Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Dropper.Gen [trojan].

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.03.2011, 13:25   #1
Ruka
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Hallo,
Ich hab mir letztens blöderweise den TR/Dropper Gen eingefangen und hab keine Ahnung, was jetzt genau los ist. Bisher habe Ich noch keine Veränderungen im Computerbetrieb feststellen können und wollte einfach mal fragen, ob sich jemand meine Logs mal anschauen könnte und evtl. Entwarnung geben könnte.
Der TR/Dropper Gen wurde von Avira erkannt und in die Quarantäne verschoben.
Wenn Ich jetzt einen Systemcheck von avira machen lasse findet er auch nichts mehr. Malwarebytes hab Ich auch durchlaufen lassen, hat aber nichts gefunden. Auf jeden Fall kommen hier jetzt erst mal die drei Logs, die ich nach Anleitung angefertigt habe.


OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.03.2011 12:20:16 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\***\Neuer Ordner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 44,28 Gb Free Space | 38,03% Space Free | Partition Type: NTFS
Drive D: | 108,63 Gb Total Space | 54,59 Gb Free Space | 50,25% Space Free | Partition Type: NTFS
 
Computer Name: ***LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.03.30 12:09:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\***\Neuer Ordner\OTL.exe
PRC - [2011.03.26 22:02:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.17 00:38:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.03 22:09:59 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.03 22:09:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.09.01 02:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.04.19 20:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007.04.17 22:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.01.18 04:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006.12.19 02:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.03.30 12:09:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\***\Neuer Ordner\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2008.01.18 23:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - [2011.03.17 00:38:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.03 22:09:59 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.02.06 03:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.17 00:38:34 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.22 16:22:10 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.05.07 09:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.03.07 13:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.05.14 19:37:59 | 007,115,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.03.06 20:17:03 | 001,737,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.03.06 15:15:57 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.16 10:50:31 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.24 20:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.14 17:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 19:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2005.03.02 01:00:00 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: betteryoutube@ginatrapani.org:0.4.3
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.2
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.26 22:02:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.26 22:02:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008.06.23 22:27:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2008.09.11 19:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.30 12:12:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions
[2011.03.17 15:35:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.02.11 02:14:26 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2008.09.11 19:18:54 | 000,000,000 | ---D | M] ("Better YouTube") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\betteryoutube@ginatrapani.org
[2011.03.30 12:12:49 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajdm1508.default\extensions\firegestures@xuldev.org
[2008.07.21 13:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2008.09.11 19:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009.06.14 00:50:06 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2010.10.02 22:17:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.02 22:17:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.02 22:17:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.02 22:17:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.02 22:17:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsm] File not found
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{2f2285fa-2750-11de-9df7-001e8c3f040d}\Shell\AutoRun\command - "" = F:\umenu.exe
O33 - MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
 
MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\ASScrProlog.exe ()
MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\ASScrPro.exe ()
MsConfig - StartUpReg: ASUSTPE - hkey= - key= - File not found
MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: MobileConnect - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found
MsConfig - StartUpReg: PowerForPhone - hkey= - key= - C:\Program Files\PowerForPhone\PowerForPhone.exe ()
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: Ulead AutoDetector - hkey= - key= - C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe (Ulead Systems, Inc.)
MsConfig - StartUpReg: Ulead Photo Express 5 SE Calendar Checker - hkey= - key= - C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe (Ulead Systems, Inc.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.30 12:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.03.30 12:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011.03.27 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.03.27 20:00:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.27 20:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.27 20:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.27 20:00:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.27 20:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.03.17 22:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011.03.04 23:34:14 | 000,559,024 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.v12.1.1.ocx
[2011.03.04 23:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flv Audio Video Extractor
[2011.03.04 23:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\Flv Audio Video Extractor
[2007.01.24 20:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.30 12:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8D7CCD0-48E9-49D0-B640-88CE57215E39}.job
[2011.03.30 12:17:15 | 000,000,740 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011.03.30 12:17:15 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011.03.30 12:16:48 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.30 12:16:48 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.30 12:16:48 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.30 12:16:48 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.30 12:11:48 | 000,027,430 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2011.03.30 12:11:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.30 12:11:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.30 12:11:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.30 12:11:08 | 2012,397,568 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.30 12:10:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.30 11:06:39 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9E262CA9-48E4-48A3-87FB-51D343401A66}.job
[2011.03.18 15:25:05 | 000,414,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.17 00:38:34 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.04 23:34:14 | 000,000,864 | ---- | M] () -- C:\Users\***\Desktop\Flv Audio Video Extractor.lnk
[2011.03.01 22:50:59 | 000,045,056 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2011.03.30 12:17:15 | 000,000,740 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2011.03.30 12:17:15 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2011.03.17 22:36:36 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2011.03.04 23:34:14 | 000,000,864 | ---- | C] () -- C:\Users\***\Desktop\Flv Audio Video Extractor.lnk
[2010.01.25 17:00:35 | 000,030,247 | ---- | C] () -- C:\Windows\scunin.dat
[2009.12.15 15:45:46 | 000,016,903 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009.11.14 00:56:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.11.14 00:56:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.12 22:49:28 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.08.03 11:33:41 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009.03.30 16:40:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.03.30 16:40:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.03.30 16:40:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008.11.13 22:41:44 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008.11.13 22:41:44 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.10.14 17:43:23 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2008.09.12 13:23:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.23 16:23:43 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.06.16 22:04:34 | 000,000,321 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.06.16 21:54:26 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2008.06.16 19:34:34 | 000,027,430 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.06.12 16:22:38 | 000,027,430 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.06.12 00:08:19 | 000,045,056 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.12 00:01:27 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008.04.29 08:02:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.04.29 07:56:47 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2008.04.29 07:56:36 | 000,037,232 | ---- | C] () -- C:\Windows\ASScrProlog.exe
[2008.04.29 07:56:34 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008.04.12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.04.12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.08.06 19:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe
[2007.04.18 11:14:04 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.04.18 11:14:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.04.18 11:14:04 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.04.18 11:14:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.04.18 10:33:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.03.06 20:17:03 | 001,737,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,414,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 12:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2004.01.26 17:15:29 | 000,233,472 | R--- | C] () -- C:\Users\***\AppData\Roaming\MafiaSetup.exe
 
========== LOP Check ==========
 
[2008.06.23 22:41:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2009.08.09 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2008.07.20 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDFab
[2011.03.28 21:02:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2008.06.23 22:39:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Toolbar
[2008.07.04 21:56:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2009.06.14 15:41:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2008.10.14 17:43:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2008.06.23 16:53:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Informer
[2008.06.23 21:31:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2008.09.09 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2011.03.30 12:10:21 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.03.30 11:06:39 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9E262CA9-48E4-48A3-87FB-51D343401A66}.job
[2011.03.30 12:20:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A8D7CCD0-48E9-49D0-B640-88CE57215E39}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.06.12 16:18:21 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.04.29 05:54:47 | 000,000,000 | ---D | M] -- C:\ADOBE
[2009.12.01 10:51:08 | 000,000,000 | -HSD | M] -- C:\Boot
[2008.06.23 19:55:37 | 000,000,000 | ---D | M] -- C:\CDDB
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.03.30 12:08:35 | 000,000,000 | ---D | M] -- C:\Downloads
[2008.06.22 20:24:44 | 000,000,000 | ---D | M] -- C:\My Music
[2008.04.29 05:51:11 | 000,000,000 | ---D | M] -- C:\NIS
[2009.09.12 23:55:15 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.07.04 20:41:47 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2008.04.28 18:14:03 | 000,000,000 | ---D | M] -- C:\Preload
[2011.03.30 12:17:14 | 000,000,000 | R--D | M] -- C:\Programme
[2011.03.27 20:00:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.01.05 07:36:44 | 000,000,000 | ---D | M] -- C:\Programme
[2011.03.30 12:21:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.06.22 20:21:11 | 000,000,000 | R--D | M] -- C:\Users
[2010.08.02 16:51:48 | 000,000,000 | ---D | M] -- C:\Westwood
[2011.02.23 22:51:35 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.04.29 06:32:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.04.29 06:32:17 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: USERINIT.EXE >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-29 14:02:52
 
< End of report >
         
--- --- ---






Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.03.2011 12:20:16 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\***\Neuer Ordner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 44,28 Gb Free Space | 38,03% Space Free | Partition Type: NTFS
Drive D: | 108,63 Gb Total Space | 54,59 Gb Free Space | 50,25% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{247F3926-D08A-4CAC-A8D8-0460C36F9142}" = rport=138 | protocol=17 | dir=out | app=system | 
"{264130A1-3B56-48AF-A7EF-B79D51A28B52}" = lport=139 | protocol=6 | dir=in | app=system | 
"{475938AF-80CB-4A93-9292-9F81FE6F3D75}" = rport=137 | protocol=17 | dir=out | app=system | 
"{580F77E8-11E2-4F13-8367-0F7E850952EA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{58F2B9FC-57CB-4DED-8503-8A6326B57B92}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6814A8CE-6AAC-4681-AD60-970BF2E10DF1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6F0967BB-B7A4-436E-B8C9-D07FA0BCF0EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BFF2201E-5FF1-4B74-AEEC-BDB6CE4963C0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C7AFC9C8-A754-422A-AF00-B0DAC6347BFD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D42688D0-FFCB-47CE-B836-457F21D75615}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FF959A-4D02-495F-BC6E-3A1AF8DC8A16}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | 
"{08F5D5EA-9A17-49B9-A279-12DAFC137E7A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1992F291-D0C7-4CC2-BAEE-505CEDDB0D91}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | 
"{22AA1750-67BD-4235-AF32-D481E8C7BA0F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3F509C62-0DE3-4A3F-A292-1027CB3E7DAE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5BA1DD14-D773-431D-9D4C-F0C89F3B7923}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe | 
"{831616DB-AD8C-4625-B9B4-6695A0A56429}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{96B12EC4-4E18-4B02-AEDD-78186F3A0AD2}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{ADD4B7FE-5E99-46F6-A597-E3CA865EBC35}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe | 
"{D133ACE8-3C03-4483-ACB4-78557C704BA6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D2AB1CBA-D791-4548-8F97-8AE77127412A}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{FC2FF3D3-BABF-49B1-B1EF-7B25E29E4046}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"TCP Query User{0CF6FD06-8256-423B-853E-90BDE1C443FE}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{10A60E74-46DD-4E0B-A797-893871D3A92E}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{AFAD91B0-DEFE-493C-88E5-3CBE84021FDF}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{0842F692-1067-409F-A847-36006F67D245}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{466204E1-5227-45AE-8EEA-0C250EEAA27C}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{72668DDC-F61D-4684-AB14-4E15B7175A9D}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{1A9C3B2E-360E-4353-8E17-312342E24194}" = Speed-Link SL-6535 USB Pad
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = PowerForPhone
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Diablo II" = Diablo II
"Digital Camera Driver" = Digital Camera Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EAX Unified" = EAX Unified
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"Flv Audio Video Extractor_is1" = Flv Audio Video Extractor 2.0
"Free Download Manager_is1" = Free Download Manager 3.0
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Mp3tag" = Mp3tag v2.41
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange PDF Viewer_is1" = PDF-XChange PDF Viewer
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Starcraft" = Starcraft
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"VLC media player" = VLC media player 0.9.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.02.2011 06:25:49 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.02.2011 06:25:49 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.02.2011 06:25:50 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.02.2011 12:31:35 | Computer Name = ***Laptop | Source = System Restore | ID = 8193
Description = 
 
Error - 09.02.2011 12:31:35 | Computer Name = ***Laptop | Source = System Restore | ID = 8210
Description = 
 
Error - 09.02.2011 13:24:39 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 13.02.2011 17:47:56 | Computer Name = ***Laptop | Source = EventSystem | ID = 4622
Description = 
 
Error - 26.02.2011 08:58:51 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 27.02.2011 11:18:08 | Computer Name = ***Laptop | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 01.03.2011 14:58:48 | Computer Name = ***Laptop | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 12ec Anfangszeit: 01cbd8380bf077e0 Zeitpunkt der Beendigung:
16
 
[ System Events ]
Error - 31.01.2011 18:49:46 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 08.02.2011 15:54:13 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 10.02.2011 20:13:03 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 14.02.2011 07:46:03 | Computer Name = ***Laptop | Source = Print | ID = 6161
Description = Das Dokument Das*Örtliche Telefonbuch mit Telefonnummern, Telefonauskunft
mit Stadtplan im Besitz von *** konnte nicht auf dem Drucker Canon MP540 series
Printer gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken, oder starten
Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes:
857424. Anzahl der gedruckten Bytes: 526560. Gesamtanzahl der Seiten des Dokuments:
5. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\***LAPTOP. Vom Druckprozessor
zurückgegebener Win32-Fehlercode: 1. Unzulässige Funktion. 
 
Error - 14.02.2011 07:47:06 | Computer Name = ***Laptop | Source = Print | ID = 6161
Description = Das Dokument Das*Örtliche Telefonbuch mit Telefonnummern, Telefonauskunft
mit Stadtplan im Besitz von *** konnte nicht auf dem Drucker Canon MP540 series
Printer gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken, oder starten
Sie den Druckspooler erneut. Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes:
196608. Anzahl der gedruckten Bytes: 92604. Gesamtanzahl der Seiten des Dokuments:
5. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\***LAPTOP. Vom Druckprozessor
zurückgegebener Win32-Fehlercode: 1. Unzulässige Funktion. 
 
Error - 24.02.2011 21:13:08 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 18.03.2011 16:07:27 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 23.03.2011 22:01:16 | Computer Name = ***Laptop | Source = PlugPlayManager | ID = 12
Description = Das Gerät "Atheros AR5007EG Wireless Network Adapter" (PCI\VEN_168C&DEV_001C&SUBSYS_10261A3B&REV_01\4&14aa9c8c&0&0068)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 29.03.2011 09:40:39 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 30.03.2011 06:09:49 | Computer Name = ***Laptop | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
--- --- ---



Gmer.txt

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-30 13:05:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST9250827AS rev.3.AAA
Running: g2m3e4r.exe; Driver: C:\Users\***\AppData\Local\Temp\kxliqkow.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B803340, 0x3442A7, 0xE8000020]
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b 
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet) 
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---


Hier hab Ich auch noch die Ereignisse, die Avira gemeldet hat:

21:52:54
In der Datei 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ajdm1508.default\Cache\84CEA0DCd01'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

21:53:51
In der Datei 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ajdm1508.default\Cache\84CEA0DCd01'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

21:53:53
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 59
Anzahl Verzeichnisse: 0
Anzahl Malware: 1
Anzahl Fehler: 0

21:53:53
Die Datei 'C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\ajdm1508.default\Cache\84CEA0DCd01'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49bcf3ae.qua' verschoben!


Hoffe Ich habe alles richtig gemacht. Danke schon mal!

falls nötig, kann ich auch HijackThis noch mal drüberlaufen lassen

Alt 31.03.2011, 14:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Zitat:
Ich hab mir letztens blöderweise den TR/Dropper Gen eingefangen
Pfadangaben/Dateinamen fehlen. Ich seh auch keine Logs von Malwarebytes...
__________________

__________________

Alt 31.03.2011, 15:39   #3
Ruka
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



hier der Komplett scan von Malwarebytes


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6185

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

27.03.2011 21:05:06
mbam-log-2011-03-27 (21-05-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 268080
Laufzeit: 56 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


meinst du die Pfadangaben von dem Virus? stehen die nicht in den Avira Ereignissen, die Ich ganz unten Drangesetzt habe? wenn nicht wo find Ich die denn?
__________________

Alt 31.03.2011, 16:20   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Zitat:
meinst du die Pfadangaben von dem Virus? stehen die nicht in den Avira Ereignissen, die Ich ganz unten Drangesetzt habe? wenn nicht wo find Ich die denn?
Achso, da ist es
Mehr steht danicht an Funden? Weitere Logs von Malwraebytes hast du nicht?

Alt 31.03.2011, 17:04   #5
Ruka
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



nur ein paar quick scans, in denen allerdings auch nichts gefunden wurde

Ich hab eben nochmal nen quick scan durchgefürt mit dem selben Ergebnis

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6227

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

31.03.2011 18:01:03
mbam-log-2011-03-31 (18-01-03).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144032
Laufzeit: 4 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


kann es den sein, dass Avira den Virus tatsächlich komplett abgewehrt hat?
Ach so, Ich hab noch eine kurze Frage und hoffe einfach mal, dass das jetzt hier angebracht ist. Als ich vor ca. 20 min. die Trojaner board Seite Laden wollte, kam nur folgende Fehlermeldung:
Schwerer Fehler: APC not installed in [path]/includes/class_datastore.php (Zeile 386)
hat das irgendwas mit euren Servern zu tun oder wie kann Ich mir das erklären?

Danke


Alt 31.03.2011, 17:46   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [fsm] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{2f2285fa-2750-11de-9df7-001e8c3f040d}\Shell\AutoRun\command - "" = F:\umenu.exe
O33 - MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\Shell - "" = AutoRun
O33 - MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> TR/Dropper.Gen [trojan].

Alt 01.04.2011, 10:51   #7
Ruka
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Hier ist das Log


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b957cc-7dd9-11dd-81a4-001e8c3f040d}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b95878-7dd9-11dd-81a4-001e8c3f040d}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f2285fa-2750-11de-9df7-001e8c3f040d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f2285fa-2750-11de-9df7-001e8c3f040d}\ not found.
File F:\umenu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5fc23fa2-8293-11dd-a64f-806e6f6e6963}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d338d0f6-955d-11dd-90b0-001e8c3f040d}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d338d0f8-955d-11dd-90b0-001e8c3f040d}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db2a96f5-7f0b-11dd-a6a3-001e8c3f040d}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db2a96f7-7f0b-11dd-a6a3-001e8c3f040d}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb41a7c6-8b94-11dd-ba58-001e8c3f040d}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\setup.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User

User: Public

User: ***
->Temp folder emptied: 153563 bytes
->FireFox cache emptied: 49345589 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3286 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04012011_114034

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 01.04.2011, 14:12   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alt 01.04.2011, 16:55   #9
Ruka
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Der Laptop ist jetzt absolut lahm und Ich komme nicht einmal mehr in den mozilla Browser rein. da kommt immer eine Meldung:
Es wurde Versucht, einen Registrierungsschlüssel einemunzulässigen Vorgang zu unterziehen, der zum löschen markiert wurde.
wird das wieder?
Hier auf jeden Fall das Log von Cofi


Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-31.04 - *** 01.04.2011  16:10:33.1.2 - x86
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-01 bis 2011-04-01  ))))))))))))))))))))))))))))))
.
.
2011-04-01 14:33 . 2011-04-01 14:34	--------	d-----w-	c:\users\***\AppData\Local\temp
2011-04-01 14:33 . 2011-04-01 14:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-01 09:36 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{35BCDB2D-C17B-4D03-B710-006F394C2C9E}\mpengine.dll
2011-03-30 10:17 . 2011-03-30 10:17	--------	d-----w-	c:\program files\ERUNT
2011-03-27 18:00 . 2011-03-27 18:00	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-03-27 18:00 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-27 18:00 . 2011-03-27 18:00	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-27 18:00 . 2011-03-27 18:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-03-27 18:00 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-23 13:13 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-03-23 13:13 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-03-23 13:13 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-03-17 20:36 . 1999-01-21 08:00	56832	------w-	c:\windows\system32\iyvu9_32.dll
2011-03-17 20:36 . 1999-01-21 08:00	143872	------w-	c:\windows\system32\iacenc.dll
2011-03-17 20:36 . 2011-03-17 20:36	1622016	------w-	c:\program files\Microsoft Games\Age of Empires\EMPIRES.EXE
2011-03-17 20:36 . 2011-03-17 20:36	1513984	------w-	c:\program files\Microsoft Games\Age of Empires\EMPIRESX.EXE
2011-03-17 20:36 . 2011-03-17 20:36	315457	------w-	c:\program files\Microsoft Games\Age of Empires\Uninstal.Exe
2011-03-17 20:36 . 2011-03-17 20:36	2752512	------w-	c:\program files\Microsoft Games\Age of Empires\SETUPENU.DLL
2011-03-17 20:36 . 2011-03-17 20:36	211456	------w-	c:\program files\Microsoft Games\Age of Empires\language.dll
2011-03-17 20:36 . 2011-03-17 20:36	163840	------w-	c:\program files\Microsoft Games\Age of Empires\languagex.dll
2011-03-17 20:36 . 2011-03-17 20:36	29184	------w-	c:\program files\Microsoft Games\Age of Empires\data2\closedpw.exe
2011-03-17 20:35 . 2011-03-17 20:35	29184	------w-	c:\program files\Microsoft Games\Age of Empires\data\closedpw.exe
2011-03-17 20:35 . 2011-03-17 20:35	33280	------w-	c:\program files\Microsoft Games\Age of Empires\AoEHlp.dll
2011-03-17 20:35 . 2011-03-17 20:35	27648	------w-	c:\program files\Microsoft Games\Age of Empires\aelaunch.dll
2011-03-16 22:47 . 2010-12-29 18:28	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-16 22:47 . 2010-12-29 18:28	322560	----a-w-	c:\windows\system32\sbe.dll
2011-03-16 22:47 . 2010-12-29 18:28	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-16 22:47 . 2010-12-29 18:26	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-16 22:47 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\system32\mstscax.dll
2011-03-16 22:47 . 2010-12-17 13:54	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-03-04 21:34 . 2011-03-04 21:34	--------	d-----w-	c:\program files\Flv Audio Video Extractor
2011-03-04 21:34 . 2008-11-28 11:32	559024	----a-w-	c:\windows\system32\Codejock.SkinFramework.v12.1.1.ocx
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 22:38 . 2009-06-13 20:17	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-02 17:11 . 2009-10-02 16:37	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-11 00:25	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-11 00:25	478720	----a-w-	c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-11 00:25	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-11 00:25	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-11 00:25	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-11 00:25	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-11 00:25	37376	----a-w-	c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-11 00:25	258048	----a-w-	c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-11 00:25	586240	----a-w-	c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-11 00:25	2873344	----a-w-	c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-11 00:25	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-11 00:25	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-11 00:25	98816	----a-w-	c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-11 00:25	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-11 00:25	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-11 00:25	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-11 00:25	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-11 00:25	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-11 00:25	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-11 00:25	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-11 00:25	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-11 00:25	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-11 00:25	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-11 00:25	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-11 00:25	683008	----a-w-	c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-11 00:23	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-11 00:23	292352	----a-w-	c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-14 8429568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-02 7518752]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-02 1833504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-04-29 05:56	37232	----a-w-	c:\windows\ASScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-04-29 05:56	33136	----a-w-	c:\windows\ASScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSTPE]
2007-01-16 23:13	106496	----a-w-	c:\windows\System32\ASUSTPE.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2006-11-02 15:27	61440	----a-w-	c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 21:33	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-05-14 17:37	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-05-14 17:37	86016	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
2007-06-26 17:10	778240	----a-w-	c:\program files\PowerForPhone\PowerForPhone.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-06-02 16:29	7518752	----a-w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-06-02 16:30	1833504	----a-w-	c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-09-03 05:29	630784	----a-w-	c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2003-11-19 11:03	45056	------w-	c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express 5 SE Calendar Checker]
2004-01-12 18:40	69632	----a-w-	c:\program files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVMUNET;Eumex 300 IP;c:\windows\system32\DRIVERS\avmunet.sys [2005-03-01 15104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-01 c:\windows\Tasks\User_Feed_Synchronization-{9E262CA9-48E4-48A3-87FB-51D343401A66}.job
- c:\windows\system32\msfeedssync.exe [2011-02-11 04:47]
.
2011-04-01 c:\windows\Tasks\User_Feed_Synchronization-{A8D7CCD0-48E9-49D0-B640-88CE57215E39}.job
- c:\windows\system32\msfeedssync.exe [2011-02-11 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
TCP: {977D0D2C-2DDF-44A2-9997-4D7002DB00CD} = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ajdm1508.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Better YouTube: betteryoutube@ginatrapani.org - %profile%\extensions\betteryoutube@ginatrapani.org
FF - Ext: FireGestures: firegestures@xuldev.org - %profile%\extensions\firegestures@xuldev.org
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-01 16:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-398081310-3755098964-2632301565-1000\Software\SecuROM\License information*]
"datasecu"=hex:4a,9c,68,39,7f,bf,23,b1,65,3c,ad,1d,e4,4c,e9,2d,da,7e,2c,e0,05,
   8b,fa,83,e1,bb,f7,c7,7f,cf,0a,e0,7c,46,8a,0b,4b,e4,db,f9,7c,bd,c1,89,d7,9e,\
"rkeysecu"=hex:59,2d,a5,52,3f,0b,99,07,a6,81,7e,cd,39,5a,7c,77
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-01  16:37:39
ComboFix-quarantined-files.txt  2011-04-01 14:37
.
Vor Suchlauf: 14 Verzeichnis(se), 47.298.654.208 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 47.666.827.264 Bytes frei
.
- - End Of File - - 3D47323BFCCEC44D66B56DD270E9AC9B
         
--- --- ---

Alt 01.04.2011, 18:55   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Starte Windows neu, danach dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Alt 02.04.2011, 08:55   #11
Ruka
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



tdsskiller hat nichts gefunden
Hier ist der Report
Danke schön


2011/04/02 09:47:35.0064 2264 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/02 09:47:35.0486 2264 ================================================================================
2011/04/02 09:47:35.0486 2264 SystemInfo:
2011/04/02 09:47:35.0486 2264
2011/04/02 09:47:35.0486 2264 OS Version: 6.0.6002 ServicePack: 2.0
2011/04/02 09:47:35.0486 2264 Product type: Workstation
2011/04/02 09:47:35.0486 2264 ComputerName: ***LAPTOP
2011/04/02 09:47:35.0486 2264 UserName: ***
2011/04/02 09:47:35.0486 2264 Windows directory: C:\Windows
2011/04/02 09:47:35.0486 2264 System windows directory: C:\Windows
2011/04/02 09:47:35.0486 2264 Processor architecture: Intel x86
2011/04/02 09:47:35.0486 2264 Number of processors: 2
2011/04/02 09:47:35.0486 2264 Page size: 0x1000
2011/04/02 09:47:35.0486 2264 Boot type: Normal boot
2011/04/02 09:47:35.0486 2264 ================================================================================
2011/04/02 09:47:35.0860 2264 Initialize success
2011/04/02 09:47:47.0763 2092 ================================================================================
2011/04/02 09:47:47.0763 2092 Scan started
2011/04/02 09:47:47.0763 2092 Mode: Manual;
2011/04/02 09:47:47.0763 2092 ================================================================================
2011/04/02 09:47:48.0652 2092 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/02 09:47:48.0714 2092 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/02 09:47:48.0792 2092 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/02 09:47:48.0839 2092 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/02 09:47:48.0870 2092 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/02 09:47:49.0011 2092 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/02 09:47:49.0104 2092 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/02 09:47:49.0151 2092 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/02 09:47:49.0229 2092 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/02 09:47:49.0276 2092 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/02 09:47:49.0323 2092 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/02 09:47:49.0401 2092 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/02 09:47:49.0448 2092 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/02 09:47:49.0604 2092 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/02 09:47:49.0682 2092 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/02 09:47:49.0791 2092 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/04/02 09:47:49.0931 2092 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/02 09:47:49.0978 2092 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/02 09:47:50.0056 2092 athr (dcdfc3a5a8b239055aab6bd975ada889) C:\Windows\system32\DRIVERS\athr.sys
2011/04/02 09:47:50.0259 2092 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/02 09:47:50.0384 2092 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/02 09:47:50.0446 2092 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/02 09:47:50.0508 2092 AVMUNET (077b3692f4376d1539755761feef659a) C:\Windows\system32\DRIVERS\avmunet.sys
2011/04/02 09:47:50.0633 2092 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/02 09:47:50.0805 2092 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/02 09:47:50.0852 2092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/02 09:47:50.0898 2092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/02 09:47:50.0961 2092 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/02 09:47:50.0992 2092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/02 09:47:51.0039 2092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/02 09:47:51.0117 2092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/02 09:47:51.0148 2092 BthEnum (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/02 09:47:51.0226 2092 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/02 09:47:51.0273 2092 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/02 09:47:51.0320 2092 BTHPORT (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
2011/04/02 09:47:51.0366 2092 BTHUSB (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/02 09:47:51.0554 2092 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/02 09:47:51.0632 2092 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/02 09:47:51.0694 2092 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/02 09:47:51.0756 2092 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/02 09:47:51.0897 2092 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/02 09:47:51.0959 2092 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/02 09:47:52.0006 2092 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/02 09:47:52.0053 2092 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/02 09:47:52.0100 2092 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/02 09:47:52.0224 2092 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/02 09:47:52.0396 2092 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/02 09:47:52.0490 2092 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/02 09:47:52.0583 2092 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/02 09:47:52.0661 2092 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/02 09:47:52.0770 2092 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/02 09:47:52.0880 2092 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/02 09:47:53.0020 2092 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/02 09:47:53.0051 2092 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/02 09:47:53.0145 2092 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/02 09:47:53.0207 2092 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/02 09:47:53.0254 2092 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/02 09:47:53.0301 2092 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/02 09:47:53.0379 2092 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/02 09:47:53.0472 2092 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/02 09:47:53.0550 2092 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/02 09:47:53.0660 2092 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2011/04/02 09:47:53.0800 2092 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/02 09:47:53.0878 2092 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/02 09:47:53.0956 2092 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/02 09:47:53.0987 2092 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/02 09:47:54.0065 2092 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/02 09:47:54.0143 2092 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/02 09:47:54.0206 2092 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/02 09:47:54.0346 2092 hwdatacard (4e370a583e78b614918c8f2cd5b733ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/02 09:47:54.0393 2092 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/02 09:47:54.0455 2092 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/02 09:47:54.0518 2092 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/02 09:47:54.0658 2092 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/02 09:47:54.0830 2092 IntcAzAudAddService (4440fd5ee670dfbbbfdb9742ea8f51e6) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/02 09:47:55.0032 2092 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/02 09:47:55.0095 2092 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/02 09:47:55.0204 2092 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/02 09:47:55.0329 2092 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/02 09:47:55.0407 2092 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/02 09:47:55.0469 2092 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/02 09:47:55.0532 2092 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/02 09:47:55.0594 2092 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/02 09:47:55.0641 2092 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/02 09:47:55.0688 2092 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/02 09:47:55.0750 2092 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/02 09:47:55.0828 2092 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/04/02 09:47:55.0890 2092 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/04/02 09:47:55.0984 2092 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/02 09:47:56.0078 2092 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/02 09:47:56.0202 2092 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/02 09:47:56.0249 2092 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/02 09:47:56.0312 2092 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/02 09:47:56.0358 2092 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/02 09:47:56.0452 2092 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/02 09:47:56.0499 2092 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/02 09:47:56.0608 2092 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
2011/04/02 09:47:56.0686 2092 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/02 09:47:56.0733 2092 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/02 09:47:56.0795 2092 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/02 09:47:56.0873 2092 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/02 09:47:56.0936 2092 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/02 09:47:57.0029 2092 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/02 09:47:57.0092 2092 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/02 09:47:57.0170 2092 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/02 09:47:57.0216 2092 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/02 09:47:57.0263 2092 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/02 09:47:57.0294 2092 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/02 09:47:57.0357 2092 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/02 09:47:57.0388 2092 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/02 09:47:57.0497 2092 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/02 09:47:57.0591 2092 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/02 09:47:57.0669 2092 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/02 09:47:57.0731 2092 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/02 09:47:57.0809 2092 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/02 09:47:57.0887 2092 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/02 09:47:57.0981 2092 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/02 09:47:58.0043 2092 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/02 09:47:58.0152 2092 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/04/02 09:47:58.0230 2092 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/02 09:47:58.0308 2092 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/02 09:47:58.0386 2092 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/02 09:47:58.0496 2092 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/02 09:47:58.0542 2092 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/02 09:47:58.0620 2092 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/02 09:47:58.0745 2092 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/02 09:47:58.0808 2092 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/02 09:47:58.0870 2092 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/02 09:47:59.0026 2092 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/04/02 09:47:59.0104 2092 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/02 09:47:59.0213 2092 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/02 09:47:59.0276 2092 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/02 09:47:59.0369 2092 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/02 09:47:59.0463 2092 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/02 09:47:59.0510 2092 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/02 09:47:59.0619 2092 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/02 09:47:59.0915 2092 nvlddmkm (3dacd0610683cf966647636d3b7ae750) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/02 09:48:00.0134 2092 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/02 09:48:00.0196 2092 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/04/02 09:48:00.0258 2092 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/02 09:48:00.0352 2092 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/02 09:48:00.0524 2092 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/02 09:48:00.0633 2092 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/02 09:48:00.0680 2092 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/02 09:48:00.0742 2092 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/02 09:48:00.0836 2092 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/02 09:48:00.0914 2092 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/02 09:48:00.0976 2092 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/02 09:48:01.0085 2092 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/02 09:48:01.0241 2092 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/02 09:48:01.0304 2092 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/02 09:48:01.0413 2092 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/02 09:48:01.0491 2092 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/02 09:48:01.0584 2092 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/02 09:48:01.0662 2092 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/02 09:48:01.0709 2092 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/02 09:48:01.0787 2092 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/02 09:48:01.0881 2092 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/02 09:48:01.0928 2092 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/02 09:48:02.0006 2092 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/02 09:48:02.0052 2092 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/02 09:48:02.0130 2092 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/02 09:48:02.0177 2092 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/02 09:48:02.0255 2092 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/02 09:48:02.0364 2092 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/02 09:48:02.0442 2092 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/02 09:48:02.0505 2092 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/02 09:48:02.0567 2092 RTSTOR (557d431125aa3d58f2d132fda1eb8255) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/02 09:48:02.0630 2092 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/02 09:48:02.0723 2092 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/02 09:48:02.0786 2092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/02 09:48:02.0848 2092 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/02 09:48:02.0910 2092 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/02 09:48:02.0973 2092 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/02 09:48:03.0129 2092 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/02 09:48:03.0160 2092 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/02 09:48:03.0191 2092 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/02 09:48:03.0222 2092 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/02 09:48:03.0347 2092 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/02 09:48:03.0394 2092 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/02 09:48:03.0456 2092 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/02 09:48:03.0581 2092 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/02 09:48:03.0659 2092 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2011/04/02 09:48:03.0862 2092 SNP2UVC (e7230cdcc9e7b7559147cf7bc24a1d1d) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/04/02 09:48:03.0956 2092 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/02 09:48:04.0034 2092 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/02 09:48:04.0080 2092 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/02 09:48:04.0112 2092 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/02 09:48:04.0174 2092 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/02 09:48:04.0252 2092 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/02 09:48:04.0314 2092 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/02 09:48:04.0408 2092 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/02 09:48:04.0439 2092 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/02 09:48:04.0548 2092 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/02 09:48:04.0658 2092 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/02 09:48:04.0736 2092 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/02 09:48:04.0814 2092 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/02 09:48:04.0860 2092 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/02 09:48:04.0923 2092 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/02 09:48:04.0970 2092 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/02 09:48:05.0063 2092 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/02 09:48:05.0172 2092 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
2011/04/02 09:48:05.0266 2092 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/02 09:48:05.0344 2092 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/02 09:48:05.0391 2092 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/02 09:48:05.0453 2092 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/02 09:48:05.0500 2092 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/02 09:48:05.0625 2092 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/02 09:48:05.0687 2092 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/02 09:48:05.0734 2092 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/02 09:48:05.0781 2092 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/02 09:48:05.0843 2092 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/02 09:48:05.0921 2092 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/02 09:48:05.0984 2092 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/02 09:48:06.0046 2092 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/02 09:48:06.0108 2092 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/02 09:48:06.0140 2092 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/02 09:48:06.0218 2092 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/02 09:48:06.0264 2092 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/02 09:48:06.0327 2092 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/02 09:48:06.0405 2092 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/02 09:48:06.0467 2092 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/02 09:48:06.0545 2092 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/02 09:48:06.0623 2092 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/02 09:48:06.0686 2092 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/02 09:48:06.0748 2092 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/02 09:48:06.0779 2092 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/02 09:48:06.0810 2092 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/02 09:48:06.0857 2092 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/02 09:48:06.0951 2092 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/02 09:48:07.0044 2092 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/02 09:48:07.0107 2092 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/02 09:48:07.0200 2092 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/02 09:48:07.0216 2092 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/02 09:48:07.0278 2092 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/02 09:48:07.0341 2092 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/02 09:48:07.0559 2092 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/02 09:48:07.0700 2092 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/02 09:48:07.0840 2092 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/02 09:48:07.0934 2092 ================================================================================
2011/04/02 09:48:07.0934 2092 Scan finished
2011/04/02 09:48:07.0934 2092 ================================================================================

Alt 02.04.2011, 13:57   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Alt 02.04.2011, 15:23   #13
Ruka
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



GMER

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-02 16:07:12
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST9250827AS rev.3.AAA
Running: g2m3e4r.exe; Driver: C:\Users\***\AppData\Local\Temp\kxliqkow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                         section is writeable [0x8B80D340, 0x3442A7, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
--- --- ---


OSAM

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 16:14:35 on 02.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASMMAP" (ASMMAP) - ? - C:\Program Files\ATKGFNEX\ASMMAP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kxliqkow" (kxliqkow) - ? - C:\Users\***\AppData\Local\Temp\kxliqkow.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2F5AC606-70CF-461C-BFE1-6063670C3484} "DisplayCplExt Class" - "ASUS" - C:\Windows\system32\TPESetting.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{D27CDB6E-AE6D-11CF-96B8-444553540000} "{D27CDB6E-AE6D-11CF-96B8-444553540000}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "FDMIECookiesBHO Class" - ? - C:\Program Files\Free Download Manager\iefdm2.dll
{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} "PDF-XChange Viewer IE-Plugin" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Inkjet Printer/Scanner Extended Survey Program" (IJPLMSVC) - ? - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NMIndexingService" (NMIndexingService) - ? - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"  (File not found)
"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index



MBRCheck


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTeK Computer Inc.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F5N
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 146):
0x82201000 \SystemRoot\system32\ntkrnlpa.exe
0x825BB000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\PSHED.dll
0x8041C000 \SystemRoot\system32\BOOTVID.dll
0x80424000 \SystemRoot\system32\CLFS.SYS
0x80465000 \SystemRoot\system32\CI.dll
0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80604000 \SystemRoot\system32\drivers\acpi.sys
0x8064A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80653000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065B000 \SystemRoot\system32\drivers\pci.sys
0x80682000 \SystemRoot\System32\drivers\partmgr.sys
0x80691000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80694000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069E000 \SystemRoot\system32\drivers\volmgr.sys
0x806AD000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F7000 \SystemRoot\system32\drivers\pciide.sys
0x806FE000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071C000 \SystemRoot\system32\drivers\atapi.sys
0x80724000 \SystemRoot\system32\drivers\ataport.SYS
0x80742000 \SystemRoot\system32\drivers\fltmgr.sys
0x80774000 \SystemRoot\system32\drivers\fileinfo.sys
0x80784000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8760F000 \SystemRoot\system32\drivers\ndis.sys
0x8771A000 \SystemRoot\system32\drivers\msrpc.sys
0x87745000 \SystemRoot\system32\drivers\NETIO.SYS
0x8780C000 \SystemRoot\System32\drivers\tcpip.sys
0x878F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87A0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87B1E000 \SystemRoot\system32\drivers\volsnap.sys
0x87B57000 \SystemRoot\System32\Drivers\spldr.sys
0x87B5F000 \SystemRoot\System32\Drivers\mup.sys
0x87B6E000 \SystemRoot\System32\drivers\ecache.sys
0x87B95000 \SystemRoot\system32\drivers\disk.sys
0x87BA6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87BC7000 \SystemRoot\system32\drivers\crcdisk.sys
0x87BF0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87911000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x87919000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87929000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x87A09000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8793C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x87947000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x87A0B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x87972000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x87BFB000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8797D000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87987000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x879C5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x879D4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B205000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B292000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8B608000 \SystemRoot\system32\DRIVERS\athr.sys
0x8B80D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BED7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BF77000 \SystemRoot\System32\drivers\watchdog.sys
0x8BF83000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8BF87000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BFB6000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B800000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B6CA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B6E1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B6EC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B70F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B71E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B732000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B747000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B80B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B757000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B781000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B78B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B798000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B7CD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C402000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C642000 \SystemRoot\system32\drivers\portcls.sys
0x8C66F000 \SystemRoot\system32\drivers\drmk.sys
0x8C694000 \SystemRoot\system32\DRIVERS\smserial.sys
0x8C784000 \SystemRoot\system32\drivers\modem.sys
0x8C791000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x8C79B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C7A4000 \SystemRoot\System32\Drivers\Null.SYS
0x8C7AB000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C7B2000 \SystemRoot\System32\drivers\vga.sys
0x8C7BE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C7DF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C7E7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C7EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B7DE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BFF7000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B393000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B7EC000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B3A9000 \SystemRoot\system32\drivers\afd.sys
0x87780000 \SystemRoot\System32\DRIVERS\netbt.sys
0x877B2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B3F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x879EC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C7FA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8C80A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C846000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8C858000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C862000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C879000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8C89F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8D00F000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8D1B8000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8D1C5000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8D1CC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D1D9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D1E4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96C60000 \SystemRoot\System32\win32k.sys
0x8D1EC000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D000000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96E80000 \SystemRoot\System32\TSDDD.dll
0x96EA0000 \SystemRoot\System32\cdd.dll
0x8C8A1000 \SystemRoot\system32\drivers\luafv.sys
0x8C8BC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8C8D1000 \SystemRoot\system32\drivers\spsys.sys
0x8C981000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C991000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8C9BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8C9C5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8C9D8000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x9CA0B000 \SystemRoot\system32\drivers\HTTP.sys
0x9CA78000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9CA95000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9CAAE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9CAC3000 \SystemRoot\system32\drivers\mrxdav.sys
0x9CAE4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9CB03000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9CB3C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9CB54000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CB7C000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CBCA000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x9DA06000 \SystemRoot\system32\drivers\peauth.sys
0x9DAE4000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9DB0C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9DB16000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9DB22000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9DB37000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9DB49000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9DB5F000 \??\C:\Users\***\AppData\Local\Temp\kxliqkow.sys
0x77850000 \Windows\System32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
476 C:\Windows\System32\smss.exe
548 csrss.exe
600 C:\Windows\System32\wininit.exe
612 csrss.exe
644 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\winlogon.exe
852 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1232 C:\Windows\System32\audiodg.exe
1264 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\SLsvc.exe
1336 C:\Windows\System32\svchost.exe
1496 C:\Windows\System32\svchost.exe
1624 C:\Program Files\ATK Hotkey\ASLDRSrv.exe
1652 C:\Program Files\ATKGFNEX\GFNEXSrv.exe
1768 C:\Windows\System32\spoolsv.exe
1792 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1804 C:\Windows\System32\svchost.exe
2016 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2032 C:\Windows\System32\svchost.exe
328 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
336 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
848 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
792 C:\Windows\System32\svchost.exe
1144 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
1468 C:\Windows\System32\svchost.exe
1860 C:\Windows\System32\svchost.exe
2044 C:\Windows\System32\SearchIndexer.exe
2372 WUDFHost.exe
2664 C:\Windows\System32\dwm.exe
2696 C:\Windows\System32\taskeng.exe
2740 C:\Windows\explorer.exe
3048 C:\Program Files\ATK Hotkey\HControl.exe
3056 C:\Program Files\ATKOSD2\ATKOSD2.exe
3064 C:\Program Files\P4G\BatteryLife.exe
3168 C:\Windows\System32\taskeng.exe
3260 C:\Program Files\ATK Hotkey\ATKOSD.exe
3348 C:\Program Files\Windows Media Player\wmpnscfg.exe
3452 C:\Program Files\ATK Hotkey\KBFiltr.exe
3592 C:\Program Files\Windows Media Player\wmpnetwk.exe
3988 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4020 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4060 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
4072 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2144 C:\Program Files\Windows Sidebar\sidebar.exe
2316 C:\Windows\ehome\ehtray.exe
3140 C:\Windows\ehome\ehmsas.exe
1052 C:\Windows\System32\svchost.exe
3372 D:\***\Neuer Ordner\g2m3e4r.exe
3072 C:\Program Files\Mozilla Firefox\firefox.exe
288 C:\Program Files\Free Download Manager\fdm.exe
2592 D:\***\Neuer Ordner\Osam\osam_autorun_manager_5_0_portable\osam.exe
2904 C:\Program Files\Internet Explorer\ielowutil.exe
3028 C:\Windows\System32\notepad.exe
2176 C:\Windows\System32\SearchProtocolHost.exe
1176 C:\Windows\System32\SearchFilterHost.exe
1284 D:\***\Neuer Ordner\MBRCheck\MBRCheck.exe
3376 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f4100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001f`10700000 (NTFS)

PhysicalDrive0 Model Number: ST9250827AS, Rev: 3.AAA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Danke

Alt 03.04.2011, 13:29   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Alt 06.04.2011, 22:14   #15
Ruka
 
TR/Dropper.Gen [trojan]. - Standard

TR/Dropper.Gen [trojan].



Tut mir leid, dass es ein bisschen länger gedauert hat.

Ich hab auf jeden Fall die beiden scans durchgeführt und die haben beide nichts gefunden, hier sind die Logs.


Malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6287

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

06.04.2011 20:17:43
mbam-log-2011-04-06 (20-17-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 271703
Laufzeit: 1 Stunde(n), 23 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)





SUPERAntiSpyware

SUPERAntiSpyware Scann-Protokoll
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generiert 04/06/2011 bei 11:08 PM

Version der Applikation : 4.50.1002

Version der Kern-Datenbank : 6765
Version der Spur-Datenbank : 4577

Scan Art : kompletter Scann
Totale Scann-Zeit : 02:39:11

Gescannte Speicherelemente : 629
Erfasste Speicher-Bedrohungen : 0
Gescannte Register-Elemente : 7153
Erfasste Register-Bedrohungen : 0
Gescannte Datei-Elemente : 129563
Erfasste Datei-Elemente : 0



Danke, dass du das alles machst.

Antwort

Themen zu TR/Dropper.Gen [trojan].
7-zip, antivir, audacity, autorun, avgntflt.sys, avira, benutzerregistrierung, bho, codejock software, decrypter, desktop, error, firefox, flash player, frage, free download, grand theft auto, hijack, hijackthis, home, install.exe, installation, location, logfile, maßnahme, monitor.exe, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, oldtimer, realtek, registry, rundll, saver, scan, searchplugins, security, shell32.dll, software, start menu, studio, telefonnummer, telefonnummern, tr/drooper.gen, tracker, trojan, trojaner, usb 2.0, vista, warnung



Ähnliche Themen: TR/Dropper.Gen [trojan].


  1. Win7 Trojan.Agent/Gen-XDown & Trojan.Unclassified/Dropper
    Log-Analyse und Auswertung - 15.11.2015 (9)
  2. TR/ATRAPS.Gen und TR/Kazy durch Antivir gemeldet; ferner Trojan.Agent.MRGGen, Trojan.0Access, Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (10)
  3. Trojan.Dropper & Trojan.FakeAlert & Trojan.Downloader
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (17)
  4. 2x Rootkit0.Access, Trojan.Zaccess und zweimal Trojan.Dropper.PE4 in C:\Windows\Installer\
    Log-Analyse und Auswertung - 14.07.2012 (3)
  5. Spam mails vom computer? Trojan.sirefef, Trojan.dropper, trojan.small, etc.etc.
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (13)
  6. TR.Dropper.gen in C:\Users\Christina\AppData\Local\Temp, Trojan/Zaccess, Trojan.Agent, ...
    Log-Analyse und Auswertung - 19.06.2012 (29)
  7. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  8. TR/Dropper.Gen von Avira AntiVir und Trojan.Agent.CK sowie Trojan.Orsam von Malwarebytes erkannt
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (1)
  9. Stark trojanerverseuchtes System! (Trojan Buzuss, Backdoor Trojan, Trojan Dropper,..)
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (3)
  10. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)
  11. unerwünschte pop ups -> (Adware Tracking Cookie,trojan agent,trojan dropper)
    Log-Analyse und Auswertung - 02.06.2010 (20)
  12. trojaner nicht löschbar (AVG u. Malwarebytes) (Trojan.Dropper / Trojan.SpamBot)
    Plagegeister aller Art und deren Bekämpfung - 20.05.2010 (7)
  13. Trojan.Unclassified & Trojan.Dropper
    Log-Analyse und Auswertung - 28.03.2009 (13)
  14. Mehrere Trojaner Meldungen 'TR/Dldr.Agent.yla' [trojan] 'TR/Dropper.Gen' [trojan]
    Plagegeister aller Art und deren Bekämpfung - 02.03.2009 (19)
  15. Befall von Virtumonde, Trojan.Dropper/Gen und Trojan.DNSChanger-Codec
    Plagegeister aller Art und deren Bekämpfung - 28.10.2008 (23)
  16. trojan.dropper + trojan zlob
    Plagegeister aller Art und deren Bekämpfung - 23.09.2008 (27)
  17. Trojan.Banker.VB.0D9D0998 und Trojan-Dropper.Win32.Agent.wd
    Log-Analyse und Auswertung - 04.10.2005 (2)

Zum Thema TR/Dropper.Gen [trojan]. - Hallo, Ich hab mir letztens blöderweise den TR/Dropper Gen eingefangen und hab keine Ahnung, was jetzt genau los ist. Bisher habe Ich noch keine Veränderungen im Computerbetrieb feststellen können und - TR/Dropper.Gen [trojan]....
Archiv
Du betrachtest: TR/Dropper.Gen [trojan]. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.