwas Bösartiges auf dem Rechner habe oder ob ich die vereinzelten Dateien schnell genug entsorgt habe ohne dass sich etwas groß ausgeweitet habe, falls das überhaupt möglich ist. Mir ist nämlich durchaus klar, dass es nicht unbedingt heißt dass es weg ist, nur weil die Anzeichen und Meldungen dafür weg sind. Ich habe nun mal die benötigten Scans gemacht und würde mich freuen wenn jemand sich das mal angucken konnte, ob sich da was eingenistet hat. Windows 7 läuft ca seit einem halben Jahr und habe seitdem noch keine Scans oder so durchgeführt, hatte aber auch noch nie Probleme. Schon einmal vielen Dank im Vorraus! Otl.txt Code:
ATTFilter OTL logfile created on: 29.03.2011 23:52:01 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*****\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,00 Mb Total Physical Memory | 71,00 Mb Available Physical Memory | 14,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,69 Gb Total Space | 8,66 Gb Free Space | 11,30% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.03.29 23:42:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2011.03.23 20:38:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.09.23 19:14:29 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.09.23 19:14:29 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe ========== Modules (SafeList) ========== MOD - [2011.03.29 23:42:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe MOD - [2010.12.18 07:29:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.04 00:06:52 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.09.23 19:14:29 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.09.23 19:14:29 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV - [2010.10.03 15:54:15 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.12.07 23:07:06 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.23 19:14:29 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2007.06.25 11:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM) DRV - [2006.11.08 04:09:00 | 000,077,772 | R--- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rockusb.sys -- (rockusb) DRV - [2006.11.02 01:36:42 | 001,523,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.09.28 14:10:52 | 000,011,648 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gggen.sys -- (gggen) DRV - [2003.10.15 17:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 7D A3 40 C0 E8 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009 FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009.10.28 20:51:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.23 20:38:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.23 20:38:38 | 000,000,000 | ---D | M] [2009.08.24 00:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2011.03.29 19:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions [2009.12.28 02:35:46 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011.01.06 18:55:08 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2011.01.11 13:44:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.02.10 19:41:25 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2011.01.06 18:55:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.07.05 21:19:21 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011.02.10 19:43:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.02.10 19:42:28 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\firebug@software.joehewitt.com [2011.02.10 19:43:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\foxyproxy@eric.h.jung [2010.10.31 16:39:39 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\nasanightlaunch@example.com [2010.10.31 16:39:49 | 000,000,000 | ---D | M] (Personas) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\personas@christopher.beard [2010.10.24 18:57:25 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\tpowwhbj.default\extensions\vshare@toolbar [2009.10.28 20:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.08.26 00:08:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.06.27 13:31:54 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.27 13:31:54 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.27 13:31:54 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.27 13:31:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.27 13:31:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.10 22:44:49 | 000,001,190 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 images.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 mermaidconsulting.dk # alcohol 120% O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Programme\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk - C:\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe - (Philips) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Lexmark 1200 Series - hkey= - key= - File not found MsConfig - StartUpReg: NapsterShell - hkey= - key= - File not found MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Valve\Steam\Steam.exe (Valve Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2011.03.29 23:50:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.03.29 23:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.03.29 23:50:06 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.03.29 23:41:36 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\*****\Desktop\Erunt-setup.exe [2011.03.29 23:41:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.03.29 23:41:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\TFC.exe [2011.03.28 02:59:10 | 000,000,000 | ---D | C] -- C:\Users\*****\kskkabxn [2011.03.27 22:25:04 | 002,066,439 | ---- | C] (murb.com ) -- C:\Users\*****\Desktop\ICQ Status Checker 1.7 Setup.exe [2011.03.15 18:35:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\iphone-bilder [2011.03.06 18:52:53 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Silla - Sillainstinkt (2011) [2011.03.02 17:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2011.03.02 17:20:57 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES [2010.03.12 04:47:48 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll [2010.03.12 04:47:48 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll [2010.03.12 04:47:48 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll [2010.03.12 04:47:48 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll [2010.03.12 04:47:48 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll [2010.03.12 04:47:48 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll [2010.03.12 04:47:48 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll [2010.03.12 04:47:48 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll [2010.03.12 04:47:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll [2010.03.12 04:47:47 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll [2010.03.12 04:47:47 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll [2010.03.12 04:47:47 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe [2010.03.12 04:47:47 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll [2010.03.12 04:47:47 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe [2010.03.12 04:47:47 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe ========== Files - Modified Within 30 Days ========== [2011.03.29 23:50:08 | 000,000,894 | ---- | M] () -- C:\Users\*****\Desktop\NTREGOPT.lnk [2011.03.29 23:50:08 | 000,000,875 | ---- | M] () -- C:\Users\*****\Desktop\ERUNT.lnk [2011.03.29 23:42:47 | 000,301,568 | ---- | M] () -- C:\Users\*****\Desktop\g2m3e4r.exe [2011.03.29 23:42:36 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\*****\Desktop\Erunt-setup.exe [2011.03.29 23:42:14 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\TFC.exe [2011.03.29 23:42:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.03.29 23:37:43 | 000,377,280 | ---- | M] () -- C:\Users\*****\Desktop\Load.exe [2011.03.29 23:08:08 | 000,019,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.29 23:08:08 | 000,019,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.29 22:57:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.29 22:57:22 | 402,104,320 | -HS- | M] () -- C:\hiberfil.sys [2011.03.28 16:19:14 | 000,648,466 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.28 16:19:14 | 000,611,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.28 16:19:14 | 000,128,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.28 16:19:14 | 000,105,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.28 02:24:05 | 002,092,375 | ---- | M] () -- C:\Users\*****\Desktop\Norris_kittens.gif [2011.03.27 22:24:00 | 002,042,105 | ---- | M] () -- C:\Users\*****\Desktop\icq_status_checker17.zip [2011.03.24 19:40:39 | 000,349,173 | ---- | M] () -- C:\Users\*****\Desktop\Deutsch_-_Abi_.pdf [2011.03.22 17:47:29 | 000,407,095 | ---- | M] () -- C:\Users\*****\Desktop\193551_173517192699699_100001242598946_430179_7930050_o.jpg [2011.03.16 01:03:30 | 000,080,374 | ---- | M] () -- C:\Users\*****\Desktop\01_breno_gross.jpg [2011.03.15 18:56:02 | 000,613,401 | ---- | M] () -- C:\Users\*****\Desktop\Unbenannt2.png [2011.03.15 18:50:00 | 000,656,921 | ---- | M] () -- C:\Users\*****\Desktop\Unbenannt.png [2011.03.15 18:05:00 | 001,128,402 | ---- | M] () -- C:\Users\*****\Desktop\haftbefehl.wav [2011.03.13 18:01:53 | 000,000,124 | ---- | M] () -- C:\Users\*****\Documents\ax_files.xml [2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\*****\Desktop\Anleitung.html [2011.03.11 23:19:58 | 002,979,245 | ---- | M] () -- C:\Users\*****\Desktop\Echte Musik- H.A.F.T [Full Version_High Quality] Haftbefehl.mp3 [2011.03.11 23:13:31 | 002,855,947 | ---- | M] () -- C:\Users\*****\Desktop\Criz feat Haftbefehl Unter Tatverdacht.mp3 [2011.03.11 23:06:27 | 001,235,799 | ---- | M] () -- C:\Users\*****\Desktop\jaftcriut.rar [2011.03.11 23:05:10 | 006,376,571 | ---- | M] () -- C:\Users\*****\Desktop\Haftbefehl feat. Twin, Criz & Silla - Columbine.mp3 [2011.03.10 20:08:15 | 000,048,286 | ---- | M] () -- C:\Users\*****\Desktop\IMG_0109 (Large).JPG [2011.03.10 19:48:46 | 002,810,562 | ---- | M] () -- C:\Users\*****\Desktop\IMG_0109.JPG_effected.jpg [2011.03.10 19:33:05 | 008,559,997 | ---- | M] () -- C:\Users\*****\Desktop\IMG_0109.JPG [2011.03.08 01:24:39 | 000,005,912 | ---- | M] () -- C:\Users\*****\Desktop\c366cc4f0ddea1a830a8cb42187f7f11.dlc [2011.03.04 23:22:05 | 166,689,481 | ---- | M] () -- C:\Users\*****\Desktop\Si-Sill.rar [2011.03.02 17:27:42 | 000,000,532 | ---- | M] () -- C:\Windows\eReg.dat [2011.03.02 17:27:21 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk ========== Files Created - No Company Name ========== [2011.03.29 23:50:08 | 000,000,894 | ---- | C] () -- C:\Users\*****\Desktop\NTREGOPT.lnk [2011.03.29 23:50:08 | 000,000,875 | ---- | C] () -- C:\Users\*****\Desktop\ERUNT.lnk [2011.03.29 23:41:37 | 000,301,568 | ---- | C] () -- C:\Users\*****\Desktop\g2m3e4r.exe [2011.03.29 23:37:11 | 000,377,280 | ---- | C] () -- C:\Users\*****\Desktop\Load.exe [2011.03.28 02:24:05 | 002,092,375 | ---- | C] () -- C:\Users\*****\Desktop\Norris_kittens.gif [2011.03.27 22:22:48 | 002,042,105 | ---- | C] () -- C:\Users\*****\Desktop\icq_status_checker17.zip [2011.03.24 19:40:33 | 000,349,173 | ---- | C] () -- C:\Users\*****\Desktop\Deutsch_-_Abi_.pdf [2011.03.22 17:47:08 | 000,407,095 | ---- | C] () -- C:\Users\*****\Desktop\193551_173517192699699_100001242598946_430179_7930050_o.jpg [2011.03.16 01:03:30 | 000,080,374 | ---- | C] () -- C:\Users\*****\Desktop\01_breno_gross.jpg [2011.03.15 18:56:01 | 000,613,401 | ---- | C] () -- C:\Users\*****\Desktop\Unbenannt2.png [2011.03.15 18:47:55 | 000,656,921 | ---- | C] () -- C:\Users\*****\Desktop\Unbenannt.png [2011.03.15 18:04:59 | 001,128,402 | ---- | C] () -- C:\Users\*****\Desktop\haftbefehl.wav [2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\*****\Desktop\Anleitung.html [2011.03.11 23:19:01 | 002,979,245 | ---- | C] () -- C:\Users\*****\Desktop\Echte Musik- H.A.F.T [Full Version_High Quality] Haftbefehl.mp3 [2011.03.11 23:12:15 | 002,855,947 | ---- | C] () -- C:\Users\*****\Desktop\Criz feat Haftbefehl Unter Tatverdacht.mp3 [2011.03.11 23:07:30 | 001,430,288 | ---- | C] () -- C:\Users\*****\Desktop\Criz feat Haftbefehl Unter Tatverdacht.mp3 [2011.03.11 23:06:05 | 001,235,799 | ---- | C] () -- C:\Users\*****\Desktop\jaftcriut.rar [2011.03.11 23:02:37 | 006,376,571 | ---- | C] () -- C:\Users\*****\Desktop\Haftbefehl feat. Twin, Criz & Silla - Columbine.mp3 [2011.03.10 20:08:14 | 000,048,286 | ---- | C] () -- C:\Users\*****\Desktop\IMG_0109 (Large).JPG [2011.03.10 19:47:42 | 002,810,562 | ---- | C] () -- C:\Users\*****\Desktop\IMG_0109.JPG_effected.jpg [2011.03.10 19:29:54 | 008,559,997 | ---- | C] () -- C:\Users\*****\Desktop\IMG_0109.JPG [2011.03.08 01:24:37 | 000,005,912 | ---- | C] () -- C:\Users\*****\Desktop\c366cc4f0ddea1a830a8cb42187f7f11.dlc [2011.03.04 22:14:59 | 166,689,481 | ---- | C] () -- C:\Users\*****\Desktop\Si-Sill.rar [2011.03.02 17:46:39 | 003,462,144 | ---- | C] () -- C:\Users\*****\Desktop\BF1942MiniImage-RixN.mdf [2011.03.02 17:46:39 | 000,000,682 | ---- | C] () -- C:\Users\*****\Desktop\BF1942MiniImage-RixN.mds [2011.03.02 17:27:42 | 000,000,532 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.02 17:27:21 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk [2011.01.31 22:15:06 | 000,000,600 | ---- | C] () -- C:\Users\*****\AppData\Roaming\winscp.rnd [2010.07.19 21:42:43 | 000,000,871 | ---- | C] () -- C:\Users\*****\AppData\Local\Tempwconfig.vbs [2010.07.07 15:07:17 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.06.11 14:50:28 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe [2010.06.11 14:50:28 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe [2010.06.11 14:50:27 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe [2010.06.09 18:34:21 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2010.04.30 17:42:57 | 000,000,144 | ---- | C] () -- C:\Users\*****\AppData\Roaming\default.pls [2010.03.12 04:47:48 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll [2010.03.12 04:47:48 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll [2010.02.23 23:00:41 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.10 18:42:23 | 000,000,076 | ---- | C] () -- C:\Windows\dellstat.ini [2009.09.10 18:42:14 | 000,000,092 | ---- | C] () -- C:\Windows\lexstat.ini [2009.09.06 23:27:13 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2009.09.04 16:32:58 | 000,000,017 | ---- | C] () -- C:\Users\*****\AppData\Local\resmon.resmoncfg [2009.08.27 21:04:44 | 000,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll [2009.08.27 21:04:32 | 000,811,835 | ---- | C] () -- C:\Windows\System32\ff_x264.dll [2009.08.27 21:03:52 | 004,456,201 | ---- | C] () -- C:\Windows\System32\libavcodec.dll [2009.08.25 20:07:36 | 000,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll [2009.08.25 19:38:04 | 000,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2009.08.25 18:56:56 | 000,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.08.25 18:37:02 | 000,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2009.08.23 22:39:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.08.23 18:18:43 | 000,233,472 | ---- | C] () -- C:\Windows\System32\cmirmdrv.exe [2009.08.23 18:18:43 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmirmdrv.dll [2009.08.23 18:16:02 | 000,003,305 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.08.11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe [2009.07.14 10:47:43 | 000,648,466 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,128,724 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,285,992 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,611,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,105,314 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.06.02 19:15:44 | 000,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll [2009.06.02 19:15:18 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll [2009.06.02 19:15:04 | 000,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll [2009.06.02 19:14:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll [2009.06.02 19:14:30 | 000,486,400 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll [2009.06.02 19:13:58 | 000,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll [2009.06.02 19:13:50 | 000,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll [2009.06.02 19:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll [2009.06.02 19:11:16 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.01.11 00:17:32 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll [2009.01.11 00:16:56 | 000,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll [2009.01.11 00:16:50 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll [2009.01.11 00:16:14 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll [2009.01.11 00:16:04 | 000,335,872 | ---- | C] () -- C:\Windows\System32\gdsmux.exe [2009.01.11 00:15:54 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll [2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll [2009.01.11 00:15:36 | 000,103,424 | ---- | C] () -- C:\Windows\System32\dsmux.exe [2009.01.11 00:15:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll [2009.01.11 00:15:28 | 000,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll [2009.01.11 00:15:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll [2009.01.11 00:15:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe [2009.01.11 00:14:08 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll [2009.01.11 00:14:06 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll [2008.12.04 00:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini [2007.02.07 19:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini [2006.06.07 15:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll [2006.03.07 13:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll [2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll [2006.01.10 19:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll [2002.08.08 06:11:30 | 000,319,488 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe [2000.03.29 16:17:42 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.10.23 18:43:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity [2010.07.03 12:53:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Bump Technologies, Inc [2010.01.05 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CoSoSys [2010.07.07 15:01:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite [2010.02.24 00:04:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dev-Cpp [2010.03.08 20:34:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\flightgear.org [2010.03.08 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\fltk.org [2009.10.19 22:18:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GrabPro [2011.03.29 18:28:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ [2010.04.15 23:15:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ImgBurn [2010.03.16 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ManyCam [2009.09.16 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MyPhoneExplorer [2009.10.19 22:44:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Orbit [2010.11.18 23:27:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Weaverslave [2011.02.06 18:40:39 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.03.29 19:13:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.02.19 15:45:25 | 000,000,000 | ---D | M] -- C:\0e43fd6a2253abe81638137a78ad3e [2011.03.28 21:52:44 | 000,000,000 | ---D | M] -- C:\1f5e52860a533b3ecbc90fbfae094d7a [2009.10.15 01:47:26 | 000,000,000 | ---D | M] -- C:\ATI [2009.08.23 18:35:52 | 000,000,000 | -HSD | M] -- C:\Boot [2010.09.28 12:52:21 | 000,000,000 | ---D | M] -- C:\c1743efabefd10f84ef0 [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.08.23 17:46:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.10.19 22:36:10 | 000,000,000 | ---D | M] -- C:\downloads [2010.03.12 04:46:41 | 000,000,000 | ---D | M] -- C:\lexmark [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2009.10.28 20:49:42 | 000,000,000 | ---D | M] -- C:\Philips [2011.03.29 23:50:06 | 000,000,000 | R--D | M] -- C:\Programme [2010.11.13 19:50:27 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.08.23 17:46:27 | 000,000,000 | -HSD | M] -- C:\Programme [2009.08.23 17:46:28 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.03.29 18:40:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.10.28 20:58:12 | 000,000,000 | ---D | M] -- C:\temp [2009.08.23 17:46:53 | 000,000,000 | R--D | M] -- C:\Users [2011.03.29 23:50:50 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-29 16:41:22 ========== Alternate Data Streams ========== @Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0 < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.03.2011 23:52:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*****\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,00 Mb Total Physical Memory | 71,00 Mb Available Physical Memory | 14,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 57,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,69 Gb Total Space | 8,66 Gb Free Space | 11,30% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.4 Build #4561 Banner Remover 1.1
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Ultra Edition HD
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.106.00
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71414EC2-0684-4A15-A85A-E0E259D117AF}" = Microangelo Toolset 6
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0A8A6F-FC9E-796F-CC5D-290161F8E92A}" = ATI Catalyst Install Manager
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AF7EA205-4E09-4889-B58F-16B02707E841}" = SmartStore.biz 3.5
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1" = Shutdown Manager
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{E9A5B341-167D-4042-8854-46F671F94049}" = Medieval CUE Splitter
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1B1BB41-2494-4FC2-BEF7-9C282B6815A8}" = Image Resizer Powertoy Clone for Windows
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AVIConverter" = AVIConverter 5.1.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DivX Setup.divx.com" = DivX-Setup
"D-Link VGA Webcam" = D-Link VGA Webcam
"Easy Video Downloader_is1" = Easy Video Downloader v. 2.0
"EAX Unified" = EAX Unified
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLV Player" = FLV Player 2.0 (build 25)
"GoldWave v5.50" = GoldWave v5.50
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 1.1.0.12
"ImgBurn" = ImgBurn
"JDownloader" = JDownloader
"Lexmark 1200 Series" = Lexmark 1200 Series
"MacroX" = MacroX 3.1
"Mafia" = Mafia
"Mafia Game" = Mafia Game
"ManyCam" = ManyCam 2.4 (remove only)
"Media Player - Codec Pack" = Media Player Codec Pack 3.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"Polipo" = Polipo 1.0.4.1
"QIP 2005 8095 Jeak-Edition" = QIP 2005 8095 Jeak-Edition
"San Andreas Radio_is1" = San Andreas Radio V1.0
"SopCast" = SopCast 3.3.2
"ThiefGoldDeinstallKey" = Dark Project: Der Meisterdieb Director's Cut
"Tor" = Tor 0.2.1.26
"Vidalia" = Vidalia 0.2.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.03.2011 13:47:56 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 9.0.0.2823,
Zeitstempel: 0x3720dbd6 Name des fehlerhaften Moduls: WINWORD.EXE, Version: 9.0.0.2823,
Zeitstempel: 0x3720dbd6 Ausnahmecode: 0xc0000094 Fehleroffset: 0x003889d7 ID des fehlerhaften
Prozesses: 0xc80 Startzeit der fehlerhaften Anwendung: 0x01cbea4b83f906fd Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft Office\Office\WINWORD.EXE Berichtskennung:
d968acb4-563e-11e0-b147-00138f4a0910
Error - 24.03.2011 15:52:09 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 25.03.2011 11:20:14 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 27.03.2011 20:59:37 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.4095,
Zeitstempel: 0x000707f3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00028ab2 ID des fehlerhaften
Prozesses: 0x13c Startzeit der fehlerhaften Anwendung: 0x01cbecaf461daf0c Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: a6a42c2a-58d6-11e0-80f2-00138f4a0910
Error - 28.03.2011 11:17:20 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\sony
ericsson\sony ericsson pc suite\Drivers\DPInst64.exe". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.03.2011 12:21:21 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.4.0.4561, Zeitstempel:
0x000707f3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x20041b06 ID des fehlerhaften Prozesses:
0x8cc Startzeit der fehlerhaften Anwendung: 0x01cbed5236c6b7e4 Pfad der fehlerhaften
Anwendung: C:\Program Files\ICQ7.4\ICQ.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
6a876746-5957-11e0-8903-00138f4a0910
Error - 28.03.2011 14:52:52 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 9.0.0.2823,
Zeitstempel: 0x000707f3 Name des fehlerhaften Moduls: WINWORD.EXE, Version: 9.0.0.2823,
Zeitstempel: 0x000707f3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003a2a74 ID des fehlerhaften
Prozesses: 0x850 Startzeit der fehlerhaften Anwendung: 0x01cbed79499cacec Pfad der
fehlerhaften Anwendung: C:\Program Files\Microsoft Office\Office\WINWORD.EXE Pfad
des fehlerhaften Moduls: C:\Program Files\Microsoft Office\Office\WINWORD.EXE Berichtskennung:
9575f3da-596c-11e0-a0f2-00138f4a0910
Error - 28.03.2011 15:55:07 | Computer Name = *****-PC | Source = System Restore | ID = 8210
Description =
Error - 29.03.2011 12:22:50 | Computer Name = *****-PC | Source = System Restore | ID = 8210
Description =
Error - 29.03.2011 13:02:29 | Computer Name = *****-PC | Source = System Restore | ID = 8209
Description =
[ System Events ]
Error - 29.03.2011 12:30:57 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Defender" wurde nicht richtig gestartet.
Error - 29.03.2011 12:33:17 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 29.03.2011 12:35:14 | Computer Name = *****-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 29.03.2011 12:35:18 | Computer Name = *****-PC | Source = ati2mtag | ID = 52225
Description =
Error - 29.03.2011 16:57:28 | Computer Name = *****-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?03.?2011 um 20:44:28 unerwartet heruntergefahren.
Error - 29.03.2011 16:57:16 | Computer Name = *****-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 29.03.2011 16:57:24 | Computer Name = *****-PC | Source = ati2mtag | ID = 52225
Description =
Error - 29.03.2011 17:14:50 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PLFlash DeviceIoControl Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 29.03.2011 17:18:01 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 29.03.2011 17:20:35 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-30 00:39:22
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ExcelStor_Technology_J880 rev.PF2OA21B
Running: g2m3e4r.exe; Driver: C:\Users\*****\AppData\Local\Temp\ugloipog.sys
---- System - GMER 1.0.15 ----
SSDT 8DFFA3CC ZwCreateThread
SSDT 8DFFA3B8 ZwOpenProcess
SSDT 8DFFA3BD ZwOpenThread
SSDT 8DFFA3C7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A45589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A6A092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82A7195C 4 Bytes [CC, A3, FF, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82A71AF8 4 Bytes [B8, A3, FF, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 508 82A71B18 4 Bytes [BD, A3, FF, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82A71DC8 4 Bytes [C7, A3, FF, 8D]
.text sptd.sys 86A03000 8 Bytes [A6, F1, E1, 82, A0, 57, E1, ...]
.text sptd.sys 86A03009 23 Bytes [57, E1, 82, 48, 7B, E1, 82, ...]
.text sptd.sys 86A03024 4 Bytes [32, 25, B3, 86]
.text sptd.sys 86A0302C 188 Bytes [4C, 3D, C6, 82, 15, 44, C0, ...]
.text sptd.sys 86A030E9 235 Bytes [0B, A4, 82, 1C, 8E, AB, 82, ...]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x86AFAD38]
? C:\Windows\System32\Drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload 8C825CA0 5 Bytes JMP 85113410
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 83FDA1F8
Device \Driver\usbuhci \Device\USBPDO-0 85117430
Device \Driver\usbuhci \Device\USBPDO-1 85117430
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-2 85117430
Device \Driver\usbuhci \Device\USBPDO-3 85117430
Device \Driver\usbehci \Device\USBPDO-4 8511B430
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 8505B430
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 83FD71F8
Device \Driver\atapi \Device\Ide\IdePort0 83FD71F8
Device \Driver\atapi \Device\Ide\IdePort1 83FD71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 83FD71F8
Device \Driver\cdrom \Device\CdRom1 8505B430
Device \Driver\cdrom \Device\CdRom2 8505B430
Device \Driver\cdrom \Device\CdRom3 8505B430
Device \Driver\NetBT \Device\NetBt_Wins_Export 8508F430
Device \Driver\PCI_PNP1390 \Device\0000004b sptd.sys
Device \Driver\vsmraid \Device\RaidPort0 83FD81F8
Device \Driver\usbuhci \Device\USBFDO-0 85117430
Device \Driver\usbuhci \Device\USBFDO-1 85117430
Device \Driver\usbuhci \Device\USBFDO-2 85117430
Device \Driver\usbuhci \Device\USBFDO-3 85117430
Device \Driver\usbehci \Device\USBFDO-4 8511B430
Device \Driver\asfjs438 \Device\Scsi\asfjs4381Port3Path0Target1Lun0 85133430
Device \Driver\asfjs438 \Device\Scsi\asfjs4381Port3Path0Target0Lun0 85133430
Device \Driver\asfjs438 \Device\Scsi\asfjs4381 85133430
Device \Driver\asfjs438 \Device\Scsi\asfjs4381Port3Path0Target2Lun0 85133430
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD2 0x47 0x6D 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0x13 0xAD 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x69 0x93 0x5F 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6B 0xD6 0xBC 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x2E 0x89 0x3B 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC7 0x7C 0x03 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0x13 0xAD 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x69 0x93 0x5F 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6B 0xD6 0xBC 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x2E 0x89 0x3B 0x4B ...
---- Files - GMER 1.0.15 ----
File C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb 0 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6209
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
30.03.2011 01:33:38
mbam-log-2011-03-30 (01-33-38).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146292
Laufzeit: 11 Minute(n), 0 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Geändert von henneh (30.03.2011 um 00:36 Uhr) |
|
31.03.2011, 14:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
31.03.2011, 18:45
| #3 |
| | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Nein, das war das erste Mal, dass ich einen Scan durchgeführt habe, ältere Logs existieren nicht. Habe aber nochmal einen Vollscan durchgeführt, da der aus dem ersten Post nur ein Quickscan war.
__________________Habe die ICQ-Nummern in den Ordnernamen unkenntlich gemacht, ist aber eigentlich nur eines von diesen Scherzprogrammen, dass ich schon seit Jahren im ICQ Ordner habe. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6224
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
31.03.2011 17:55:34
mbam-log-2011-03-31 (17-55-34).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 252813
Laufzeit: 1 Stunde(n), 24 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\*****\Desktop\Sachen\ICQ Lite\*****\*****\spass.exe (PUP.Joke.Schock) -> Quarantined and deleted successfully.
|
|
31.03.2011, 19:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
[2010.02.19 15:45:25 | 000,000,000 | ---D | M] -- C:\0e43fd6a2253abe81638137a78ad3e
[2011.03.28 21:52:44 | 000,000,000 | ---D | M] -- C:\1f5e52860a533b3ecbc90fbfae094d7a
[2010.09.28 12:52:21 | 000,000,000 | ---D | M] -- C:\c1743efabefd10f84ef0
[2010.06.11 14:50:28 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe
[2010.06.11 14:50:28 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe
[2010.06.11 14:50:27 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe
[2010.07.19 21:42:43 | 000,000,871 | ---- | C] () -- C:\Users\*****\AppData\Local\Tempwconfig.vbs
[2011.03.28 02:59:10 | 000,000,000 | ---D | C] -- C:\Users\*****\kskkabxn
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.03.2011, 22:48
| #5 |
| | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Hier der Log nach dem OTL-Fix: Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:8FF81EB0 deleted successfully.
C:\0e43fd6a2253abe81638137a78ad3e folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\Graphics folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\Client folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\3082 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\3076 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\2070 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\2052 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1055 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1053 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1049 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1046 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1045 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1044 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1043 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1042 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1041 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1040 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1038 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1037 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1036 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1035 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1033 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1032 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1031 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1030 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1029 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1028 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a\1025 folder moved successfully.
C:\1f5e52860a533b3ecbc90fbfae094d7a folder moved successfully.
C:\c1743efabefd10f84ef0 folder moved successfully.
C:\Windows\sel3110.exe moved successfully.
C:\Windows\amcap.exe moved successfully.
C:\Windows\CleanDev.exe moved successfully.
C:\Users\*****\AppData\Local\Tempwconfig.vbs moved successfully.
C:\Users\*****\kskkabxn folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: *****
->Temp folder emptied: 377936 bytes
->Temporary Internet Files folder emptied: 30793747 bytes
->Java cache emptied: 618636 bytes
->FireFox cache emptied: 101440857 bytes
->Flash cache emptied: 4060 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 127,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 03312011_233627
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
01.04.2011, 13:16
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? |
|
01.04.2011, 14:21
| #7 |
| | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Hier die Log von ComboFix: Code:
ATTFilter ComboFix 11-03-31.04 - ***** 01.04.2011 14:56:31.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.511.164 [GMT 2:00]
ausgeführt von:: c:\users\*****\Desktop\cofi.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-01 bis 2011-04-01 ))))))))))))))))))))))))))))))
.
.
2011-04-01 13:11 . 2011-04-01 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-29 21:50 . 2011-03-29 21:50 -------- d-----w- c:\program files\ERUNT
2011-03-29 16:21 . 2011-04-01 12:28 -------- d-----w- c:\windows\system32\wbem\repository
2011-03-09 17:23 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:23 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 17:22 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 17:22 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 17:22 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 17:22 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 17:22 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 17:22 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 17:22 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-02 15:26 . 1998-06-17 17:07 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
2011-03-02 15:20 . 2011-03-02 15:22 -------- d-----w- c:\program files\EA GAMES
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 05:45 . 2011-02-09 13:08 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2009-10-03 13:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:31 . 2011-02-23 11:45 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 11:45 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-09 13:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33 . 2011-02-09 13:09 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:37 . 2011-02-09 13:12 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:37 . 2011-02-09 13:12 2329088 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-02-10 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 06:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-10 23:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 13:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2007-11-20 13:29 360448 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 17:42 1242448 ----a-w- c:\program files\Valve\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-25 22:08 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AMDMSRIO;AMDMSRIO;c:\users\*****\AppData\Local\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys [x]
R3 gggen;Generic USB Flash Driver;c:\windows\system32\DRIVERS\gggen.sys [2006-09-28 11648]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-11-08 77772]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-03 436792]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-09-23 108289]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\tpowwhbj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-ICQ - c:\program files\ICQ7.0\ICQ.exe
MSConfigStartUp-Lexmark 1200 Series - c:\program files\Lexmark 1200 Series\lxczbmgr.exe
MSConfigStartUp-NapsterShell - c:\program files\Napster\napster.exe
AddRemove-D-Link VGA Webcam - c:\windows\CleanDev.exe
AddRemove-NeroVision!UninstallKey - c:\windows\UNNeroVision.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-01 15:16:04
ComboFix-quarantined-files.txt 2011-04-01 13:16
.
Vor Suchlauf: 11 Verzeichnis(se), 12.238.970.880 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.021.170.176 Bytes frei
.
- - End Of File - - 91D76EE8A5ACD7EC70594C183F6F303A
|
|
01.04.2011, 14:46
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.04.2011, 14:59
| #9 |
| | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? 1 wurde entdeckt, habe aber nichts gemacht und das bei skip gelassen. Code:
ATTFilter 2011/04/01 15:52:34.0836 1960 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/01 15:52:35.0649 1960 ================================================================================
2011/04/01 15:52:35.0649 1960 SystemInfo:
2011/04/01 15:52:35.0649 1960
2011/04/01 15:52:35.0649 1960 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/01 15:52:35.0649 1960 Product type: Workstation
2011/04/01 15:52:35.0649 1960 ComputerName: *****-PC
2011/04/01 15:52:35.0649 1960 UserName: *****
2011/04/01 15:52:35.0649 1960 Windows directory: C:\Windows
2011/04/01 15:52:35.0649 1960 System windows directory: C:\Windows
2011/04/01 15:52:35.0649 1960 Processor architecture: Intel x86
2011/04/01 15:52:35.0649 1960 Number of processors: 1
2011/04/01 15:52:35.0649 1960 Page size: 0x1000
2011/04/01 15:52:35.0649 1960 Boot type: Normal boot
2011/04/01 15:52:35.0649 1960 ================================================================================
2011/04/01 15:52:46.0946 1960 Initialize success
2011/04/01 15:52:56.0508 3636 ================================================================================
2011/04/01 15:52:56.0508 3636 Scan started
2011/04/01 15:52:56.0508 3636 Mode: Manual;
2011/04/01 15:52:56.0508 3636 ================================================================================
2011/04/01 15:52:56.0915 3636 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/01 15:52:57.0102 3636 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/01 15:52:57.0243 3636 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/01 15:52:57.0383 3636 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/01 15:52:57.0540 3636 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/01 15:52:57.0665 3636 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/01 15:52:57.0836 3636 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/01 15:52:57.0961 3636 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/01 15:52:58.0086 3636 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/01 15:52:58.0258 3636 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/01 15:52:58.0368 3636 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/01 15:52:58.0477 3636 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/01 15:52:58.0618 3636 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/01 15:52:58.0852 3636 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/01 15:52:58.0977 3636 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/01 15:52:59.0133 3636 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/01 15:52:59.0274 3636 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/01 15:52:59.0430 3636 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/01 15:52:59.0649 3636 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/01 15:52:59.0758 3636 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/01 15:52:59.0899 3636 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/01 15:53:00.0008 3636 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/01 15:53:00.0196 3636 ati2mtag (e36d69e40c1db6a0f6ae9e3e68ba775a) C:\Windows\system32\DRIVERS\ati2mtag.sys
2011/04/01 15:53:00.0430 3636 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/01 15:53:00.0555 3636 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/01 15:53:00.0696 3636 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/01 15:53:00.0883 3636 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/01 15:53:01.0040 3636 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/01 15:53:01.0211 3636 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/01 15:53:01.0477 3636 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/01 15:53:01.0633 3636 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/01 15:53:01.0758 3636 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/01 15:53:01.0883 3636 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/01 15:53:02.0024 3636 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/01 15:53:02.0149 3636 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/01 15:53:02.0258 3636 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/01 15:53:02.0399 3636 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/01 15:53:02.0524 3636 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/01 15:53:02.0790 3636 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/01 15:53:02.0930 3636 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/01 15:53:03.0086 3636 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/01 15:53:03.0196 3636 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/01 15:53:03.0383 3636 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/01 15:53:03.0508 3636 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/01 15:53:03.0680 3636 cmuda (e5adeef2c0db43964223f408f1fcc97e) C:\Windows\system32\drivers\cmuda.sys
2011/04/01 15:53:03.0852 3636 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/01 15:53:03.0993 3636 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/01 15:53:04.0133 3636 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/01 15:53:04.0274 3636 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/01 15:53:04.0446 3636 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/01 15:53:04.0633 3636 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/01 15:53:04.0774 3636 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/01 15:53:04.0930 3636 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/01 15:53:05.0118 3636 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/01 15:53:05.0258 3636 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/01 15:53:05.0524 3636 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/01 15:53:05.0821 3636 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/01 15:53:05.0946 3636 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/01 15:53:06.0118 3636 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/01 15:53:06.0243 3636 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/01 15:53:06.0368 3636 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/01 15:53:06.0555 3636 FETNDIS (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys
2011/04/01 15:53:06.0665 3636 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/01 15:53:06.0805 3636 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/01 15:53:06.0915 3636 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/01 15:53:07.0102 3636 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/01 15:53:07.0274 3636 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/01 15:53:07.0399 3636 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/01 15:53:07.0540 3636 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/01 15:53:07.0665 3636 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/01 15:53:07.0821 3636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/01 15:53:07.0961 3636 gggen (47740536b261eeb6fae5c16ef2fd769c) C:\Windows\system32\DRIVERS\gggen.sys
2011/04/01 15:53:08.0086 3636 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/01 15:53:08.0211 3636 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/01 15:53:08.0336 3636 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/01 15:53:08.0446 3636 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/01 15:53:08.0602 3636 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/01 15:53:08.0743 3636 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/01 15:53:08.0915 3636 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/01 15:53:09.0040 3636 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/01 15:53:09.0180 3636 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/01 15:53:09.0305 3636 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/01 15:53:09.0461 3636 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/01 15:53:09.0618 3636 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/01 15:53:09.0774 3636 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/01 15:53:09.0883 3636 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/01 15:53:10.0024 3636 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/01 15:53:10.0165 3636 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/01 15:53:10.0305 3636 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/01 15:53:10.0446 3636 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/01 15:53:10.0571 3636 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/01 15:53:10.0696 3636 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/01 15:53:10.0836 3636 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/01 15:53:10.0961 3636 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/01 15:53:11.0102 3636 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/01 15:53:11.0227 3636 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/01 15:53:11.0430 3636 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/01 15:53:11.0602 3636 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/01 15:53:11.0743 3636 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/01 15:53:11.0883 3636 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/01 15:53:12.0008 3636 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/01 15:53:12.0149 3636 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/01 15:53:12.0336 3636 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
2011/04/01 15:53:12.0493 3636 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/01 15:53:12.0633 3636 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/01 15:53:12.0790 3636 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/01 15:53:12.0946 3636 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/01 15:53:13.0071 3636 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/01 15:53:13.0227 3636 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/01 15:53:13.0336 3636 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/01 15:53:13.0461 3636 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/01 15:53:13.0586 3636 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/01 15:53:13.0743 3636 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/01 15:53:13.0868 3636 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/01 15:53:14.0008 3636 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/01 15:53:14.0149 3636 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/01 15:53:14.0274 3636 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/01 15:53:14.0399 3636 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/01 15:53:14.0571 3636 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/01 15:53:14.0696 3636 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/01 15:53:14.0821 3636 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/01 15:53:14.0977 3636 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/01 15:53:15.0102 3636 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/01 15:53:15.0243 3636 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/01 15:53:15.0368 3636 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/01 15:53:15.0508 3636 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/01 15:53:15.0618 3636 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/01 15:53:15.0743 3636 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/01 15:53:15.0868 3636 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/01 15:53:16.0008 3636 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/01 15:53:16.0149 3636 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/01 15:53:16.0305 3636 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/01 15:53:16.0430 3636 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/01 15:53:16.0555 3636 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/01 15:53:16.0680 3636 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/01 15:53:16.0836 3636 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/01 15:53:16.0993 3636 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/01 15:53:17.0149 3636 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/01 15:53:17.0352 3636 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/01 15:53:17.0540 3636 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/01 15:53:17.0665 3636 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/01 15:53:17.0852 3636 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/01 15:53:17.0993 3636 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/01 15:53:18.0118 3636 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/01 15:53:18.0243 3636 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/01 15:53:18.0383 3636 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/01 15:53:18.0508 3636 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/01 15:53:18.0649 3636 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\Windows\system32\Drivers\ov519vid.sys
2011/04/01 15:53:18.0821 3636 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/01 15:53:18.0930 3636 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/01 15:53:19.0071 3636 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/01 15:53:19.0211 3636 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/01 15:53:19.0336 3636 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/01 15:53:19.0461 3636 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/01 15:53:19.0602 3636 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/01 15:53:19.0727 3636 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/01 15:53:20.0055 3636 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/01 15:53:20.0180 3636 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/01 15:53:20.0336 3636 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/01 15:53:20.0508 3636 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/01 15:53:20.0665 3636 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/01 15:53:20.0790 3636 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/01 15:53:20.0915 3636 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/01 15:53:21.0040 3636 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/01 15:53:21.0180 3636 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/01 15:53:21.0321 3636 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/01 15:53:21.0446 3636 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/01 15:53:21.0571 3636 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/01 15:53:21.0711 3636 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/01 15:53:21.0852 3636 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/01 15:53:21.0993 3636 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/01 15:53:22.0133 3636 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/01 15:53:22.0274 3636 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/01 15:53:22.0399 3636 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/01 15:53:22.0540 3636 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/01 15:53:22.0711 3636 rockusb (068832f52bc5926f8c7833915d6dcaa5) C:\Windows\system32\DRIVERS\rockusb.sys
2011/04/01 15:53:22.0883 3636 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/01 15:53:23.0055 3636 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
2011/04/01 15:53:23.0180 3636 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/01 15:53:23.0321 3636 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/01 15:53:23.0446 3636 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/01 15:53:23.0618 3636 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/01 15:53:23.0805 3636 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/01 15:53:23.0930 3636 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/01 15:53:24.0040 3636 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/01 15:53:24.0211 3636 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/01 15:53:24.0321 3636 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/01 15:53:24.0446 3636 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/01 15:53:24.0555 3636 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/01 15:53:24.0711 3636 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/01 15:53:24.0821 3636 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/01 15:53:24.0946 3636 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/01 15:53:25.0118 3636 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/01 15:53:25.0352 3636 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2011/04/01 15:53:25.0352 3636 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/04/01 15:53:25.0383 3636 sptd - detected Locked file (1)
2011/04/01 15:53:25.0508 3636 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/01 15:53:25.0649 3636 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/01 15:53:25.0790 3636 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/01 15:53:25.0946 3636 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/01 15:53:26.0133 3636 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/01 15:53:26.0274 3636 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/01 15:53:26.0399 3636 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/01 15:53:26.0524 3636 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/01 15:53:26.0758 3636 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/01 15:53:26.0961 3636 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/01 15:53:27.0133 3636 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/01 15:53:27.0243 3636 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/01 15:53:27.0352 3636 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/01 15:53:27.0477 3636 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/01 15:53:27.0586 3636 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/01 15:53:27.0805 3636 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/01 15:53:27.0946 3636 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/01 15:53:28.0055 3636 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/01 15:53:28.0180 3636 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/01 15:53:28.0336 3636 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/01 15:53:28.0477 3636 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/01 15:53:28.0586 3636 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/01 15:53:28.0774 3636 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/01 15:53:28.0930 3636 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/04/01 15:53:29.0196 3636 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/01 15:53:29.0540 3636 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/01 15:53:29.0665 3636 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/01 15:53:29.0805 3636 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/01 15:53:29.0946 3636 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/01 15:53:30.0071 3636 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/01 15:53:30.0196 3636 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/01 15:53:30.0305 3636 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/01 15:53:30.0430 3636 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/01 15:53:30.0571 3636 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/01 15:53:30.0711 3636 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/01 15:53:30.0836 3636 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/01 15:53:30.0961 3636 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/01 15:53:31.0102 3636 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/01 15:53:31.0211 3636 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/01 15:53:31.0368 3636 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/01 15:53:31.0493 3636 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/01 15:53:31.0618 3636 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/01 15:53:31.0743 3636 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/01 15:53:31.0868 3636 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/01 15:53:31.0993 3636 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/01 15:53:32.0133 3636 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/01 15:53:32.0274 3636 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/01 15:53:32.0430 3636 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/01 15:53:32.0571 3636 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/01 15:53:32.0602 3636 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/01 15:53:32.0790 3636 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/01 15:53:32.0915 3636 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/01 15:53:33.0165 3636 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/01 15:53:33.0274 3636 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/01 15:53:33.0524 3636 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/01 15:53:33.0649 3636 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/01 15:53:33.0852 3636 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/01 15:53:34.0024 3636 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/01 15:53:34.0165 3636 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/01 15:53:34.0305 3636 ================================================================================
2011/04/01 15:53:34.0305 3636 Scan finished
2011/04/01 15:53:34.0305 3636 ================================================================================
2011/04/01 15:53:34.0352 2072 Detected object count: 1
2011/04/01 15:54:04.0008 2072 Locked file(sptd) - User select action: Skip
2011/04/01 15:54:08.0524 2840 ================================================================================
|
|
01.04.2011, 15:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.04.2011, 18:51
| #11 |
| | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? So, habe alle drei Scans durchgeführt. Bei Osam war einiges Rot gefärbt, hoffe mal ist nichts schlimmes  Gmer-Log: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-01 19:25:53
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ExcelStor_Technology_J880 rev.PF2OA21B
Running: g2m3e4r.exe; Driver: C:\Users\*****\AppData\Local\Temp\ugloipog.sys
---- System - GMER 1.0.15 ----
SSDT 8C92C314 ZwCreateThread
SSDT 8C92C300 ZwOpenProcess
SSDT 8C92C305 ZwOpenThread
SSDT 8C92C30F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A4F589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A74092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82A7B95C 4 Bytes [14, C3, 92, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82A7BAF8 4 Bytes [00, C3, 92, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 508 82A7BB18 1 Byte [05]
.text ntkrnlpa.exe!RtlSidHashLookup + 508 82A7BB18 4 Bytes [05, C3, 92, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82A7BDC8 4 Bytes [0F, C3, 92, 8C]
.text sptd.sys 86A34000 8 Bytes [A6, 91, E2, 82, A0, F7, E1, ...]
.text sptd.sys 86A34009 23 Bytes [F7, E1, 82, 48, 1B, E2, 82, ...]
.text sptd.sys 86A34024 4 Bytes [32, 35, B6, 86]
.text sptd.sys 86A3402C 188 Bytes [4C, DD, C6, 82, 15, E4, C0, ...]
.text sptd.sys 86A340E9 235 Bytes [AB, A4, 82, 1C, 2E, AC, 82, ...]
.text ...
.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x86B2BD38]
? C:\Windows\System32\Drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload 8BEF9CA0 5 Bytes JMP 850EF410
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
? C:\Users\*****\AppData\Local\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 83FDA1F8
Device \Driver\usbuhci \Device\USBPDO-0 850F3430
Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-1 850F3430
Device \Driver\usbuhci \Device\USBPDO-2 850F3430
Device \Driver\usbuhci \Device\USBPDO-3 850F3430
Device \Driver\usbehci \Device\USBPDO-4 850FB430
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 8503F430
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 83FD71F8
Device \Driver\atapi \Device\Ide\IdePort0 83FD71F8
Device \Driver\atapi \Device\Ide\IdePort1 83FD71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 83FD71F8
Device \Driver\cdrom \Device\CdRom1 8503F430
Device \Driver\cdrom \Device\CdRom2 8503F430
Device \Driver\cdrom \Device\CdRom3 8503F430
Device \Driver\NetBT \Device\NetBt_Wins_Export 85073430
Device \Driver\PCI_PNP6372 \Device\0000004b sptd.sys
Device \Driver\vsmraid \Device\RaidPort0 83FD81F8
Device \Driver\usbuhci \Device\USBFDO-0 850F3430
Device \Driver\usbuhci \Device\USBFDO-1 850F3430
Device \Driver\usbuhci \Device\USBFDO-2 850F3430
Device \Driver\usbuhci \Device\USBFDO-3 850F3430
Device \Driver\usbehci \Device\USBFDO-4 850FB430
Device \Driver\NetBT \Device\NetBT_Tcpip_{209D62F5-A7AB-4BC9-9B13-5BF7B985813A} 85073430
Device \Driver\a1e6jqqg \Device\Scsi\a1e6jqqg1Port3Path0Target2Lun0 85103430
Device \Driver\a1e6jqqg \Device\Scsi\a1e6jqqg1Port3Path0Target0Lun0 85103430
Device \Driver\a1e6jqqg \Device\Scsi\a1e6jqqg1 85103430
Device \Driver\a1e6jqqg \Device\Scsi\a1e6jqqg1Port3Path0Target1Lun0 85103430
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF8 0x1D 0xAC 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0x13 0xAD 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x69 0x93 0x5F 0x97 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6B 0xD6 0xBC 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x2E 0x89 0x3B 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC3 0xF2 0xE0 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x66 0x13 0xAD 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x69 0x93 0x5F 0x97 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x6B 0xD6 0xBC 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x2E 0x89 0x3B 0x4B ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:36:01 on 01.04.2011 OS: Windows 7 Ultimate Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "AxSWindC.cpl" - "Alcohol Soft Development Team" - C:\Windows\system32\AxSWindC.cpl "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "vp6dec_settings.cpl" - ? - C:\Windows\system32\vp6dec_settings.cpl (File found, but it contains no detailed information) "vp7dec_settings.cpl" - ? - C:\Windows\system32\vp7dec_settings.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a1e6jqqg" (a1e6jqqg) - "Advanced Micro Devices" - C:\Windows\system32\drivers\a1e6jqqg.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "AMDMSRIO" (AMDMSRIO) - ? - C:\Users\*****\AppData\Local\Temp\{55638DD9-D5A9-11D3-B74B-204C4F4F5020}\AMDMSRIO.sys (File not found) "ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\Windows\System32\DRIVERS\ati2mtag.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\*****\AppData\Local\Temp\catchme.sys (File not found) "Driver for rockusb Device" (rockusb) - "Fuzhou Rockchip Electronics Co,Ltd." - C:\Windows\System32\DRIVERS\rockusb.sys "Generic USB Flash Driver" (gggen) - "Sony Ericsson Mobile Communications" - C:\Windows\System32\DRIVERS\gggen.sys "mbr" (mbr) - ? - C:\cofi\mbr.sys (Hidden registry entry, rootkit activity | File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "ugloipog" (ugloipog) - ? - C:\Users\*****\AppData\Local\Temp\ugloipog.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Windows\system32\mmfinfo.dll (File found, but it contains no detailed information) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL {4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "PhotoToysClone" - "Brice Lambson" - C:\Program Files\Brice Lambson\PhotoToysClone\PhotoToysClone.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {11222041-111B-46E3-BD29-EFB2449479B1} "IEPlugin Class" - "ArcSoft, Inc." - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "1200 Series Port" - " " - C:\Windows\system32\lxczlmpm.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "lxcz_device" (lxcz_device) - " " - C:\Windows\system32\lxczcoms.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "StarWind AE Service" (StarWindServiceAE) - "StarWind Software" - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 192):
0x82A0C000 \SystemRoot\system32\ntkrnlpa.exe
0x82E1C000 \SystemRoot\system32\halmacpi.dll
0x80B9D000 \SystemRoot\system32\kdcom.dll
0x86813000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8681E000 \SystemRoot\system32\PSHED.dll
0x8682F000 \SystemRoot\system32\BOOTVID.dll
0x86837000 \SystemRoot\system32\CLFS.SYS
0x86879000 \SystemRoot\system32\CI.dll
0x86924000 \SystemRoot\system32\drivers\Wdf01000.sys
0x86995000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x86A33000 \SystemRoot\System32\Drivers\sptd.sys
0x86B46000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x86B4F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x86B75000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x86BBD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x86BC5000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x86BD0000 \SystemRoot\system32\DRIVERS\pci.sys
0x86A00000 \SystemRoot\System32\drivers\partmgr.sys
0x86A11000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x869A3000 \SystemRoot\System32\drivers\volmgrx.sys
0x86A21000 \SystemRoot\system32\DRIVERS\viaide.sys
0x869EE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x86C35000 \SystemRoot\System32\drivers\mountmgr.sys
0x86C4B000 \SystemRoot\system32\DRIVERS\atapi.sys
0x86C54000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x86C77000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x86C9C000 \SystemRoot\system32\DRIVERS\storport.sys
0x86CE3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x86CEC000 \SystemRoot\system32\drivers\fltmgr.sys
0x86D20000 \SystemRoot\system32\drivers\fileinfo.sys
0x86E03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86F32000 \SystemRoot\System32\Drivers\msrpc.sys
0x86F5D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86F70000 \SystemRoot\System32\Drivers\cng.sys
0x86FCD000 \SystemRoot\System32\drivers\pcw.sys
0x86FDB000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x86D31000 \SystemRoot\system32\drivers\ndis.sys
0x87003000 \SystemRoot\system32\drivers\NETIO.SYS
0x87041000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x87066000 \SystemRoot\System32\drivers\tcpip.sys
0x871AF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x871E0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x87233000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x87272000 \SystemRoot\System32\Drivers\spldr.sys
0x8727A000 \SystemRoot\System32\drivers\rdyboost.sys
0x872A7000 \SystemRoot\System32\Drivers\mup.sys
0x872B7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x872BF000 \SystemRoot\system32\DRIVERS\gagp30kx.sys
0x872D0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x87302000 \SystemRoot\system32\DRIVERS\disk.sys
0x87313000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8736A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87389000 \SystemRoot\System32\Drivers\Null.SYS
0x87390000 \SystemRoot\System32\Drivers\Beep.SYS
0x87397000 \SystemRoot\System32\drivers\vga.sys
0x873A3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x873C4000 \SystemRoot\System32\drivers\watchdog.sys
0x873D1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x873D9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x873E1000 \SystemRoot\system32\drivers\rdprefmp.sys
0x873E9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x87200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8720E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x87225000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BC3F000 \SystemRoot\system32\drivers\afd.sys
0x8BC99000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BCCB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8BCD2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BCF1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BD19000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8BD2C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BD3C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8BD42000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BD83000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BD8D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8BD97000 \SystemRoot\System32\drivers\discache.sys
0x8BE0C000 \SystemRoot\system32\drivers\csc.sys
0x8BE70000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BE88000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8BE96000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8BEB2000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8BEB4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AC33000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0x8ADB6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8ADBC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BED5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ADC7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C01F000 \SystemRoot\system32\drivers\cmuda.sys
0x8C165000 \SystemRoot\system32\drivers\portcls.sys
0x8C194000 \SystemRoot\system32\drivers\drmk.sys
0x8C1AD000 \SystemRoot\system32\drivers\ks.sys
0x8C1E1000 \SystemRoot\system32\DRIVERS\fetnd6.sys
0x8BF20000 \SystemRoot\System32\Drivers\a1e6jqqg.SYS
0x8C1EC000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8C000000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8C00D000 \SystemRoot\system32\DRIVERS\ManyCam.sys
0x8ADD6000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8ADE4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8AC00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C013000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BF59000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AC18000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8BF7B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8BF92000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ADF6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8BFA9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BFB6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C1FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8BFC3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BDA3000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BFD1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8BFE2000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BFEF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BE00000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x8BDE7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x96300000 \SystemRoot\System32\win32k.sys
0x8BC00000 \SystemRoot\System32\drivers\Dxapi.sys
0x96550000 \SystemRoot\System32\drivers\dxg.sys
0x8BC0A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96580000 \SystemRoot\System32\TSDDD.dll
0x96290000 \SystemRoot\System32\ati2dvag.dll
0x96590000 \SystemRoot\System32\ati2cqag.dll
0x96200000 \SystemRoot\System32\atikvmag.dll
0x88500000 \SystemRoot\System32\ati3duag.dll
0x888A0000 \SystemRoot\System32\ativvaxx.dll
0x8BC15000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8BC20000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8BC33000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AC30000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BCFF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x87338000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8BD0A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8734F000 \SystemRoot\system32\drivers\luafv.sys
0x871E9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x86FE4000 \SystemRoot\system32\drivers\WudfPf.sys
0x86DE8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x86C00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97A0C000 \SystemRoot\system32\drivers\HTTP.sys
0x97A91000 \SystemRoot\system32\DRIVERS\bowser.sys
0x97AAA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97ABC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x97ADF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x97B1A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x97B4D000 \SystemRoot\system32\drivers\peauth.sys
0x97BE4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x86C13000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x97BEE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E829000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E878000 \SystemRoot\System32\DRIVERS\srv.sys
0x9E933000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x9E935000 \??\C:\Users\*****\AppData\Local\Temp\catchme.sys
0x9E9C0000 \??\C:\Users\*****\AppData\Local\Temp\ugloipog.sys
0x77D00000 \Windows\System32\ntdll.dll
0x48260000 \Windows\System32\smss.exe
0x77F40000 \Windows\System32\apisetschema.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x00B70000 \Windows\System32\autochk.exe
0x77F10000 \Windows\System32\sechost.dll
0x77B00000 \Windows\System32\iertutil.dll
0x77E60000 \Windows\System32\rpcrt4.dll
0x779C0000 \Windows\System32\urlmon.dll
0x77930000 \Windows\System32\clbcatq.dll
0x77E50000 \Windows\System32\nsi.dll
0x77910000 \Windows\System32\imm32.dll
0x77840000 \Windows\System32\msctf.dll
0x777B0000 \Windows\System32\oleaut32.dll
0x77750000 \Windows\System32\difxapi.dll
0x76B00000 \Windows\System32\shell32.dll
0x76A60000 \Windows\System32\advapi32.dll
0x77E40000 \Windows\System32\lpk.dll
0x76A10000 \Windows\System32\Wldap32.dll
0x76A00000 \Windows\System32\psapi.dll
0x769F0000 \Windows\System32\normaliz.dll
0x76920000 \Windows\System32\user32.dll
0x76870000 \Windows\System32\msvcrt.dll
0x76830000 \Windows\System32\ws2_32.dll
0x76750000 \Windows\System32\kernel32.dll
0x76700000 \Windows\System32\gdi32.dll
0x76680000 \Windows\System32\comdlg32.dll
0x76650000 \Windows\System32\imagehlp.dll
0x764F0000 \Windows\System32\ole32.dll
0x763F0000 \Windows\System32\wininet.dll
0x76350000 \Windows\System32\usp10.dll
0x761B0000 \Windows\System32\setupapi.dll
0x76150000 \Windows\System32\shlwapi.dll
0x76120000 \Windows\System32\cfgmgr32.dll
0x760F0000 \Windows\System32\wintrust.dll
0x76060000 \Windows\System32\comctl32.dll
0x76040000 \Windows\System32\devobj.dll
0x75F20000 \Windows\System32\crypt32.dll
0x75ED0000 \Windows\System32\KernelBase.dll
0x75EC0000 \Windows\System32\msasn1.dll
Processes (total 44):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
348 csrss.exe
388 C:\Windows\System32\wininit.exe
396 csrss.exe
436 C:\Windows\System32\winlogon.exe
480 C:\Windows\System32\services.exe
492 C:\Windows\System32\lsass.exe
500 C:\Windows\System32\lsm.exe
600 C:\Windows\System32\svchost.exe
676 C:\Windows\System32\svchost.exe
724 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\spoolsv.exe
1320 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1340 C:\Windows\System32\svchost.exe
1440 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1464 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1488 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1532 C:\Program Files\Bonjour\mDNSResponder.exe
1584 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\lxczcoms.exe
1648 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
1720 C:\Windows\System32\IoctlSvc.exe
1748 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
1784 C:\Windows\System32\svchost.exe
2088 C:\Windows\System32\taskhost.exe
2200 C:\Windows\System32\dwm.exe
2408 C:\Windows\System32\rundll32.exe
2424 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2600 C:\Windows\System32\SearchIndexer.exe
2804 C:\Program Files\Windows Media Player\wmpnetwk.exe
3040 C:\Windows\System32\svchost.exe
3976 C:\Windows\System32\svchost.exe
1472 C:\Windows\explorer.exe
880 C:\Program Files\Mozilla Firefox\firefox.exe
3688 C:\Windows\System32\audiodg.exe
672 C:\Users\*****\Desktop\MBRCheck.exe
3500 C:\Windows\System32\conhost.exe
3672 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ExcelStorTechnologyJ880, Rev: PF2OA21B
Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
01.04.2011, 19:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2011, 00:23
| #13 |
| | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Das Programm SUPER AntiSpyware ist bei mir jedes Mal nach dem Starten abgestürzt. Es hat sich immer wieder beim Update-Fenster aufgehangen, deshalb konnte ich den Scan nicht durchführen. MBAM hat beim Vollscan nichts gefunden, während des Scans kamen jedoch Meldungen von AntiVir, danach habe ich AntiVir ausgeschaltet. Die Meldungen von AntiVir poste ich hier ebenfalls mit. MBAM: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6240
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
02.04.2011 00:51:07
mbam-log-2011-04-02 (00-51-07).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 255811
Laufzeit: 2 Stunde(n), 24 Minute(n), 50 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter In der Datei 'C:\lexmark\drivers\1200\Applications\AIOC\LXCZcfg.dll'
wurde ein Virus oder unerwünschtes Programm 'W32/Ramnit.C' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\lexmark\drivers\1200\Applications\AIOC\LXCZcfg.dll'
wurde ein Virus oder unerwünschtes Programm 'W32/Ramnit.C' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\lexmark\drivers\1200\drivers\win_xp2k\i386\LXCZcoin.dll'
wurde ein Virus oder unerwünschtes Programm 'W32/Ramnit.C' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
In der Datei 'C:\lexmark\drivers\1200\drivers\win_xp2k\i386\LXCZhcp.dll'
wurde ein Virus oder unerwünschtes Programm 'W32/Ramnit.C' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
AntiVir Guard wurde deaktiviert.
|
|
02.04.2011, 13:51
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Sind Fehlalarme => Treiber von Lexmark! Hast du was von Lexmark, Drucker/Scanner?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2011, 17:53
| #15 |
| | Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? Ja, hatte mal einen Lexmark Drucker, da der aber nicht mehr existiert, hab ich die Treiber & das Programm nun gelöscht. |
|
| Themen zu Ramnit.C & HTML/Drop.Agent.AB gefunden; erst Ruhe, nun vereinzelte Meldungen - Befall? |
| 0x00000001, adblock, adobe, alternate, antivir, autorun, avgntflt.sys, avira, bho, bonjour, browser, converter, defender, downloader, error, explorer, firefox, flash player, format, install.exe, internet, jdownloader, langs, launch, location, locker, logfile, mozilla, nicht gefunden, ntdll.dll, oldtimer, plug-in, problem, prozessor, registry, rundll, saver, searchplugins, security, shell32.dll, software, sptd.sys, start menu, system, usbport.sys, webcheck |
Hybrid-Darstellung
