| |
| |||||||
Log-Analyse und Auswertung: Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.06.2011, 22:40
| #1 |
 |  Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Hallo verehrte Community : ) Habe hier auch schon über mein Problem gelesen: http://www.trojaner-board.de/96987-g...csrss-exe.html Zudem laufen Videos im Interet nichtmehr gescheit, z.B. auf Youtube und web.de laufen videos nur noch wenn ich gleichzeitg die Maus bewege, steht die Maus, friert auch das Bild ein... Habe mir also defogger runtergeladen . Nach dem disablen und dem Neustart tauchte allerding eine Fehlermeldung auf, das die csrss.exe nicht gefunden wird ( siehe Anhang) und ich komm nichtmehr ins Internet ( FFox meldet, dass der Proxy die Verbindung verweigert). Das alles allerdings erst nach dem Neustart nach defogger- Gebrauch. Habe denn wieder defogger geöffnet und den un-disable-Button gedrückt, weil ich hoffte, dann komm ich wieder ins Netz, aber nix ( hoffe damit hab ich es nicht schlimmer gemacht). Malewarebytes konnte ich aber noch updaten, nur surfen kann ich nichtmehr, weder mit FFox noch mit dem IE. Habe noch spybod, Antivir und malewarebytes scannen lassen. Spybot hat gefunden: LiveSVC.Wintrim und Win32.Palevo, habe beides beheben lassen. Im Anhang: -Logfile von Antivir -Logfile GMER -Logfile defogger -Logfile OTL ( Logfile und Extras) -Logfile malewarebytes -Funde von spybot als screenshot -Fehlermeldung csrss.exe Ok, ich befürchte gerade dei Scans waren um sonst, weil ich ja vorher den defogger enabled habe...??? falls dem so sei, werde ich morgen nochmal disablen und scannen. Aber habt ihr eine Antwort, warum der defogger meinen Proxy einstellt, bzw, was ich machen muss, dass ich mit dem Notebook wieder ins Internet komme? Ich sach schonma danke, und gute Nacht. Grüße Philzlipp |
|
14.06.2011, 11:31
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan)Zitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
16.06.2011, 21:40
| #3 |
| | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Hallo Arne,
__________________vielen Dank für die nette Begrüßung. Kannst du mir als erstes sagen, was ich tun kann, um wieder mit meinem Notebook ins Internet gehen zu können? Wie gesagt, seit ich mit defogger "disabled" habe, bekomme ich mit Firefox keine Internetverbindung mehr : "Fehler: Proxy- Server verweigert die Verbindung". Aber ich habe Proxyserver deaktiviert, und mit IE komme ich auch noch ins Netz, nur nicht mit Firefox. Hier ist nun der Log von Malewarebytes. Danke schonmal im Voraus für die Hilfe. Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6858 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 16.06.2011 21:34:58 mbam-log-2011-06-16 (21-34-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 318778 Laufzeit: 1 Stunde(n), 49 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Verena\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\8EN7W667\readme[1].exe (Backdoor.Cycbot.Gen) -> No action taken. Grüße Philz |
|
16.06.2011, 21:58
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan)Zitat:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost localhost localhost localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63151
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - File not found
O4 - HKLM..\Run: [] File not found
F3 - HKCU WinNT: Load - (C:\Users\Verena\AppData\Local\Temp\csrss.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{061f329c-350b-11df-80c0-001eec04c4f2}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe R118-M01.vbs
O33 - MountPoints2\{9ef31101-3026-11df-9c1c-001eec04c4f2}\Shell - "" = AutoRun
O33 - MountPoints2\{9ef31101-3026-11df-9c1c-001eec04c4f2}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{9ef31101-3026-11df-9c1c-001eec04c4f2}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{9ef31101-3026-11df-9c1c-001eec04c4f2}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{ac3caaf5-362f-11de-af3a-001eec04c4f2}\Shell - "" = AutoRun
O33 - MountPoints2\{ac3caaf5-362f-11de-af3a-001eec04c4f2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{dc78fa3e-c606-11de-941b-001eec04c4f2}\Shell - "" = AutoRun
O33 - MountPoints2\{dc78fa3e-c606-11de-941b-001eec04c4f2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
[2011.06.13 19:30:39 | 000,024,394 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\BD52.C64
[2008.12.17 20:39:32 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Ankh
[2010.12.18 13:06:25 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Cifein
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.06.2011, 16:57
| #5 |
| | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Hallo Arne, danke für die schnelle Antwort. Also hier der fix- log von OTL: ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "ICQ Search" removed from browser.search.defaultenginename Prefs.js: "Google" removed from browser.search.selectedEngine Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Verena\AppData\Local\Temp\csrss.exe deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{061f329c-350b-11df-80c0-001eec04c4f2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{061f329c-350b-11df-80c0-001eec04c4f2}\ not found. File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe R118-M01.vbs not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef31101-3026-11df-9c1c-001eec04c4f2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ef31101-3026-11df-9c1c-001eec04c4f2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef31101-3026-11df-9c1c-001eec04c4f2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ef31101-3026-11df-9c1c-001eec04c4f2}\ not found. File G:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef31101-3026-11df-9c1c-001eec04c4f2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ef31101-3026-11df-9c1c-001eec04c4f2}\ not found. File G:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef31101-3026-11df-9c1c-001eec04c4f2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ef31101-3026-11df-9c1c-001eec04c4f2}\ not found. File G:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac3caaf5-362f-11de-af3a-001eec04c4f2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac3caaf5-362f-11de-af3a-001eec04c4f2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac3caaf5-362f-11de-af3a-001eec04c4f2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ac3caaf5-362f-11de-af3a-001eec04c4f2}\ not found. File G:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc78fa3e-c606-11de-941b-001eec04c4f2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc78fa3e-c606-11de-941b-001eec04c4f2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc78fa3e-c606-11de-941b-001eec04c4f2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc78fa3e-c606-11de-941b-001eec04c4f2}\ not found. File D:\AutoRun.exe not found. C:\Users\Verena\AppData\Roaming\BD52.C64 moved successfully. C:\Users\Verena\AppData\Roaming\Ankh\save folder moved successfully. C:\Users\Verena\AppData\Roaming\Ankh folder moved successfully. C:\Users\Verena\AppData\Roaming\Cifein folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.24.0 log created on 06172011_175256 Was interessantes zu sehen?? Grüße Pilz |
|
17.06.2011, 17:01
| #6 |
| | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Ah sehrschön, die Spuren von ICQ im IE wurden beseitigt  Aber mit FFox komm ich immernoch nicht ins Internet  Geändert von Larusso (19.06.2011 um 13:41 Uhr) |
|
19.06.2011, 10:25
| #7 |
| | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Sehr geehrtes Trojaner- Board- Team, es wäre nett wenn mir jemand von euch sagen würde, warum ich seit dem Gebrauch des Defogger nicht mehr mit dem Firefox ins Internt komme, bzw was ich tun kann, dass es wieder geht. Mittlerweile wäre ich schon froh, wenn ich einfach den Urzustand wieder herstellen könnte, von mir aus mit dem redirecting zu den ungewollten Seiten, aber ich brauche meine Bookmarks im Firefox etc. Schönen Sonntach! Philz |
|
20.06.2011, 09:04
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.07.2011, 18:57
| #9 |
| | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Alles klar, danke FIrefox funzt wieder. Die Problematik des redirecting ist auch verschwunden. Jedoch würde ich gerne eure meinung Hören, ob meine Platte wieder sauber ist. Also erstmal schonmal dickes dankeschön für bisher!! : ) Und hier ist der Report von TDSSKiller: 2011/07/04 19:50:04.0171 4116 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21 2011/07/04 19:50:04.0775 4116 ================================================================================ 2011/07/04 19:50:04.0775 4116 SystemInfo: 2011/07/04 19:50:04.0775 4116 2011/07/04 19:50:04.0775 4116 OS Version: 6.0.6002 ServicePack: 2.0 2011/07/04 19:50:04.0775 4116 Product type: Workstation 2011/07/04 19:50:04.0775 4116 ComputerName: PHIL 2011/07/04 19:50:04.0775 4116 UserName: Verena 2011/07/04 19:50:04.0775 4116 Windows directory: C:\Windows 2011/07/04 19:50:04.0775 4116 System windows directory: C:\Windows 2011/07/04 19:50:04.0776 4116 Processor architecture: Intel x86 2011/07/04 19:50:04.0776 4116 Number of processors: 2 2011/07/04 19:50:04.0776 4116 Page size: 0x1000 2011/07/04 19:50:04.0776 4116 Boot type: Normal boot 2011/07/04 19:50:04.0776 4116 ================================================================================ 2011/07/04 19:50:06.0033 4116 Initialize success 2011/07/04 19:50:08.0958 3368 ================================================================================ 2011/07/04 19:50:08.0958 3368 Scan started 2011/07/04 19:50:08.0958 3368 Mode: Manual; 2011/07/04 19:50:08.0958 3368 ================================================================================ 2011/07/04 19:50:10.0755 3368 ACEDRV05 (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\ACEDRV05.sys 2011/07/04 19:50:10.0885 3368 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\ACEDRV07.sys 2011/07/04 19:50:10.0960 3368 ACEDRV08 (da06d89cdfdd0d24de75165cf6d4270b) C:\Windows\system32\drivers\ACEDRV08.sys 2011/07/04 19:50:11.0096 3368 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys 2011/07/04 19:50:11.0151 3368 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/07/04 19:50:11.0233 3368 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/07/04 19:50:11.0371 3368 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/07/04 19:50:11.0473 3368 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/07/04 19:50:11.0523 3368 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/07/04 19:50:11.0700 3368 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/07/04 19:50:11.0818 3368 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys 2011/07/04 19:50:11.0977 3368 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/07/04 19:50:12.0025 3368 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/07/04 19:50:12.0069 3368 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/07/04 19:50:12.0197 3368 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/07/04 19:50:12.0235 3368 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/07/04 19:50:12.0293 3368 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/07/04 19:50:12.0364 3368 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/07/04 19:50:12.0550 3368 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/07/04 19:50:12.0615 3368 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/07/04 19:50:12.0686 3368 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/04 19:50:12.0815 3368 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/07/04 19:50:12.0889 3368 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys 2011/07/04 19:50:13.0114 3368 atikmdag (2da875f6519d6eb2214350c264960c8a) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/07/04 19:50:13.0331 3368 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/07/04 19:50:13.0397 3368 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/07/04 19:50:13.0549 3368 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/07/04 19:50:13.0684 3368 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/04 19:50:13.0769 3368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/07/04 19:50:13.0849 3368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/07/04 19:50:13.0989 3368 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/07/04 19:50:14.0065 3368 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/07/04 19:50:14.0146 3368 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/07/04 19:50:14.0211 3368 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/07/04 19:50:14.0261 3368 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/07/04 19:50:14.0360 3368 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/04 19:50:14.0444 3368 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/04 19:50:14.0533 3368 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/07/04 19:50:14.0639 3368 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/07/04 19:50:14.0810 3368 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/04 19:50:14.0984 3368 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/07/04 19:50:15.0095 3368 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/04 19:50:15.0258 3368 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/07/04 19:50:15.0485 3368 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/07/04 19:50:15.0526 3368 Scan interrupted by user! 2011/07/04 19:50:15.0526 3368 Scan interrupted by user! 2011/07/04 19:50:15.0526 3368 Scan interrupted by user! 2011/07/04 19:50:15.0526 3368 ================================================================================ 2011/07/04 19:50:15.0526 3368 Scan finished 2011/07/04 19:50:15.0526 3368 ================================================================================ 2011/07/04 19:50:15.0542 5960 Detected object count: 0 2011/07/04 19:50:15.0542 5960 Actual detected object count: 0 2011/07/04 19:50:34.0442 5936 ================================================================================ 2011/07/04 19:50:34.0442 5936 Scan started 2011/07/04 19:50:34.0442 5936 Mode: Manual; 2011/07/04 19:50:34.0442 5936 ================================================================================ 2011/07/04 19:50:35.0285 5936 ACEDRV05 (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\ACEDRV05.sys 2011/07/04 19:50:35.0503 5936 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\Windows\system32\drivers\ACEDRV07.sys 2011/07/04 19:50:35.0581 5936 ACEDRV08 (da06d89cdfdd0d24de75165cf6d4270b) C:\Windows\system32\drivers\ACEDRV08.sys 2011/07/04 19:50:35.0846 5936 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys 2011/07/04 19:50:36.0065 5936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/07/04 19:50:36.0189 5936 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/07/04 19:50:36.0408 5936 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/07/04 19:50:36.0533 5936 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/07/04 19:50:36.0626 5936 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/07/04 19:50:36.0907 5936 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/07/04 19:50:37.0141 5936 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys 2011/07/04 19:50:37.0359 5936 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/07/04 19:50:37.0593 5936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/07/04 19:50:37.0687 5936 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/07/04 19:50:37.0781 5936 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/07/04 19:50:37.0859 5936 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/07/04 19:50:37.0968 5936 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/07/04 19:50:38.0061 5936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/07/04 19:50:38.0342 5936 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/07/04 19:50:38.0639 5936 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/07/04 19:50:38.0763 5936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/04 19:50:38.0919 5936 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/07/04 19:50:39.0247 5936 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys 2011/07/04 19:50:39.0481 5936 atikmdag (2da875f6519d6eb2214350c264960c8a) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/07/04 19:50:39.0637 5936 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/07/04 19:50:39.0699 5936 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/07/04 19:50:39.0762 5936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/07/04 19:50:39.0918 5936 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/04 19:50:39.0965 5936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/07/04 19:50:40.0011 5936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/07/04 19:50:40.0074 5936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/07/04 19:50:40.0136 5936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/07/04 19:50:40.0183 5936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/07/04 19:50:40.0214 5936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/07/04 19:50:40.0277 5936 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/07/04 19:50:40.0355 5936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/04 19:50:40.0417 5936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/07/04 19:50:40.0479 5936 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/07/04 19:50:40.0604 5936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/07/04 19:50:40.0682 5936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/04 19:50:40.0729 5936 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/07/04 19:50:40.0791 5936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/04 19:50:40.0869 5936 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/07/04 19:50:40.0932 5936 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/07/04 19:50:40.0994 5936 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 2011/07/04 19:50:41.0057 5936 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/07/04 19:50:41.0244 5936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/07/04 19:50:41.0322 5936 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys 2011/07/04 19:50:41.0509 5936 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 2011/07/04 19:50:41.0571 5936 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 2011/07/04 19:50:41.0618 5936 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 2011/07/04 19:50:41.0774 5936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/07/04 19:50:41.0883 5936 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/04 19:50:42.0039 5936 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/07/04 19:50:42.0117 5936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/07/04 19:50:42.0289 5936 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/07/04 19:50:42.0445 5936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/07/04 19:50:42.0523 5936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/07/04 19:50:42.0632 5936 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/04 19:50:42.0710 5936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/07/04 19:50:42.0773 5936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/07/04 19:50:42.0913 5936 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/04 19:50:42.0975 5936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/07/04 19:50:43.0131 5936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/04 19:50:43.0178 5936 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/07/04 19:50:43.0256 5936 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 2011/07/04 19:50:43.0412 5936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/07/04 19:50:43.0475 5936 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/07/04 19:50:43.0521 5936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/07/04 19:50:43.0662 5936 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/07/04 19:50:43.0724 5936 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/07/04 19:50:43.0911 5936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/07/04 19:50:44.0161 5936 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/07/04 19:50:44.0239 5936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/07/04 19:50:44.0379 5936 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/07/04 19:50:44.0473 5936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/07/04 19:50:44.0691 5936 IntcAzAudAddService (b84732d9f8459abf6323d28a3270dc19) C:\Windows\system32\drivers\RTKVHDA.sys 2011/07/04 19:50:44.0847 5936 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 2011/07/04 19:50:44.0894 5936 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/04 19:50:44.0972 5936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/04 19:50:45.0128 5936 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/07/04 19:50:45.0191 5936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/07/04 19:50:45.0237 5936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/07/04 19:50:45.0378 5936 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/07/04 19:50:45.0471 5936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/07/04 19:50:45.0690 5936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/07/04 19:50:45.0877 5936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/07/04 19:50:45.0939 5936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/07/04 19:50:46.0127 5936 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/07/04 19:50:46.0236 5936 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys 2011/07/04 19:50:46.0501 5936 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys 2011/07/04 19:50:46.0844 5936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/04 19:50:47.0172 5936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/04 19:50:47.0390 5936 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys 2011/07/04 19:50:47.0437 5936 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/07/04 19:50:47.0484 5936 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/07/04 19:50:47.0609 5936 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/07/04 19:50:47.0671 5936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/07/04 19:50:47.0765 5936 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/07/04 19:50:47.0905 5936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/07/04 19:50:47.0983 5936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/04 19:50:48.0045 5936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/07/04 19:50:48.0170 5936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/04 19:50:48.0217 5936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/07/04 19:50:48.0279 5936 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/07/04 19:50:48.0404 5936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/04 19:50:48.0482 5936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/07/04 19:50:48.0529 5936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/07/04 19:50:48.0591 5936 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/04 19:50:48.0701 5936 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/04 19:50:48.0747 5936 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/04 19:50:48.0779 5936 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/07/04 19:50:48.0825 5936 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/07/04 19:50:48.0966 5936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/07/04 19:50:49.0028 5936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/07/04 19:50:49.0091 5936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/04 19:50:49.0247 5936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/04 19:50:49.0278 5936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/07/04 19:50:49.0340 5936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/07/04 19:50:49.0418 5936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/07/04 19:50:49.0527 5936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/07/04 19:50:49.0621 5936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/07/04 19:50:49.0730 5936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/04 19:50:49.0855 5936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/07/04 19:50:49.0949 5936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/04 19:50:50.0011 5936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/04 19:50:50.0136 5936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/04 19:50:50.0214 5936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/07/04 19:50:50.0354 5936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/04 19:50:50.0432 5936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/04 19:50:50.0526 5936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/07/04 19:50:50.0682 5936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/07/04 19:50:50.0791 5936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/04 19:50:50.0869 5936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/07/04 19:50:51.0009 5936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/07/04 19:50:51.0072 5936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/07/04 19:50:51.0103 5936 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/07/04 19:50:51.0150 5936 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/07/04 19:50:51.0259 5936 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/07/04 19:50:51.0415 5936 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/07/04 19:50:51.0540 5936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/07/04 19:50:51.0602 5936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/07/04 19:50:51.0665 5936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/07/04 19:50:51.0711 5936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/07/04 19:50:51.0836 5936 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/07/04 19:50:51.0899 5936 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/07/04 19:50:52.0039 5936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/07/04 19:50:52.0273 5936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/04 19:50:52.0351 5936 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/07/04 19:50:52.0445 5936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/04 19:50:52.0569 5936 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/07/04 19:50:52.0694 5936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/07/04 19:50:52.0819 5936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/04 19:50:52.0913 5936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/04 19:50:52.0959 5936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/04 19:50:53.0084 5936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/04 19:50:53.0131 5936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/04 19:50:53.0193 5936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/04 19:50:53.0318 5936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/04 19:50:53.0381 5936 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/07/04 19:50:53.0459 5936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/04 19:50:53.0537 5936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/07/04 19:50:53.0693 5936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/04 19:50:53.0771 5936 RTL8169 (8ac16411b25e29124f6d421add58fbe6) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/07/04 19:50:53.0833 5936 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/07/04 19:50:53.0989 5936 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/07/04 19:50:54.0051 5936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/07/04 19:50:54.0129 5936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/07/04 19:50:54.0161 5936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/07/04 19:50:54.0270 5936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/07/04 19:50:54.0379 5936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/07/04 19:50:54.0426 5936 sffp_mmc (435222da8b676a7edd952f227f39e3c0) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/04 19:50:54.0488 5936 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/07/04 19:50:54.0597 5936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/07/04 19:50:54.0675 5936 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/07/04 19:50:54.0707 5936 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/07/04 19:50:54.0753 5936 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/07/04 19:50:54.0878 5936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/07/04 19:50:54.0972 5936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/07/04 19:50:55.0081 5936 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/07/04 19:50:55.0081 5936 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/07/04 19:50:55.0097 5936 sptd - detected LockedFile.Multi.Generic (1) 2011/07/04 19:50:55.0206 5936 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/07/04 19:50:55.0299 5936 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/04 19:50:55.0346 5936 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/04 19:50:55.0471 5936 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/07/04 19:50:55.0596 5936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/07/04 19:50:55.0643 5936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/07/04 19:50:55.0736 5936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/07/04 19:50:55.0783 5936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/07/04 19:50:55.0877 5936 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys 2011/07/04 19:50:56.0001 5936 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/07/04 19:50:56.0095 5936 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/04 19:50:56.0173 5936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/04 19:50:56.0235 5936 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys 2011/07/04 19:50:56.0282 5936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/07/04 19:50:56.0360 5936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/07/04 19:50:56.0454 5936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/04 19:50:56.0516 5936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/07/04 19:50:56.0641 5936 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys 2011/07/04 19:50:56.0875 5936 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys 2011/07/04 19:50:56.0953 5936 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys 2011/07/04 19:50:57.0187 5936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/04 19:50:57.0234 5936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/07/04 19:50:57.0296 5936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/04 19:50:57.0421 5936 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 2011/07/04 19:50:57.0468 5936 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/07/04 19:50:57.0515 5936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/04 19:50:57.0686 5936 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/04 19:50:57.0749 5936 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/07/04 19:50:57.0795 5936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/07/04 19:50:57.0920 5936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/07/04 19:50:57.0983 5936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/07/04 19:50:58.0061 5936 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/07/04 19:50:58.0185 5936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/04 19:50:58.0232 5936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/07/04 19:50:58.0326 5936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/04 19:50:58.0451 5936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/04 19:50:58.0513 5936 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/07/04 19:50:58.0560 5936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/04 19:50:58.0716 5936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/04 19:50:58.0794 5936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/04 19:50:58.0856 5936 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/04 19:50:58.0997 5936 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 2011/07/04 19:50:59.0043 5936 UVCFTR (5701a984efa8e209848a6d556dd02933) C:\Windows\system32\DRIVERS\UVCFTR_S.SYS 2011/07/04 19:50:59.0121 5936 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/04 19:50:59.0246 5936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/07/04 19:50:59.0277 5936 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/07/04 19:50:59.0309 5936 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/07/04 19:50:59.0355 5936 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/07/04 19:50:59.0496 5936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/07/04 19:50:59.0574 5936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/07/04 19:50:59.0636 5936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/07/04 19:50:59.0777 5936 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/07/04 19:50:59.0901 5936 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys 2011/07/04 19:51:00.0073 5936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/07/04 19:51:00.0151 5936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/04 19:51:00.0198 5936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/04 19:51:00.0260 5936 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/07/04 19:51:00.0416 5936 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/04 19:51:00.0588 5936 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys 2011/07/04 19:51:00.0650 5936 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/07/04 19:51:00.0822 5936 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/07/04 19:51:00.0884 5936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/04 19:51:01.0009 5936 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/04 19:51:01.0071 5936 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 2011/07/04 19:51:01.0087 5936 Boot (0x1200) (0e259556f76e7864fa64251ea73c5360) \Device\Harddisk0\DR0\Partition0 2011/07/04 19:51:01.0134 5936 Boot (0x1200) (af29a5403b87aa8e443cc08412f95f89) \Device\Harddisk0\DR0\Partition1 2011/07/04 19:51:01.0134 5936 ================================================================================ 2011/07/04 19:51:01.0134 5936 Scan finished 2011/07/04 19:51:01.0134 5936 ================================================================================ 2011/07/04 19:51:01.0165 5336 Detected object count: 1 2011/07/04 19:51:01.0165 5336 Actual detected object count: 1 2011/07/04 19:53:05.0138 5336 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot 2011/07/04 19:53:05.0575 5336 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot 2011/07/04 19:53:05.0591 5336 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot 2011/07/04 19:53:05.0591 5336 LockedFile.Multi.Generic(sptd) - User select action: Delete Achso, und hide- Problematik hab ich keine bemerken könne bis jetzt. Aber danke für den Hinweis. Grüße Philz |
|
04.07.2011, 19:49
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2011, 19:21
| #11 |
| | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Hello again, hier also der Inhalt der ComboFix.txt: Combofix Logfile: Code:
ATTFilter ComboFix 11-07-18.01 - Verena 18.07.2011 20:03:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.1301 [GMT 2:00]
ausgeführt von:: e:\desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Verena\AppData\Local\gceky.dat
c:\users\Verena\AppData\Local\gceky_nav.dat
c:\users\Verena\AppData\Local\gceky_navps.dat
c:\users\Verena\AppData\Local\Microsoft\Windows\Temporary Internet Files\mxfilerelatedcache.mxc2
c:\users\Verena\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Verena\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-18 bis 2011-07-18 ))))))))))))))))))))))))))))))
.
.
2011-07-18 18:11 . 2011-07-18 18:12 -------- d-----w- c:\users\Verena\AppData\Local\temp
2011-07-18 18:11 . 2011-07-18 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-15 17:41 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC15E8A1-BD74-4F50-ADB0-115DA37284AF}\mpengine.dll
2011-07-13 17:06 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 17:05 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 17:05 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-30 19:57 . 2011-06-30 19:57 -------- d-----w- c:\users\Verena\AppData\Roaming\Canneverbe Limited
2011-06-30 19:57 . 2011-06-30 19:57 -------- d-----w- c:\programdata\Canneverbe Limited
2011-06-30 19:57 . 2011-06-30 19:57 -------- d-----w- c:\program files\CDBurnerXP
2011-06-29 00:10 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-27 08:49 . 2011-06-27 08:49 -------- d-----w- c:\users\Verena\AppData\Local\QuickStores
2011-06-27 08:49 . 2011-06-27 08:49 -------- d-----w- c:\users\Verena\AppData\Local\optBeruby
2011-06-27 08:46 . 2011-06-27 08:46 -------- d-----w- c:\program files\DsNET Corp
2011-06-23 16:29 . 2011-06-23 16:29 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 16:29 . 2011-06-23 16:29 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-19 06:53 . 2011-06-19 06:53 -------- d-----w- c:\programdata\WindowsSearch
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 02:42 . 2010-04-03 22:43 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-04 02:42 . 2010-04-03 22:43 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-27 04:34 . 2011-05-30 15:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2010-12-19 23:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16 . 2011-06-14 22:17 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-14 22:08 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-14 22:08 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-14 22:17 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-14 22:17 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-14 22:17 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-22 23:35 . 2011-06-15 01:13 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-22 23:25 . 2011-06-15 01:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-21 13:58 . 2011-06-14 22:18 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-23 16:29 . 2011-05-10 16:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
phase-6 Reminder.lnk - c:\program files\phase-6\phase-6-basic\reminder\reminder.exe [2011-3-11 1032192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2008-08-02 108768]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-23 13:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=14672
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to Mp3 Converter - c:\users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\4e83lb3j.xx\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - sueddeutsche.de
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63151
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SafeBoot-34930840.sys
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Firebird SQL Server D - c:\program files\MAGIX\Common\Database\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-18 20:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-07-18 20:17:50
ComboFix-quarantined-files.txt 2011-07-18 18:17
.
Vor Suchlauf: 7 Verzeichnis(se), 50.405.470.208 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 51.194.388.480 Bytes frei
.
- - End Of File - - 2AF72DF0432FB739CDCAE6E49521330E
Grüße un schönen Abend Philz |
|
18.07.2011, 19:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.07.2011, 17:57
| #13 |
| | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Tach auch! Also hier die ComboFix.txt: Combofix Logfile: Code:
ATTFilter ComboFix 11-07-18.01 - Verena 18.07.2011 20:03:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.1301 [GMT 2:00]
ausgeführt von:: e:\desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Verena\AppData\Local\gceky.dat
c:\users\Verena\AppData\Local\gceky_nav.dat
c:\users\Verena\AppData\Local\gceky_navps.dat
c:\users\Verena\AppData\Local\Microsoft\Windows\Temporary Internet Files\mxfilerelatedcache.mxc2
c:\users\Verena\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2
c:\users\Verena\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-18 bis 2011-07-18 ))))))))))))))))))))))))))))))
.
.
2011-07-18 18:11 . 2011-07-18 18:12 -------- d-----w- c:\users\Verena\AppData\Local\temp
2011-07-18 18:11 . 2011-07-18 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-15 17:41 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC15E8A1-BD74-4F50-ADB0-115DA37284AF}\mpengine.dll
2011-07-13 17:06 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 17:05 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 17:05 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-06-30 19:57 . 2011-06-30 19:57 -------- d-----w- c:\users\Verena\AppData\Roaming\Canneverbe Limited
2011-06-30 19:57 . 2011-06-30 19:57 -------- d-----w- c:\programdata\Canneverbe Limited
2011-06-30 19:57 . 2011-06-30 19:57 -------- d-----w- c:\program files\CDBurnerXP
2011-06-29 00:10 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-27 08:49 . 2011-06-27 08:49 -------- d-----w- c:\users\Verena\AppData\Local\QuickStores
2011-06-27 08:49 . 2011-06-27 08:49 -------- d-----w- c:\users\Verena\AppData\Local\optBeruby
2011-06-27 08:46 . 2011-06-27 08:46 -------- d-----w- c:\program files\DsNET Corp
2011-06-23 16:29 . 2011-06-23 16:29 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-23 16:29 . 2011-06-23 16:29 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-19 06:53 . 2011-06-19 06:53 -------- d-----w- c:\programdata\WindowsSearch
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 02:42 . 2010-04-03 22:43 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-04 02:42 . 2010-04-03 22:43 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-27 04:34 . 2011-05-30 15:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 17:14 . 2010-12-19 23:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16 . 2011-06-14 22:17 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25 . 2011-06-14 22:08 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25 . 2011-06-14 22:08 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24 . 2011-06-14 22:17 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24 . 2011-06-14 22:17 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24 . 2011-06-14 22:17 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-22 23:35 . 2011-06-15 01:13 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-22 23:25 . 2011-06-15 01:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-21 13:58 . 2011-06-14 22:18 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-23 16:29 . 2011-05-10 16:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 509496]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"VX1000"="c:\windows\vVX1000.exe" [2009-06-26 757248]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
phase-6 Reminder.lnk - c:\program files\phase-6\phase-6-basic\reminder\reminder.exe [2011-3-11 1032192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2008-08-02 108768]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-23 13:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=14672
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to Mp3 Converter - c:\users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\4e83lb3j.xx\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - sueddeutsche.de
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 63151
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SafeBoot-34930840.sys
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Firebird SQL Server D - c:\program files\MAGIX\Common\Database\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-18 20:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-07-18 20:17:50
ComboFix-quarantined-files.txt 2011-07-18 18:17
.
Vor Suchlauf: 7 Verzeichnis(se), 50.405.470.208 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 51.194.388.480 Bytes frei
.
- - End Of File - - 2AF72DF0432FB739CDCAE6E49521330E
Danke!!!!!!!!!!!!!!!!! |
|
28.07.2011, 21:08
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Wieso nochmal CF?! Das Log haben wir schon längst.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.07.2011, 07:08
| #15 |
| | Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) Sorrz, fehler im System. Hier also die Logs von -Gmer -Osam -MBRCheck Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-13 22:59:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2046GSX rev.LB013M
Running: xm9wn1og.exe; Driver: C:\Users\Verena\AppData\Local\Temp\ugddapod.sys
---- System - GMER 1.0.15 ----
INT 0x52 ? 861D6F00
INT 0x52 ? 861D6F00
INT 0x62 ? 861D6F00
INT 0x72 ? 861D6F00
INT 0x92 ? 84887BF8
INT 0xA2 ? 84887BF8
INT 0xB2 ? 84887BF8
INT 0xB2 ? 84887BF8
INT 0xB2 ? 84887BF8
INT 0xB3 ? 861D6F00
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spsk.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88554000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8859D000, 0x510, 0x40000040]
.text USBPORT.SYS!DllUnload 8CB2541B 5 Bytes JMP 861D64E0
.text ao044q0e.SYS 82F80000 22 Bytes [82, 03, 22, 82, 6C, 02, 22, ...]
.text ao044q0e.SYS 82F80017 137 Bytes [00, 32, 87, 70, 80, 3D, 85, ...]
.text ao044q0e.SYS 82F800A1 43 Bytes [50, 2F, 82, 74, 46, 29, 82, ...]
.text ao044q0e.SYS 82F800CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text ao044q0e.SYS 82F800DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
.text C:\Windows\system32\drivers\ACEDRV05.sys section is writeable [0x8D336000, 0x30A4A, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0x8D378000]
.relo2 C:\Windows\system32\drivers\ACEDRV05.sys unknown last section [0x8D393000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\ACEDRV07.sys section is writeable [0x8D752000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0x8D796000]
.relo2 C:\Windows\system32\drivers\ACEDRV07.sys unknown last section [0x8D7B2000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\ACEDRV08.sys section is writeable [0x9900A000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV08.sys entry point in ".pklstb" section [0x9904E000]
.relo2 C:\Windows\system32\drivers\ACEDRV08.sys unknown last section [0x9906A000, 0x8E, 0x42000040]
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0x9DD44300, 0x25D4C, 0xE0000060]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 852191F8
Device \FileSystem\fastfat \FatCdrom 861EB1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{5E97AC48-77AB-4352-9609-B0BB35ECC6F7} 869AE500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 848891F8
Device \Driver\usbohci \Device\USBPDO-0 861FC1F8
Device \Driver\usbohci \Device\USBPDO-1 861FC1F8
Device \Driver\usbohci \Device\USBPDO-2 861FC1F8
Device \Driver\usbohci \Device\USBPDO-3 861FC1F8
Device \Driver\usbohci \Device\USBPDO-4 861FC1F8
Device \Driver\sptd \Device\1678295318 spsk.sys
Device \Driver\usbehci \Device\USBPDO-5 8623A1F8
Device \Driver\volmgr \Device\HarddiskVolume1 848891F8
Device \Driver\volmgr \Device\HarddiskVolume2 848891F8
Device \Driver\cdrom \Device\CdRom0 861FD1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 852181F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 852181F8
Device \Driver\atapi \Device\Ide\IdePort0 852181F8
Device \Driver\atapi \Device\Ide\IdePort1 852181F8
Device \Driver\atapi \Device\Ide\IdePort2 852181F8
Device \Driver\atapi \Device\Ide\IdePort3 852181F8
Device \Driver\volmgr \Device\HarddiskVolume3 848891F8
Device \Driver\cdrom \Device\CdRom1 861FD1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{2FC29930-1797-45D0-B5C9-A848C1B848C8} 869AE500
Device \Driver\volmgr \Device\HarddiskVolume4 848891F8
Device \Driver\netbt \Device\NetBt_Wins_Export 869AE500
Device \Driver\Smb \Device\NetbiosSmb 86A0B1F8
Device \Driver\PCI_PNP1299 \Device\0000004d spsk.sys
Device \Driver\iScsiPrt \Device\RaidPort0 863121F8
Device \Driver\usbohci \Device\USBFDO-0 861FC1F8
Device \Driver\USBSTOR \Device\0000006c 86B8C3C8
Device \Driver\USBSTOR \Device\0000006d 86B8C3C8
Device \Driver\usbohci \Device\USBFDO-1 861FC1F8
Device \Driver\usbohci \Device\USBFDO-2 861FC1F8
Device \Driver\usbohci \Device\USBFDO-3 861FC1F8
Device \Driver\usbohci \Device\USBFDO-4 861FC1F8
Device \Driver\usbehci \Device\USBFDO-5 8623A1F8
Device \Driver\ao044q0e \Device\Scsi\ao044q0e1Port5Path0Target0Lun0 863071F8
Device \Driver\ao044q0e \Device\Scsi\ao044q0e1 863071F8
Device \FileSystem\fastfat \Fat 861EB1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs A19231F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x53 0xE2 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x14 0xC2 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x53 0x15 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x84 0x53 0xE2 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA0 0x14 0xC2 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x50 0x53 0x15 0x04 ...
---- EOF - GMER 1.0.15 ----
OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 07:58:59 on 31.07.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 5.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "bdeadmin.cpl" - "Borland Software Corporation" - C:\Windows\system32\bdeadmin.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "TOSCDSPD.cpl" - ? - C:\Windows\system32\TOSCDSPD.cpl (File found, but it contains no detailed information) [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV05" (ACEDRV05) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV05.sys "ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys "ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV08.sys "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Verena\AppData\Local\Temp\catchme.sys (File not found) "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Tosrfcom" (Tosrfcom) - ? - C:\Windows\system32\drivers\Tosrfcom.sys (File not found) "Touch Pad Detection Filter driver" (TpChoice) - ? - C:\Windows\System32\DRIVERS\TpChoice.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {B3740C38-B040-464A-833B-0FBB36CD5930} "Column Provider für SEMAZipFiles" - ? - C:\PROGRA~1\SEMA\SEMAV104\SEMSYS\SPROJDLL.dll (File not found) {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {8f6b0360-b80d-11d0-a9b3-006097942311} "lzdhtml" - ? - (File not found | COM-object registry key not found) {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {79eac9e4-baf9-11ce-8c82-00aa004ba90b} "gopher" - ? - (File not found | COM-object registry key not found) {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} "vnd.ms.radio" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {B3740C38-B040-464A-833B-0FBB36CD5930} "Column Provider für SEMAZipFiles" - ? - C:\PROGRA~1\SEMA\SEMAV104\SEMSYS\SPROJDLL.dll (File not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {087221D8-3D63-4AEA-A7CF-4B1EB5E9A4FF} "SEMA Zipfile" - ? - C:\PROGRA~1\SEMA\SEMAV104\SEMSYS\SPROJDLL.dll (File not found) {2BC56059-66D2-470E-B439-955FB6C2B6A3} "SEMA Zipfile" - ? - C:\PROGRA~1\SEMA\SEMAV104\SEMSYS\SPROJDLL.dll (File not found) {A214DA78-0E43-481C-9AF5-9E02F3F3099D} "SEMA Zipfile" - ? - C:\PROGRA~1\SEMA\SEMAV104\SEMSYS\SPROJDLL.dll (File not found) {C940A867-015C-4288-AA12-DD37CA9AD834} "SEMA Zipfile" - ? - C:\PROGRA~1\SEMA\SEMAV104\SEMSYS\SPROJDLL.dll (File not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - ? - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll (File not found) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {1C11B948-582A-433F-A98D-A8C4D5CC64F2} "20-20 3D Viewer" - "20-20 Technologies" - C:\Windows\system32\20-20 Technologies\3D Viewer\2020Player_4_5_2_0.dll / hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10t.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "Amazon.de" - ? - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (HTTP value) {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll "eBay - Der weltweite Online Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites (HTTP value) {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - ? - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (File not found) "ICQ7" - "ICQ, LLC." - C:\Program Files\ICQ7.0\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - ? - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (File not found) {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "phase-6 Reminder.lnk" - "phase-6" - C:\Program Files\phase-6\phase-6-basic\reminder\reminder.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "HSON" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\TBS\HSON.exe "KeNotify" - ? - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe "SmoothView" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "StartCCC" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (File found, but it contains no detailed information) "TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE "WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "hpf3l70v.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70v.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - ? - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (File not found) "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE "LiveUpdate Notice Service" (LiveUpdate Notice Service) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe "LiveUpdate Notice Service Ex" (LiveUpdate Notice Ex) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (File not found) "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "TOSHIBA Navi Support Service" (TNaviSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: TOSHIBA BIOS Manufacturer: TOSHIBA System Manufacturer: TOSHIBA System Product Name: Satellite A210 Logical Drives Mask: 0x00000034 Kernel Drivers (total 150): 0x82219000 \SystemRoot\system32\ntkrnlpa.exe 0x825D3000 \SystemRoot\system32\hal.dll 0x8040C000 \SystemRoot\system32\kdcom.dll 0x80413000 \SystemRoot\system32\PSHED.dll 0x80424000 \SystemRoot\system32\BOOTVID.dll 0x8042C000 \SystemRoot\system32\CLFS.SYS 0x8046D000 \SystemRoot\system32\CI.dll 0x8054D000 \SystemRoot\system32\drivers\Wdf01000.sys 0x805C9000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8060E000 \SystemRoot\system32\drivers\acpi.sys 0x80654000 \SystemRoot\system32\drivers\WMILIB.SYS 0x8065D000 \SystemRoot\system32\drivers\msisadrv.sys 0x80665000 \SystemRoot\system32\DRIVERS\LPCFilter.sys 0x8066F000 \SystemRoot\system32\drivers\pci.sys 0x80696000 \SystemRoot\System32\drivers\partmgr.sys 0x806A5000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x806A8000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x806B2000 \SystemRoot\system32\drivers\volmgr.sys 0x806C1000 \SystemRoot\System32\drivers\volmgrx.sys 0x8070B000 \SystemRoot\system32\drivers\pciide.sys 0x80712000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x80720000 \SystemRoot\system32\DRIVERS\pcmcia.sys 0x8074D000 \SystemRoot\System32\drivers\mountmgr.sys 0x8075D000 \SystemRoot\system32\drivers\atapi.sys 0x80765000 \SystemRoot\system32\drivers\ataport.SYS 0x80783000 \SystemRoot\system32\drivers\fltmgr.sys 0x807B5000 \SystemRoot\system32\drivers\fileinfo.sys 0x88003000 \SystemRoot\System32\Drivers\ksecdd.sys 0x88074000 \SystemRoot\system32\drivers\ndis.sys 0x8817F000 \SystemRoot\system32\drivers\msrpc.sys 0x881AA000 \SystemRoot\system32\drivers\NETIO.SYS 0x8820E000 \SystemRoot\System32\drivers\tcpip.sys 0x882F8000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x88409000 \SystemRoot\System32\Drivers\Ntfs.sys 0x88519000 \SystemRoot\system32\drivers\volsnap.sys 0x88552000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS 0x88557000 \SystemRoot\system32\DRIVERS\tos_sps32.sys 0x885A2000 \SystemRoot\System32\Drivers\spldr.sys 0x885AA000 \SystemRoot\System32\Drivers\mup.sys 0x885B9000 \SystemRoot\System32\drivers\ecache.sys 0x885E0000 \SystemRoot\system32\drivers\disk.sys 0x88313000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x885F1000 \SystemRoot\system32\drivers\crcdisk.sys 0x8834C000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x88357000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x88360000 \SystemRoot\system32\DRIVERS\amdk8.sys 0x8C40C000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x8CAE4000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8CB84000 \SystemRoot\System32\drivers\watchdog.sys 0x88370000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8CB90000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x8CE07000 \SystemRoot\system32\DRIVERS\athr.sys 0x8CEEE000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x8CEF8000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8CF36000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8CF45000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys 0x8CF49000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8CF61000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8CF74000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8CF7F000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8CFB1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8CFB3000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8CFBE000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8CFC2000 \SystemRoot\system32\DRIVERS\tosrfec.sys 0x8CFC5000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8CFD5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8CBA4000 \SystemRoot\system32\drivers\tifm21.sys 0x8CFE3000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x807C5000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8D205000 \SystemRoot\system32\DRIVERS\storport.sys 0x8D246000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8D251000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8D268000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8D273000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8D296000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8D2A5000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8D2B9000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8D2CE000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8D2DE000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8D2E0000 \SystemRoot\system32\DRIVERS\ks.sys 0x8D30A000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8D314000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8D321000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8D356000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8D367000 \SystemRoot\system32\drivers\HdAudio.sys 0x8D3A6000 \SystemRoot\system32\drivers\portcls.sys 0x8D3D3000 \SystemRoot\system32\drivers\drmk.sys 0x8D40C000 \SystemRoot\system32\DRIVERS\AGRSM.sys 0x8D528000 \SystemRoot\system32\drivers\modem.sys 0x8D605000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8D535000 \??\C:\Windows\system32\drivers\ACEDRV05.sys 0x8D7B4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8D7BD000 \SystemRoot\System32\Drivers\Null.SYS 0x8D7C4000 \SystemRoot\System32\Drivers\Beep.SYS 0x8D7D4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8D7DB000 \SystemRoot\System32\drivers\vga.sys 0x8D594000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8D7E7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8D7EF000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8D5B5000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8D5C0000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8D7F7000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8D5CE000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8D5E4000 \SystemRoot\system32\DRIVERS\smb.sys 0x8DA09000 \SystemRoot\system32\drivers\afd.sys 0x8DA51000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8DA83000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8DA99000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8DAA7000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8DABA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8DAC0000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8DAFC000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8DB06000 \SystemRoot\System32\Drivers\dfsc.sys 0x8DB1D000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8DB44000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8DB5B000 \SystemRoot\system32\DRIVERS\UVCFTR_S.SYS 0x8DB64000 \SystemRoot\System32\Drivers\usbvideo.sys 0x8DB85000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x8DB9B000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8DBA8000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8DBB3000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x96E20000 \SystemRoot\System32\win32k.sys 0x8DBBB000 \SystemRoot\System32\drivers\Dxapi.sys 0x8DBC5000 \SystemRoot\system32\DRIVERS\monitor.sys 0x97040000 \SystemRoot\System32\TSDDD.dll 0x97060000 \SystemRoot\System32\cdd.dll 0x8DBD4000 \SystemRoot\system32\drivers\luafv.sys 0x88334000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x99209000 \??\C:\Windows\system32\drivers\ACEDRV07.sys 0x9926B000 \??\C:\Windows\system32\drivers\ACEDRV08.sys 0x992D5000 \SystemRoot\system32\drivers\spsys.sys 0x99385000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x99395000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x993BF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x993C9000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9D007000 \SystemRoot\system32\drivers\HTTP.sys 0x9D074000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9D091000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9D0AA000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9D0BF000 \SystemRoot\system32\drivers\mrxdav.sys 0x9D0E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9D0FF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9D138000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9D150000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9D178000 \SystemRoot\System32\DRIVERS\srv.sys 0xA0202000 \??\C:\Windows\system32\drivers\acedrv11.sys 0xA0245000 \SystemRoot\system32\drivers\peauth.sys 0xA0323000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA032D000 \SystemRoot\System32\drivers\tcpipreg.sys 0x777A0000 \Windows\System32\ntdll.dll Processes (total 74): 0 System Idle Process 4 System 484 C:\Windows\System32\smss.exe 564 csrss.exe 616 C:\Windows\System32\wininit.exe 624 csrss.exe 660 C:\Windows\System32\services.exe 680 C:\Windows\System32\lsass.exe 688 C:\Windows\System32\lsm.exe 720 C:\Windows\System32\winlogon.exe 876 C:\Windows\System32\svchost.exe 928 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 972 C:\Windows\System32\svchost.exe 1024 C:\Windows\System32\svchost.exe 1076 C:\Windows\System32\Ati2evxx.exe 1108 C:\Windows\System32\svchost.exe 1152 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\svchost.exe 1288 C:\Windows\System32\audiodg.exe 1312 C:\Windows\System32\svchost.exe 1332 C:\Windows\System32\SLsvc.exe 1356 C:\Windows\System32\svchost.exe 1532 C:\Windows\System32\svchost.exe 1640 C:\Windows\System32\Ati2evxx.exe 1880 C:\Windows\System32\spoolsv.exe 1916 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1928 C:\Windows\System32\svchost.exe 2040 C:\Windows\System32\dwm.exe 200 C:\Windows\System32\taskeng.exe 360 C:\Windows\explorer.exe 1104 C:\Windows\System32\agrsmsvc.exe 1052 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1908 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 2072 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 2140 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe 2188 C:\Windows\System32\svchost.exe 2216 C:\Windows\RtHDVCpl.exe 2236 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 2280 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe 2412 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe 2464 C:\Windows\System32\svchost.exe 2492 C:\Windows\System32\PSIService.exe 2580 C:\Windows\System32\svchost.exe 2612 C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe 2668 C:\Windows\System32\TODDSrv.exe 2704 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 2780 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 2804 C:\Windows\System32\svchost.exe 2828 C:\Windows\System32\SearchIndexer.exe 2912 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3696 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe 3712 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3720 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3752 C:\Windows\WindowsMobile\wmdSync.exe 3764 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3780 C:\Windows\vVX1000.exe 3788 C:\Program Files\Synaptics\SynTP\SynToshiba.exe 3796 C:\Program Files\Winamp\winampa.exe 3804 C:\Program Files\HP\HP Software Update\hpwuschd2.exe 3812 C:\Windows\ehome\ehtray.exe 3824 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 3836 C:\Program Files\Windows Media Player\wmpnscfg.exe 3884 C:\Windows\System32\svchost.exe 4040 C:\Windows\ehome\ehmsas.exe 4068 C:\Program Files\Windows Media Player\wmpnetwk.exe 1224 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3304 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 1372 C:\Windows\System32\svchost.exe 2032 C:\Windows\System32\wuauclt.exe 808 C:\Program Files\Mozilla Thunderbird\thunderbird.exe 516 C:\Program Files\Mozilla Firefox\firefox.exe 5308 C:\Program Files\Mozilla Firefox\plugin-container.exe 5000 E:\Desktop\trojanerboard\MBRCheck.exe 4428 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000017`a7c00000 (NTFS) PhysicalDrive0 Model Number: TOSHIBAMK2046GSX, Rev: LB013M Size Device Name MBR Status -------------------------------------------- 186 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! Mal wieder danke und schönen Sonntag noch! Philz |
|
| Themen zu Redirecting zu ungewollten websites beim Surfen (Inet geht nicht mehr nach Defogger-scan) |
| anhang, antivir, antwort, bild, csrss.exe, fehlermeldung, friert, geht nicht mehr, internet, maus, meldet, neustart, nicht gefunden, nicht mehr, notebook, problem, proxy, scan, scannen, surfen, ungewollte, update, updaten, verbindung, warum, websites, youtube |
Linear-Darstellung
