| |
| |||||||
Log-Analyse und Auswertung: OTL - Logfiles MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.04.2011, 08:56
| #17 |
 |  OTL - Logfiles Malware Nach mehreren Abstürzen von GMER habe ich das Programm ausgelassen.
__________________Logfile von OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 09:50:48 on 25.04.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl "ODBCCP32.CPL" - "Microsoft Corporation" - C:\Windows\system32\ODBCCP32.CPL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLCFG32.CPL "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aczkkuj5" (aczkkuj5) - "Microsoft Corporation" - C:\Windows\system32\drivers\aczkkuj5.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "axddapod" (axddapod) - "GMER" - C:\axddapod.sys (Hidden registry entry, rootkit activity) "catchme" (catchme) - ? - C:\Users\Tobbi\AppData\Local\Temp\catchme.sys (File not found) "esgiguard" (esgiguard) - ? - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (File found, but it contains no detailed information) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS "SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS "Sony Ericsson Device 039 Driver driver (WDM)" (SE27bus) - "MCCI" - C:\Windows\System32\DRIVERS\SE27bus.sys "Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)" (SE27mgmt) - "MCCI" - C:\Windows\System32\DRIVERS\SE27mgmt.sys "Sony Ericsson Device 039 USB WMC Modem Driver" (SE27mdm) - "MCCI" - C:\Windows\System32\DRIVERS\SE27mdm.sys "Sony Ericsson Device 039 USB WMC Modem Filter" (SE27mdfl) - "MCCI" - C:\Windows\System32\DRIVERS\SE27mdfl.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Users\Tobbi\Documents\dBpoweramp\dBShell.dll (File not found) {7D4D6379-F301-4311-BEBA-E26EB0561882} "{7D4D6379-F301-4311-BEBA-E26EB0561882}" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" (File not found) -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} "AsyncPProt Class" - ? - C:\Windows\system32\Msdxm6.ocx (File not found) {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {EC654325-1273-C2A9-2B7C-45D29BCE68FB} "Deskscapes Class" - "Stardock Corporation" - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2F5AC606-70CF-461C-BFE1-734234536262} "DisplayCplExt Class" - "Stardock Corporation" - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll {2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dMCIShell Class" - ? - C:\Users\Tobbi\Documents\dBpoweramp\dMCShell.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler" - ? - (File not found | COM-object registry key not found) {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler" - ? - (File not found | COM-object registry key not found) {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" (File not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" (File not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" (File not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - "C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" (File not found) {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\OLKFSTUB.DLL {D1701180-DB4E-4902-9849-688C835FB093} "PDF Context Menu Extension" - ? - (File not found | COM-object registry key not found) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" - ? - (File not found | COM-object registry key not found) <binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\IEAWSDC.DLL / hxxp://office.microsoft.com/sites/production/ieawsdc32.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10m.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "{67DABFBF-D0AB-41FA-9C46-CC0F21721616}" - ? - (File not found | COM-object registry key not found) / hxxp://download.divx.com/player/DivXBrowserPlugin.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Tobbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "DesktopVideoPlayer.lnk" - ? - C:\Users\Tobbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk (Shortcut exists | File not found) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "RocketDock" - ? - "C:\Program Files\RocketDock\RocketDock.exe" (File found, but it contains no detailed information) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "EEventManager" - "SEIKO EPSON CORPORATION" - "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL "WBSrv" - "Stardock Corporation" - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5610Z
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 158):
0x82613000 \SystemRoot\system32\ntkrnlpa.exe
0x829CD000 \SystemRoot\system32\hal.dll
0x80600000 \SystemRoot\system32\kdcom.dll
0x80607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80677000 \SystemRoot\system32\PSHED.dll
0x80688000 \SystemRoot\system32\BOOTVID.dll
0x80690000 \SystemRoot\system32\CLFS.SYS
0x806D1000 \SystemRoot\system32\CI.dll
0x8A60D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A696000 \SystemRoot\System32\Drivers\spva.sys
0x8A789000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8A792000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8A7B8000 \SystemRoot\system32\drivers\acpi.sys
0x8A600000 \SystemRoot\system32\drivers\msisadrv.sys
0x807B1000 \SystemRoot\system32\drivers\pci.sys
0x807D8000 \SystemRoot\System32\drivers\partmgr.sys
0x8A608000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x807E7000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x807F1000 \SystemRoot\system32\drivers\volmgr.sys
0x8A802000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A84C000 \SystemRoot\system32\drivers\intelide.sys
0x8A853000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A861000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8A88E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A89E000 \SystemRoot\system32\drivers\atapi.sys
0x8A8A6000 \SystemRoot\system32\drivers\ataport.SYS
0x8A8C4000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A8F6000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A906000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AA03000 \SystemRoot\system32\drivers\ndis.sys
0x8AB0E000 \SystemRoot\system32\drivers\msrpc.sys
0x8AB39000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AC0A000 \SystemRoot\System32\drivers\tcpip.sys
0x8ACF4000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AE06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF16000 \SystemRoot\system32\drivers\volsnap.sys
0x8AF4F000 \SystemRoot\System32\Drivers\spldr.sys
0x8AF57000 \SystemRoot\System32\Drivers\mup.sys
0x8AF66000 \SystemRoot\System32\drivers\ecache.sys
0x8AF8D000 \SystemRoot\system32\drivers\disk.sys
0x8AF9E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AFBF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AFE8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AFF3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AD0F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8AD1E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EA09000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F056000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F0F6000 \SystemRoot\System32\drivers\watchdog.sys
0x8F102000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F18F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F19A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F1D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F1E7000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8AD27000 \SystemRoot\system32\DRIVERS\athr.sys
0x8ADE8000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0x8AB74000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8AB8E000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
0x8ABA1000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0x8F1F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8ABAC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8ABBF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ABCA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ABD5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EA00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8A977000 \SystemRoot\System32\Drivers\aczkkuj5.SYS
0x8ABED000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x8A9B0000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F608000 \SystemRoot\system32\DRIVERS\storport.sys
0x8F649000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F654000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F66B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F676000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F699000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F6A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8F6BC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F6D1000 \SystemRoot\system32\DRIVERS\tap0901.sys
0x8F6D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F6E8000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x8F6EE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F6F0000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F71A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F724000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F731000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F766000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x8F771000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F782000 \SystemRoot\system32\drivers\HdAudio.sys
0x8F7C1000 \SystemRoot\system32\drivers\portcls.sys
0x8FA0B000 \SystemRoot\system32\drivers\drmk.sys
0x8FA30000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FA6D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FC09000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FCBD000 \SystemRoot\system32\drivers\modem.sys
0x8FCE3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8FCF4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8FCFD000 \SystemRoot\System32\Drivers\Null.SYS
0x8FD04000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FD14000 \SystemRoot\System32\drivers\vga.sys
0x8FD20000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FD41000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FD49000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FD51000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FD5C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8FD6A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8FD73000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FD89000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FD9D000 \SystemRoot\system32\drivers\afd.sys
0x8FB70000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FDE5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FBA2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FBB0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FC00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FBC3000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8FD0B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9020D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90249000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90253000 \SystemRoot\System32\Drivers\dfsc.sys
0x9026A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90290000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9029D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x902A8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x99A90000 \SystemRoot\System32\win32k.sys
0x902B0000 \SystemRoot\System32\drivers\Dxapi.sys
0x902BA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99CB0000 \SystemRoot\System32\TSDDD.dll
0x99CD0000 \SystemRoot\System32\cdd.dll
0x902C9000 \SystemRoot\system32\drivers\luafv.sys
0x902E4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x90301000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x90311000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9033B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x90345000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x90358000 \SystemRoot\system32\drivers\HTTP.sys
0x903C5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x903E2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8FBE5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8A9DF000 \SystemRoot\system32\drivers\mrxdav.sys
0x8AFC8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAD40E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAD447000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAD45F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAD487000 \SystemRoot\System32\DRIVERS\srv.sys
0xAD4D6000 \SystemRoot\system32\drivers\spsys.sys
0xAD586000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAD58F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB0C09000 \SystemRoot\system32\drivers\peauth.sys
0xB0CE7000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB0CF1000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB0CFD000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB0D05000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xB0D1B000 \??\C:\Users\Tobbi\AppData\Local\Temp\axddapod.sys
0xB0D66000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB0D6F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB0D7F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB0D81000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x770E0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
Processes (total 58):
0 System Idle Process
4 System
420 C:\Windows\System32\smss.exe
492 csrss.exe
536 C:\Windows\System32\wininit.exe
548 csrss.exe
580 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
688 C:\Windows\System32\winlogon.exe
800 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\audiodg.exe
1228 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\SLsvc.exe
1268 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\spoolsv.exe
1684 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1696 C:\Windows\System32\svchost.exe
2040 C:\Windows\System32\dwm.exe
288 C:\Windows\System32\taskeng.exe
316 C:\Windows\explorer.exe
360 C:\Windows\System32\taskeng.exe
412 C:\Program Files\Google\Update\GoogleUpdate.exe
1524 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1164 C:\Windows\System32\svchost.exe
212 C:\Windows\System32\svchost.exe
2104 C:\Windows\System32\svchost.exe
2204 C:\Windows\System32\svchost.exe
2228 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2248 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2336 C:\Windows\System32\svchost.exe
2372 C:\Windows\System32\svchost.exe
2456 C:\Windows\System32\SearchIndexer.exe
2800 C:\Windows\System32\hkcmd.exe
2828 C:\Windows\System32\igfxpers.exe
2836 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2856 C:\Windows\vsnpstd3.exe
2876 C:\Windows\System32\igfxsrvc.exe
2884 C:\Program Files\Epson Software\Event Manager\EEventManager.exe
2892 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2916 C:\Windows\ehome\ehtray.exe
2944 C:\Program Files\RocketDock\RocketDock.exe
3180 C:\Windows\ehome\ehmsas.exe
3656 C:\Windows\System32\wbem\unsecapp.exe
3716 WmiPrvSE.exe
3104 C:\Windows\System32\svchost.exe
2116 C:\Program Files\Windows Media Player\wmpnetwk.exe
1444 C:\Program Files\Mozilla Firefox\firefox.exe
3692 C:\Windows\System32\SearchProtocolHost.exe
4032 C:\Windows\System32\SearchFilterHost.exe
3700 C:\Users\Tobbi\Desktop\MBRCheck.exe
2240 C:\Windows\System32\conime.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b5600000 (NTFS)
PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.ALC
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
|
| Themen zu OTL - Logfiles Malware |
| antivir, beiträge, folge, folgendes, forum, hochgefahren, hoffe, logfiles, malwar, malware, malwarebytes, programm, recovery, rkill, scan, schonmal, sekunden, starte, viren, virus, windows, windows recovery, zwischen |
Baum-Darstellung