Jump to content


Photo
- - - - -

unable to remove infected object


  • This topic is locked This topic is locked
26 replies to this topic

#1 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 06:47 AM

I encounter the following problem:

After running Malwarebytes' AntiMalware one infected object is found.
When I select "remove" I get a message that the object could not be deleted completely. After restarting the computer, Malwarebytes' will always again find the same infected object.

Here is the log-file I get:
[begin of logfile:]

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.03.2011 09:10:48
mbam-log-2011-03-22 (09-10-48).txt

Scan type: Quick scan
Objects scanned: 86683
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[end of logfile]

What is there to do?

Thank you in advance for any help!

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,192 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 22 March 2011 - 08:00 AM

Welcome to the forum.

The version of MBAM that you are using is way out of date:

Malwarebytes' Anti-Malware 1.45 <------should be 1.50
www.malwarebytes.org

You can download the latest version from the link below:
http://www.malwarebytes.org/mbam.php

-----------------------

Then update and run a scan with MBAM, post back the ,log, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 08:29 AM

I have now the newest version of Malwarebytes, same result, cannot be removed, neither after reboot (see log below).
I don't know if this info is important: Recently I opened a new account without administrator rights on my computer. It is only on this account that the infected object is found, not when running Malwarebytes on the account with administrator rights.

Here the new log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6131

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.03.2011 14:24:57
mbam-log-2011-03-22 (14-24-57).txt

Scan type: Quick scan
Objects scanned: 122071
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[end of log.]
Is there anything else I could do know?

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,192 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 22 March 2011 - 08:49 AM

OK, download the attached file: (cp.zip)
Unzip it: (cp.reg)
Now double click on it and allow it to merge into registry.

Reboot and let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 09:27 AM

(Thank you already so far!)
document has been added to registry, PC has been rebooted. Unfortunately, new Malwarebytes-scan still shows the same result (cannot remove)

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,192 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 22 March 2011 - 09:44 AM

What's the operating system you are using?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 10:04 AM

Windows XP

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,192 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 22 March 2011 - 10:31 AM

OK....please do this:

Go Start > Run > copy and paste this in > Gpedit.msc > OK
Click the + in front of User Configuration > and Administrator Templates > click on the Control Panel folder
Double click on > Force Classic Style Control Panel
Set it to Not Configured > OK your way out.

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 10:59 AM

To be able to access User Config. I switched to the account with administrator rights, followed your steps: "Not configured" had already been selected.

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,192 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 22 March 2011 - 11:13 AM

Download the attached cp.zip to your desktop
Unzip and double click on the cp.bat
Copy back the file it creates

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 11:20 AM

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001

#12 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,192 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 22 March 2011 - 11:38 AM

There it is, have you ever used the registry? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 11:45 AM

I don't think so. But it might be that I just do not know all that "registry" refers to.
If it is just about the Display style of e.g. the windows or menu bar, then this has always been set on "Media Center Style", never on "Classic Style"

#14 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,192 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 22 March 2011 - 12:05 PM

This should work, I tried it on my XP computer and it deleted that reg value:

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.
Double click on the icon on your desktop.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :REG
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
    "ForceClassicControlPanel"=-
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

To check and see if it's gone, just run that bat file again.

Let me know, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 12:19 PM

I fear it failed:
[log file of OTL:

========== REGISTRY ==========
Registry delete failed. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ForceClassicControlPanel scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.

OTL by OldTimer - Version 3.2.22.3 log created on 03222011_181141

[end. log file of bat:]
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001
"NoSMConfigurePrograms"=dword:00000001

#16 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,192 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 22 March 2011 - 12:34 PM

OK, we have to check a little deeper, please do this:

Download TDSSKiller to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.

Don't Change These Settings:
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.

You may be asked you to reboot the computer to complete the process. Click on Reboot Now

To view the report:
Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory and look something like this:
TDSSKiller.2.4.17.0_12.02.2011_14.35.56_log.txt

---------------------------------------

Please download and run ComboFix:

A few notes first:

[*]ComboFix is compatible exclusively with XP and W2K (32-bit only) <===> Vista and Windows 7 (32-bit and 64-bit)

[*]ComboFix must be run from an Administrative account.
[*]Vista and W7 users - Right click, choose "Run as Administrator"
[*]It must be downloaded to and run from your desktop.
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". (see below)

[*]ComboFix Guide <---please read!

Download ComboFix from one of these locations: (you may have to use right click > save target as)

[*]Link 1
[*]Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit.
More info HERE<-------
They may interfere with the running of ComboFix.

Note: If you have AVG or CA Internet Security Suite installed, due to recent changes in how these AV's target the tool's internal files, they must be uninstalled before running ComboFix. If you have difficulty uninstalling the AV, download and run Opswat AppRemover

[*]Double click on ComboFix.exe & follow the prompts.

[*]Note: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

[*] Note: If you have SP3, use the SP2 package.

If Vista or Windows 7, skip the Recovery Console part


[*]ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[*]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

[*]1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
[*]2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
[*]3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun ASAP!.
[*]4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If a reboot doesn't restore your connection, please try this:
Check HERE
For XP systems download and run WinSockFix and Here

Vista users: Check HERE
Windows 7 systems: Download and run this Winsockfix.bat

[*]5.Give ComboFix at least 20-30 minutes to finish if needed.


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 12:58 PM

[Here the TDSSKiller log, the other will follow:]
2011/03/22 18:57:22.0437 3060 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/22 18:57:22.0828 3060 ================================================================================
2011/03/22 18:57:22.0828 3060 SystemInfo:
2011/03/22 18:57:22.0828 3060
2011/03/22 18:57:22.0828 3060 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/22 18:57:22.0828 3060 Product type: Workstation
2011/03/22 18:57:22.0828 3060 ComputerName: WINDOWS-9AF3735
2011/03/22 18:57:22.0828 3060 UserName: Windows XP
2011/03/22 18:57:22.0828 3060 Windows directory: C:\WINDOWS
2011/03/22 18:57:22.0828 3060 System windows directory: C:\WINDOWS
2011/03/22 18:57:22.0828 3060 Processor architecture: Intel x86
2011/03/22 18:57:22.0828 3060 Number of processors: 2
2011/03/22 18:57:22.0828 3060 Page size: 0x1000
2011/03/22 18:57:22.0828 3060 Boot type: Normal boot
2011/03/22 18:57:22.0828 3060 ================================================================================
2011/03/22 18:57:22.0984 3060 Initialize success
2011/03/22 18:57:24.0828 3812 ================================================================================
2011/03/22 18:57:24.0828 3812 Scan started
2011/03/22 18:57:24.0828 3812 Mode: Manual;
2011/03/22 18:57:24.0828 3812 ================================================================================
2011/03/22 18:57:25.0515 3812 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/22 18:57:25.0562 3812 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/22 18:57:25.0656 3812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/22 18:57:25.0734 3812 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
2011/03/22 18:57:25.0953 3812 AR5416 (864160f5f4fbdd97b6a686854bfebd86) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/03/22 18:57:26.0109 3812 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Programme\ATKGFNEX\ASMMAP.sys
2011/03/22 18:57:26.0187 3812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/22 18:57:26.0218 3812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/03/22 18:57:26.0296 3812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/22 18:57:26.0375 3812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/22 18:57:26.0484 3812 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/03/22 18:57:26.0546 3812 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/03/22 18:57:26.0609 3812 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/03/22 18:57:26.0687 3812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/22 18:57:26.0765 3812 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys
2011/03/22 18:57:26.0796 3812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/22 18:57:26.0843 3812 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/22 18:57:26.0906 3812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/22 18:57:26.0984 3812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/22 18:57:27.0000 3812 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/22 18:57:27.0078 3812 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/22 18:57:27.0109 3812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/22 18:57:27.0187 3812 CRFILTER (d18893845ae1c5833b5b2ea9b7f5c670) C:\WINDOWS\system32\DRIVERS\CRFILTER.sys
2011/03/22 18:57:27.0265 3812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/22 18:57:27.0328 3812 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/22 18:57:27.0343 3812 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/22 18:57:27.0390 3812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/22 18:57:27.0453 3812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/22 18:57:27.0484 3812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/22 18:57:27.0578 3812 ETD (bf3afa622bc91f28d682d0c6e65107a6) C:\WINDOWS\system32\DRIVERS\ETD.sys
2011/03/22 18:57:27.0671 3812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/22 18:57:27.0765 3812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/22 18:57:27.0781 3812 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/22 18:57:27.0796 3812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/22 18:57:27.0890 3812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/22 18:57:27.0968 3812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/22 18:57:28.0015 3812 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/22 18:57:28.0062 3812 ftsata2 (65b50b303ff74a5517117ba3d25dbe7f) C:\WINDOWS\system32\drivers\ftsata2.sys
2011/03/22 18:57:28.0171 3812 ghaio (31b40f40e09513addc460f6a297ad474) C:\Programme\ASUS\NB Probe\SPM\ghaio.sys
2011/03/22 18:57:28.0281 3812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/22 18:57:28.0375 3812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/22 18:57:28.0468 3812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/22 18:57:28.0578 3812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/22 18:57:28.0718 3812 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/22 18:57:28.0906 3812 ialm (4889622b81a6bcc34bb4b972bc7d9f14) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/22 18:57:29.0046 3812 iaStor (de7c12e59605ea7ea0cf6345afeb0f07) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/03/22 18:57:29.0125 3812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/22 18:57:29.0203 3812 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/22 18:57:29.0234 3812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/22 18:57:29.0296 3812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/22 18:57:29.0328 3812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/22 18:57:29.0390 3812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/22 18:57:29.0421 3812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/22 18:57:29.0468 3812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/22 18:57:29.0515 3812 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/22 18:57:29.0609 3812 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/22 18:57:29.0671 3812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/22 18:57:29.0765 3812 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/22 18:57:29.0843 3812 L1e (1c2eed062dc77b0c16eb4f3ed58f044b) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
2011/03/22 18:57:29.0906 3812 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/03/22 18:57:30.0046 3812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/22 18:57:30.0093 3812 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/22 18:57:30.0187 3812 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
2011/03/22 18:57:30.0265 3812 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/22 18:57:30.0328 3812 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/22 18:57:30.0390 3812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/22 18:57:30.0421 3812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/22 18:57:30.0468 3812 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/22 18:57:30.0500 3812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/22 18:57:30.0546 3812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/22 18:57:30.0593 3812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/22 18:57:30.0609 3812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/22 18:57:30.0671 3812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/22 18:57:30.0734 3812 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/22 18:57:30.0765 3812 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/03/22 18:57:30.0796 3812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/22 18:57:30.0875 3812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/22 18:57:30.0953 3812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/22 18:57:31.0000 3812 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/22 18:57:31.0031 3812 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/22 18:57:31.0062 3812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/22 18:57:31.0078 3812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/22 18:57:31.0140 3812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/22 18:57:31.0203 3812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/22 18:57:31.0234 3812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/22 18:57:31.0328 3812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/22 18:57:31.0343 3812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/22 18:57:31.0421 3812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/22 18:57:31.0468 3812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/22 18:57:31.0515 3812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/22 18:57:31.0593 3812 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/22 18:57:31.0625 3812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/22 18:57:31.0718 3812 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/22 18:57:31.0750 3812 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/22 18:57:31.0828 3812 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/22 18:57:32.0015 3812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/22 18:57:32.0031 3812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/22 18:57:32.0062 3812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/22 18:57:32.0109 3812 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/22 18:57:32.0234 3812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/22 18:57:32.0265 3812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/22 18:57:32.0296 3812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/22 18:57:32.0312 3812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/22 18:57:32.0343 3812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/22 18:57:32.0359 3812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/22 18:57:32.0453 3812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/22 18:57:32.0500 3812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/22 18:57:32.0546 3812 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/22 18:57:32.0640 3812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/22 18:57:32.0687 3812 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/22 18:57:32.0765 3812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/22 18:57:32.0843 3812 Si3112 (2525f35d0a0e94bb0ca7b4b68117b453) C:\WINDOWS\system32\drivers\Si3112.sys
2011/03/22 18:57:32.0890 3812 Si3114r5 (87d406c592327ded095ff314427a4fa7) C:\WINDOWS\system32\drivers\Si3114r5.sys
2011/03/22 18:57:32.0906 3812 Si3124 (aaaa385ffbaaf3fd89f8ce26ff0d0751) C:\WINDOWS\system32\drivers\Si3124.sys
2011/03/22 18:57:32.0921 3812 Si3132 (7d494c2000287595d87b9ff6b080d3ff) C:\WINDOWS\system32\drivers\Si3132.sys
2011/03/22 18:57:32.0937 3812 Si3132r5 (f6dd3f9474afd65acd4861f57d40b8ab) C:\WINDOWS\system32\drivers\Si3132r5.sys
2011/03/22 18:57:33.0000 3812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/22 18:57:33.0078 3812 SNP2UVC (060f51141b20b8156804446a04ab8b2a) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2011/03/22 18:57:33.0171 3812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/22 18:57:33.0250 3812 Sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/22 18:57:33.0296 3812 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/22 18:57:33.0375 3812 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/03/22 18:57:33.0421 3812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/22 18:57:33.0484 3812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/22 18:57:33.0546 3812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/22 18:57:33.0656 3812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/22 18:57:33.0734 3812 Tcpip (e88631e21a9caca06104802f9e915115) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/22 18:57:33.0781 3812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/22 18:57:33.0796 3812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/22 18:57:33.0843 3812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/22 18:57:33.0921 3812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/22 18:57:33.0968 3812 ulsata2 (97e68ff0db46e3cff9928131a44a1dbe) C:\WINDOWS\system32\drivers\ulsata2.sys
2011/03/22 18:57:34.0031 3812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/22 18:57:34.0078 3812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/22 18:57:34.0156 3812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/22 18:57:34.0187 3812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/22 18:57:34.0218 3812 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/22 18:57:34.0265 3812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/22 18:57:34.0328 3812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/22 18:57:34.0406 3812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/22 18:57:34.0468 3812 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/22 18:57:34.0546 3812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/22 18:57:34.0593 3812 VIAHdAudAddService (bcd82dd4870000fc34be215fd116d371) C:\WINDOWS\system32\drivers\viahduaa.sys
2011/03/22 18:57:34.0656 3812 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/22 18:57:34.0828 3812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/22 18:57:34.0953 3812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/22 18:57:35.0046 3812 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/22 18:57:35.0109 3812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/22 18:57:35.0125 3812 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/22 18:57:35.0359 3812 ================================================================================
2011/03/22 18:57:35.0359 3812 Scan finished
2011/03/22 18:57:35.0359 3812 ================================================================================


[Combofix log will follow]

#18 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 01:34 PM

[Combofix log:]
ComboFix 11-03-21.02 - Windows XP 22/03/2011 19:12:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3037.2334 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Windows XP\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-22 bis 2011-03-22 ))))))))))))))))))))))))))))))
.
.
2011-03-22 17:11 . 2011-03-22 17:11 -------- d-----w- C:\_OTL
2011-03-22 15:53 . 2011-03-22 15:53 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-03-21 19:29 . 2011-03-21 19:29 -------- d-----w- c:\dokumente und einstellungen\Anna Maria\Lokale Einstellungen\Anwendungsdaten\Google
2011-03-21 06:17 . 2011-03-21 06:17 -------- d-----w- c:\dokumente und einstellungen\Anna Maria\Lokale Einstellungen\Anwendungsdaten\Conduit
2011-03-21 06:16 . 2011-03-21 06:16 -------- d-sh--w- c:\dokumente und einstellungen\Anna Maria\PrivacIE
2011-03-21 06:16 . 2011-03-21 06:17 -------- d-----w- c:\dokumente und einstellungen\Anna Maria\Lokale Einstellungen\Anwendungsdaten\softonic-de3
2011-03-21 06:16 . 2011-03-21 06:17 -------- d-----w- c:\dokumente und einstellungen\Anna Maria\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB
2011-03-20 20:43 . 2011-03-20 20:43 -------- d-----w- c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\Avira
2011-03-20 20:20 . 2011-03-20 20:20 -------- d-----w- c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\Malwarebytes
2011-03-20 16:07 . 2011-03-21 15:07 -------- d-----w- c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\Dropbox
2011-03-19 14:37 . 2011-03-19 14:37 -------- d-----w- c:\dokumente und einstellungen\Anna Maria\Lokale Einstellungen\Anwendungsdaten\Paint.NET
2011-03-17 13:06 . 2011-03-22 15:01 -------- d-----w- c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\skypePM
2011-03-17 13:06 . 2011-03-22 17:01 -------- d-----w- c:\dokumente und einstellungen\Anna Maria\Anwendungsdaten\Skype
2011-02-27 18:06 . 2011-02-27 18:06 11776 ----a-w- c:\programme\Mozilla Firefox\plugins\nprjplug.dll
2011-02-27 18:06 . 2011-02-27 18:06 -------- d-----w- c:\programme\Gemeinsame Dateien\xing shared
2011-02-27 18:05 . 2011-02-27 18:05 150712 ----a-w- c:\programme\Mozilla Firefox\plugins\nppl3260.dll
2011-02-27 18:05 . 2011-02-27 18:05 100864 ----a-w- c:\programme\Mozilla Firefox\plugins\nprpjplug.dll
2011-02-27 18:05 . 2011-02-27 18:06 -------- d-----w- c:\programme\Real
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 08:45 . 2009-07-20 17:51 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-08 20:14 . 2010-11-23 18:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-27 18:05 . 2009-07-20 16:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-02-20 15:49 . 2011-02-20 15:49 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-02-09 13:53 . 2008-04-14 11:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-14 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-07-20 15:53 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-07-20 15:53 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-22 19:33 . 2011-01-22 19:33 18367488 ----a-w- c:\programme\PXCViewer25191_x86.msi
2011-01-21 14:42 . 2008-04-14 11:00 441344 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:02 . 2008-12-07 14:55 1864192 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 21:19 . 2010-08-31 21:19 260432 ----a-w- c:\programme\SoftonicDownloader64308.exe
2010-07-20 08:37 . 2010-07-20 08:37 262976 ----a-w- c:\programme\SoftonicDownloader66221.exe
2010-06-07 09:38 . 2010-06-07 09:38 809264 ----a-w- c:\programme\HBSecurity.exe
2010-03-13 19:59 . 2010-03-13 19:59 318904 ----a-w- c:\programme\wmpfirefoxplugin.exe
2010-02-20 13:34 . 2010-02-20 13:34 1720832 ----a-w- c:\programme\FreePDF4.02.EXE
2010-02-20 13:32 . 2010-02-20 13:32 16357376 ----a-w- c:\programme\gs871w32.exe
.
.
------- Sigcheck -------
.
[-] 2008-12-07 . E88631E21A9CACA06104802F9E915115 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-12-07 . 5B278532D1544E4CF246EEA4465F088B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\programme\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\programme\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2011-01-17 14:54 175912 ----a-w- c:\programme\softonic-de3\prxtbsof0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\programme\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\programme\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\programme\softonic-de3\prxtbsof0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-03-23 33599488]
"ETDWare"="c:\programme\Elantech\ETDCtrl.exe" [2009-03-30 418816]
"Wireless Console 3"="c:\programme\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"HControlUser"="c:\programme\ASUS\ATK Hotkey\HControlUser.exe" [2009-04-01 98304]
"ATKHOTKEY"="c:\programme\ASUS\ATK Hotkey\HControl.exe" [2009-04-23 178744]
"ATKMEDIA"="c:\programme\ASUS\ATK Media\DMedia.exe" [2009-03-27 159744]
"ATKOSD2"="c:\programme\ASUS\ATKOSD2\ATKOSD2.exe" [2009-06-10 8568832]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Ad-Watch"="c:\programme\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-20 520024]
"ACMON"="c:\programme\ASUS\Splendid\ACMON.exe" [2008-09-30 851968]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"TkBellExe"="c:\programme\Real\RealPlayer\update\realsched.exe" [2011-02-27 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 11:37 173592 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 11:37 141336 ----a-r- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-14 12:33 570664 ----a-w- c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 11:37 142360 ----a-r- c:\windows\system32\igfxpers.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [20/07/2009 19:17 64160]
R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [7/12/2008 15:57 69248]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [7/12/2008 15:57 125952]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20/07/2009 18:51 135336]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [20/07/2009 18:33 129024]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programme\Lavasoft\Ad-Aware\AAWService.exe [9/03/2009 20:06 1029456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [20/07/2009 18:21 1057280]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [11/08/2010 10:17 136176]
S3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\drivers\CRFILTER.sys [7/04/2008 13:00 6656]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:17]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-08-11 09:17]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-08-11 09:17]
.
2011-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2958530812-814969169-2547977412-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2011-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2958530812-814969169-2547977412-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2011-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2958530812-814969169-2547977412-1004.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
2011-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2958530812-814969169-2547977412-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-01-24 13:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE: Free YouTube Download - c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\dokumente und einstellungen\Windows XP\Anwendungsdaten\Mozilla\Firefox\Profiles\1whetwco.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.presseurop.eu/fr|http://dict.leo.org/frde?lp=frde&search=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: Minimap Addon: {398e77b8-2304-11dc-8314-0800200c9a66} - %profile%\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-WgaLogon,Logoff,0,WLEventLogoff - (no file)
AddRemove-conduitEngine - c:\programme\ConduitEngine\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-22 19:15
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\programme\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2011-03-22 19:16:50
ComboFix-quarantined-files.txt 2011-03-22 18:16
.
Vor Suchlauf: 9 Verzeichnis(se), 167.130.529.792 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 167.304.126.464 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=HAKZYE /Kernel=TUKernel.exe
.
- - End Of File - - 57CDACF90A1B855167BA98AC9E153A67

#19 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,192 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 22 March 2011 - 01:55 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    tcpip.sys
    sfcfiles.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#20 anna1234

anna1234

    New Member

  • Members
  • Pip
  • 14 posts

Posted 22 March 2011 - 02:02 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 20:00 on 22/03/2011 by Anna Maria
(Limited User)

========== filefind ==========

Searching for "tcpip.sys"
C:\WINDOWS\system32\drivers\tcpip.sys --a---- 361600 bytes [14:55 07/12/2008] [14:55 07/12/2008] E88631E21A9CACA06104802F9E915115

Searching for "sfcfiles.dll"
C:\WINDOWS\system32\sfcfiles.dll --a---- 1571840 bytes [15:01 07/12/2008] [15:01 07/12/2008] 5B278532D1544E4CF246EEA4465F088B

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users