|
Plagegeister aller Art und deren Bekämpfung: Google redirect MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.07.2011, 13:57 | #1 |
| Google redirect Malware Hallo ihr Computerspezialisten, ich benötigen dringend eure Hilfe. Ich habe die Befürchtung, dass ich Malware (kenne nicht genau die Unterschiede zwischen Virus, Wurm, Trojaner, Malware etc.) auf meinem Laptop habe. Oft passiert es, dass ich eine Seite über Google aus anklicke, diese dann aber nicht geöffnet wird, sondern eine ganz andere Seite mit Werbung. Ich habe mich bei euch auf der Seite belesen und bereits einen Scan mit Malwarebytes durchgeführt. Folgende log Datei habe ich gespeichert: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7136 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 14.07.2011 14:29:22 mbam-log-2011-07-14 (14-29-22).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 181769 Laufzeit: 23 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: c:\Windows\Wteqoa.exe (Trojan.FraudPack.Gen) -> 3204 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\5SK3BLHWHC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\Wteqoa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Users\Maite\AppData\Local\Temp\Wrc.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully. Weiterhin habe ich (wie ihr gepostet habt) dieses OTL ausgeführt und einen Scan gestartet. Folgendes kam dabei heraus: OTL logfile created on: 7/14/2011 2:40:35 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Maite\Downloads An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 1.97 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.93% Memory free 3.93 Gb Paging File | 2.43 Gb Available in Paging File | 61.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286.86 Gb Total Space | 49.15 Gb Free Space | 17.13% Space Free | Partition Type: NTFS Drive Q: | 9.77 Gb Total Space | 3.48 Gb Free Space | 35.59% Space Free | Partition Type: NTFS Drive S: | 1.46 Gb Total Space | 0.67 Gb Free Space | 46.05% Space Free | Partition Type: NTFS Computer Name: MAITE-PC | User Name: Maite | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maite\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation) PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation) PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe () PRC - C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo) PRC - C:\Program Files\Lenovo\ATK Hotkey\LControl.exe (ATK0101) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe () PRC - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited) ========== Modules (SafeList) ========== MOD - C:\Users\Maite\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited) SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited) SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited) SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LFKAS) -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe () SRV - (ATKGFNEXSrv) -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe () SRV - (ASLDRService) -- C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe () ========== Driver Services (SafeList) ========== DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited) DRV - (sdcfilter) -- C:\Windows\System32\drivers\sdcfilter.sys (Sophos Plc) DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Plc) DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (PCDSRVC{C4B36920-79E24793-06000000}_0) -- c:\Program Files\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (MTsensor32) -- C:\Windows\System32\drivers\PuAcpi32.sys () DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (ASMMAP) -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys () DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7D CE 5B 6D 6F 01 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=192.168.91.254:8080;https=192.168.91.254:8080;ftp=192.168.91.254:8080;socks=192.168.91.254:1080 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://sn119w.snt119.mail.live.com/default.aspx?wa=wsignin1.0|hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.98 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/03 11:49:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/14 09:31:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/14 09:31:59 | 000,000,000 | ---D | M] [2009/11/15 22:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maite\AppData\Roaming\Mozilla\Extensions [2011/07/14 10:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\extensions [2011/04/03 22:45:22 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010/09/02 15:48:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/07/14 10:32:42 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010/09/19 16:58:42 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\extensions\youtube2mp3@mondayx.de [2011/04/04 11:48:19 | 000,000,873 | ---- | M] () -- C:\Users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\searchplugins\conduit.xml [2011/07/14 09:42:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/02/27 21:51:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/06/15 09:46:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/08/24 10:39:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/19 11:21:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/04 16:00:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/06/06 14:11:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011/07/14 09:34:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/02/03 11:49:06 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/12/03 22:08:08 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll [2011/03/20 01:06:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/03/20 01:06:12 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/03/20 01:06:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/03/20 01:06:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/03/20 01:06:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [ISUSPM] File not found O4 - HKCU..\Run: [msnmsgr] File not found O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Maite\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.91.208 192.168.91.203 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/06/03 00:46:54 | 000,000,049 | ---- | M] () - S:\autorun.inf.vir -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/14 14:03:18 | 000,000,000 | ---D | C] -- C:\Users\Maite\AppData\Roaming\Malwarebytes [2011/07/14 14:01:46 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/07/14 14:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/14 14:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/07/14 14:01:41 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/07/14 14:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/07/14 09:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/07/14 09:34:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011/07/14 09:34:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011/07/14 09:34:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011/07/14 09:30:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2011/07/14 09:30:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2011/07/14 09:30:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2011/07/14 09:30:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2011/07/14 09:30:07 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2011/07/14 09:30:07 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2011/07/14 09:30:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2011/07/14 09:30:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2011/07/14 09:30:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2011/07/14 09:30:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2011/07/14 09:30:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2011/07/14 09:30:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2011/07/14 09:30:03 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2011/07/14 09:30:02 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011/07/14 09:29:58 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011/07/11 22:06:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools [2011/07/11 21:40:22 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011/07/11 21:40:21 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011/07/11 21:40:20 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011/07/11 21:40:20 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011/07/11 21:40:19 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011/07/11 21:40:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011/07/11 21:34:21 | 000,123,680 | ---- | C] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys [2011/07/11 21:32:32 | 000,024,312 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys [2011/07/11 21:32:03 | 000,031,736 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys [2011/07/11 21:31:39 | 000,131,824 | ---- | C] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll [2011/06/22 13:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client [2011/06/22 13:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks [2011/06/22 13:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence [2011/06/22 13:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011/06/22 13:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems [2011/06/22 13:05:43 | 000,030,744 | ---- | C] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe [2011/06/22 12:58:06 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys [2011/06/21 21:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2011/06/21 21:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems [2011/06/21 20:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011/06/21 19:57:34 | 000,000,000 | ---D | C] -- C:\Users\Maite\Documents\Simply Super Software [2011/06/21 19:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2011/06/21 19:57:19 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011/06/21 19:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2011/06/21 19:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2011/06/21 19:57:16 | 000,000,000 | ---D | C] -- C:\Users\Maite\AppData\Roaming\Simply Super Software [2011/06/21 12:05:04 | 000,000,000 | ---D | C] -- C:\Users\Maite\AppData\Local\Sophos [2011/06/21 12:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2011/06/21 12:00:24 | 000,000,000 | ---D | C] -- C:\stdtsa [2011/06/21 11:54:18 | 000,000,000 | ---D | C] -- C:\escw_97_sa [2011/06/20 22:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011/06/20 22:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011/06/20 22:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater [2011/06/20 15:56:26 | 000,000,000 | ---D | C] -- C:\Users\Maite\AppData\Roaming\QuickScan [2011/06/20 14:34:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/06/20 14:34:53 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011/06/20 14:34:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011/06/20 14:34:53 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011/06/20 14:34:53 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011/06/20 14:34:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/06/20 14:34:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011/06/20 14:34:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011/06/20 14:34:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/06/20 14:34:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011/06/20 14:34:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/06/20 14:34:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/06/20 14:34:52 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011/06/20 14:34:52 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/06/20 14:34:52 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/06/20 14:34:52 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/06/20 14:34:52 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011/06/20 14:34:52 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/06/20 14:34:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/06/20 14:34:52 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011/06/20 14:34:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/06/20 14:34:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/06/20 14:34:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/06/20 14:34:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/06/20 14:34:51 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/06/20 14:34:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/06/20 14:34:51 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/06/20 14:34:51 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011/06/20 14:34:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011/06/20 14:34:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011/06/20 14:34:51 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011/06/20 14:34:51 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011/06/20 14:34:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/06/20 14:34:51 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/06/20 14:34:51 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011/06/20 14:34:51 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011/06/20 14:34:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011/06/20 14:34:51 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011/06/20 14:34:51 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/06/20 13:47:22 | 000,000,000 | ---D | C] -- C:\Users\Maite\Documents\Annikas Hochzeit [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll ========== Files - Modified Within 30 Days ========== [2011/07/14 14:01:47 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/14 10:27:53 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/14 10:27:53 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/14 10:20:30 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\KFEMAHKJM.job [2011/07/14 10:20:15 | 000,425,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/07/14 10:20:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/14 10:19:11 | 1583,321,088 | -HS- | M] () -- C:\hiberfil.sys [2011/07/11 21:44:05 | 000,115,712 | RHS- | M] () -- C:\Windows\System32\appmgmtsl.dll [2011/07/11 21:34:22 | 000,123,680 | ---- | M] (Sophos Limited) -- C:\Windows\System32\drivers\savonaccess.sys [2011/07/11 21:33:20 | 000,030,744 | ---- | M] (Sophos Limited) -- C:\Windows\System32\SophosBootTasks.exe [2011/07/11 21:32:32 | 000,024,312 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\sdcfilter.sys [2011/07/11 21:32:03 | 000,031,736 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\skmscan.sys [2011/07/11 21:31:40 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\Windows\System32\sdccoinstaller.dll [2011/06/22 15:16:12 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011/06/22 13:18:35 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF [2011/06/22 13:15:53 | 000,002,641 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2011/06/22 12:58:06 | 000,022,536 | ---- | M] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys [2011/06/22 12:28:53 | 000,001,594 | ---- | M] () -- C:\Windows\VPNUnInstall.MIF [2011/06/21 21:18:24 | 000,620,150 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/06/21 21:18:24 | 000,108,332 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/06/21 19:57:23 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011/06/21 16:31:48 | 000,017,408 | ---- | M] () -- C:\Users\Maite\AppData\Local\WebpageIcons.db [2011/06/20 22:47:32 | 000,001,232 | ---- | M] () -- C:\Users\Maite\Contacts\Desktop\Spybot - Search & Destroy.lnk [2011/06/20 22:34:46 | 000,001,417 | ---- | M] () -- C:\Users\Maite\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/06/20 14:34:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/06/20 14:34:53 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011/06/20 14:34:53 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011/06/20 14:34:53 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011/06/20 14:34:53 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011/06/20 14:34:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011/06/20 14:34:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011/06/20 14:34:53 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011/06/20 14:34:53 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011/06/20 14:34:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011/06/20 14:34:53 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011/06/20 14:34:53 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011/06/20 14:34:52 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011/06/20 14:34:52 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011/06/20 14:34:52 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011/06/20 14:34:52 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011/06/20 14:34:52 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011/06/20 14:34:52 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011/06/20 14:34:52 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011/06/20 14:34:52 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011/06/20 14:34:52 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011/06/20 14:34:52 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011/06/20 14:34:52 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011/06/20 14:34:52 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011/06/20 14:34:51 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/06/20 14:34:51 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/06/20 14:34:51 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/06/20 14:34:51 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011/06/20 14:34:51 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011/06/20 14:34:51 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011/06/20 14:34:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011/06/20 14:34:51 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011/06/20 14:34:51 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011/06/20 14:34:51 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011/06/20 14:34:51 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011/06/20 14:34:51 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011/06/20 14:34:51 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011/06/20 14:34:51 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011/06/20 14:34:51 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011/06/20 14:34:51 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011/06/20 11:19:49 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2011/07/14 14:01:47 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/11 21:44:05 | 000,115,712 | RHS- | C] () -- C:\Windows\System32\appmgmtsl.dll [2011/07/11 21:44:05 | 000,000,316 | -HS- | C] () -- C:\Windows\tasks\KFEMAHKJM.job [2011/06/22 13:15:53 | 000,002,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2011/06/22 12:26:05 | 000,001,594 | ---- | C] () -- C:\Windows\VPNUnInstall.MIF [2011/06/21 21:09:06 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF [2011/06/21 19:57:23 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2011/06/21 19:57:19 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011/06/21 19:57:19 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011/06/21 19:57:18 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011/06/21 19:57:18 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011/06/21 16:31:44 | 000,017,408 | ---- | C] () -- C:\Users\Maite\AppData\Local\WebpageIcons.db [2011/06/20 22:47:32 | 000,001,232 | ---- | C] () -- C:\Users\Maite\Contacts\Desktop\Spybot - Search & Destroy.lnk [2011/06/20 14:34:52 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011/05/26 11:41:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011/03/21 13:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010/08/28 23:01:08 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010/04/21 18:08:14 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010/04/21 18:08:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010/04/21 18:08:14 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010/04/21 17:29:46 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009/12/18 14:52:18 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009/12/01 17:43:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009/11/16 00:30:20 | 000,014,344 | ---- | C] () -- C:\Windows\System32\drivers\PuAcpi32.sys [2009/11/16 00:30:15 | 000,061,440 | R--- | C] () -- C:\Windows\System32\AABATT.dll [2009/08/13 22:45:40 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 06:33:53 | 000,425,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,620,150 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,108,332 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/14 02:59:08 | 000,011,776 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll [2009/07/14 02:58:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll [2009/07/14 02:58:25 | 000,010,240 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll [2009/07/14 02:56:53 | 000,159,232 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005/05/06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Ich wollte jetzt nicht weitermachen, da ich Angst habe totalen Unsinn zu verzapfen und lieber nochmal Rücksprache mit einem Fachmann halten. Ich hoffe ihr könnt mir weiterhelfen. Vielen Dank schonmal |
14.07.2011, 14:48 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Malware Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ |
19.07.2011, 15:36 | #3 |
| Google redirect Malware Hallo Arne,
__________________ich habe mit Malware einen Komplettscan durchgeführt. Die Log Datei poste ich im Anhang. Leider funktioniert das OTL Programm bei mir nicht vollständig. Ich habe Folgendes kopiert und beim Custom Scan eingefügt: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT Nur leider stoppt der Quick Scan wenn es heißt "Manual file scan-getting folder structure..." Ich versuche OTL nun nochmal neu zu laden, um dir dann die Log Datei zu senden. In meiner ersten Anfrage hatte ich bereits die alten Log Dateien, sowohl vom Malware Scan als auch vom OTL Scan gepostet. Helfen die evt. schon weiter? Liebe Grüße Maite |
19.07.2011, 16:15 | #4 |
| Google redirect Malware ich nochmal ;-) Wenn ich versuche den OTL Scan zu starten, klicke ich überall "benutze Safe List" an. Nur leider springt die Markierung bei "Extra-Registrierung" sofort beim Start des Quick Scans auf "Aus" und während des Scans bei "Standard Registrierung" auf "Alles". Danach hackt es dann auch und scant nicht mehr weiter. Habe ich etwas falsch eingestellt? Oder gibt es noch andere Möglichkeiten? Habe heute auch nochmal einen Malware Komplettscan durchgeführt. Es wurde aber anscheinend nichts gefunden. Sorge bereitet mir immer noch, dass das Windows Security Center nicht aktiviert werden kann. Hier mal die Log Datei des ersten Komplettscan vor ein paar Tagen (mit Fund) und der von heute: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7136 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 14.07.2011 14:29:22 mbam-log-2011-07-14 (14-29-22).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 181769 Laufzeit: 23 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: c:\Windows\Wteqoa.exe (Trojan.FraudPack.Gen) -> 3204 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\5SK3BLHWHC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Windows\Wteqoa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Users\Maite\AppData\Local\Temp\Wrc.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully. Heute: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7197 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 19.07.2011 15:28:46 mbam-log-2011-07-19 (15-28-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|) Durchsuchte Objekte: 467479 Laufzeit: 3 Stunde(n), 55 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Ich hoffe wirklich, dass ihr mir weiterhelfen könnt. Scheint ja ein hartnäckiger Fall zu sein. Liebe Grüße |
19.07.2011, 20:35 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Malware Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/06/03 00:46:54 | 000,000,049 | ---- | M] () - S:\autorun.inf.vir -- [ NTFS ] [2011/07/14 10:20:30 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\KFEMAHKJM.job @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9 :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
20.07.2011, 13:34 | #6 |
| Google redirect Malware Hey Arne, vielen Dank schonmal. Hier nun meine log file vom Fix: ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. S:\autorun.inf.vir moved successfully. C:\Windows\Tasks\KFEMAHKJM.job moved successfully. ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.26.1 log created on 07202011_143241 Ich hoffe das hilft dir weiter. Soll ich jetzt nochmal den Quick Scan probieren? Liebe Grüße Maite |
20.07.2011, 14:18 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Malware Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
20.07.2011, 14:30 | #8 |
| Google redirect Malware Hey Arne, habe mir das Tool von Kaspersky heruntergeladen und folgendes Ergebnis: 2011/07/20 15:23:39.0752 3696 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/20 15:23:41.0755 3696 ================================================================================ 2011/07/20 15:23:41.0755 3696 SystemInfo: 2011/07/20 15:23:41.0755 3696 2011/07/20 15:23:41.0755 3696 OS Version: 6.1.7601 ServicePack: 1.0 2011/07/20 15:23:41.0755 3696 Product type: Workstation 2011/07/20 15:23:41.0755 3696 ComputerName: MAITE-PC 2011/07/20 15:23:42.0997 3696 UserName: Maite 2011/07/20 15:23:42.0997 3696 Windows directory: C:\Windows 2011/07/20 15:23:42.0997 3696 System windows directory: C:\Windows 2011/07/20 15:23:42.0997 3696 Processor architecture: Intel x86 2011/07/20 15:23:42.0997 3696 Number of processors: 2 2011/07/20 15:23:42.0997 3696 Page size: 0x1000 2011/07/20 15:23:42.0997 3696 Boot type: Normal boot 2011/07/20 15:23:42.0997 3696 ================================================================================ 2011/07/20 15:23:50.0105 3696 Initialize success 2011/07/20 15:24:07.0177 4344 ================================================================================ 2011/07/20 15:24:07.0177 4344 Scan started 2011/07/20 15:24:07.0177 4344 Mode: Manual; 2011/07/20 15:24:07.0177 4344 ================================================================================ 2011/07/20 15:24:08.0393 4344 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 2011/07/20 15:24:08.0617 4344 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 2011/07/20 15:24:08.0782 4344 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 2011/07/20 15:24:08.0868 4344 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/07/20 15:24:09.0026 4344 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/07/20 15:24:09.0088 4344 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/07/20 15:24:09.0284 4344 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 2011/07/20 15:24:09.0330 4344 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/07/20 15:24:09.0496 4344 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/07/20 15:24:09.0701 4344 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/07/20 15:24:09.0740 4344 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/07/20 15:24:09.0903 4344 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/07/20 15:24:09.0987 4344 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/07/20 15:24:10.0148 4344 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/07/20 15:24:10.0219 4344 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 2011/07/20 15:24:10.0393 4344 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/07/20 15:24:10.0455 4344 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 2011/07/20 15:24:10.0630 4344 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 2011/07/20 15:24:10.0887 4344 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/07/20 15:24:10.0922 4344 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/07/20 15:24:11.0088 4344 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys 2011/07/20 15:24:11.0238 4344 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/07/20 15:24:11.0329 4344 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/07/20 15:24:11.0512 4344 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/07/20 15:24:11.0693 4344 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/07/20 15:24:11.0760 4344 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/07/20 15:24:11.0919 4344 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/07/20 15:24:12.0121 4344 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 2011/07/20 15:24:12.0184 4344 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/07/20 15:24:12.0225 4344 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/07/20 15:24:12.0385 4344 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/07/20 15:24:12.0429 4344 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/07/20 15:24:12.0464 4344 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/07/20 15:24:12.0644 4344 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/07/20 15:24:12.0724 4344 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys 2011/07/20 15:24:12.0864 4344 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/07/20 15:24:12.0943 4344 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2011/07/20 15:24:13.0114 4344 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys 2011/07/20 15:24:13.0287 4344 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys 2011/07/20 15:24:13.0363 4344 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys 2011/07/20 15:24:13.0518 4344 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/07/20 15:24:13.0603 4344 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 2011/07/20 15:24:13.0769 4344 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/07/20 15:24:13.0837 4344 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/07/20 15:24:14.0027 4344 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/07/20 15:24:14.0099 4344 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/07/20 15:24:14.0267 4344 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/07/20 15:24:14.0341 4344 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/07/20 15:24:14.0487 4344 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 2011/07/20 15:24:14.0564 4344 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/07/20 15:24:14.0726 4344 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 2011/07/20 15:24:14.0937 4344 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 2011/07/20 15:24:15.0172 4344 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys 2011/07/20 15:24:15.0282 4344 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 2011/07/20 15:24:15.0447 4344 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/07/20 15:24:15.0638 4344 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/07/20 15:24:15.0735 4344 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys 2011/07/20 15:24:15.0909 4344 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/07/20 15:24:15.0991 4344 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/07/20 15:24:16.0253 4344 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/07/20 15:24:16.0542 4344 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/07/20 15:24:16.0685 4344 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/07/20 15:24:16.0778 4344 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/07/20 15:24:16.0938 4344 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/07/20 15:24:16.0998 4344 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/07/20 15:24:17.0158 4344 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/07/20 15:24:17.0186 4344 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/07/20 15:24:17.0222 4344 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/07/20 15:24:17.0395 4344 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/07/20 15:24:17.0433 4344 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/07/20 15:24:17.0465 4344 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/07/20 15:24:17.0644 4344 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 2011/07/20 15:24:17.0718 4344 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/07/20 15:24:17.0879 4344 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/07/20 15:24:17.0964 4344 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/07/20 15:24:18.0162 4344 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 2011/07/20 15:24:18.0212 4344 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 2011/07/20 15:24:18.0370 4344 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/07/20 15:24:18.0453 4344 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/07/20 15:24:18.0604 4344 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/07/20 15:24:18.0725 4344 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 2011/07/20 15:24:18.0882 4344 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/07/20 15:24:18.0971 4344 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 2011/07/20 15:24:19.0110 4344 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 2011/07/20 15:24:19.0197 4344 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 2011/07/20 15:24:19.0700 4344 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 2011/07/20 15:24:20.0488 4344 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/07/20 15:24:20.0876 4344 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/07/20 15:24:20.0956 4344 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/07/20 15:24:21.0102 4344 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/07/20 15:24:21.0179 4344 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/07/20 15:24:21.0311 4344 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 2011/07/20 15:24:21.0379 4344 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/07/20 15:24:21.0574 4344 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/07/20 15:24:21.0644 4344 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/07/20 15:24:21.0782 4344 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 2011/07/20 15:24:21.0890 4344 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 2011/07/20 15:24:22.0018 4344 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 2011/07/20 15:24:22.0097 4344 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 2011/07/20 15:24:22.0162 4344 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2011/07/20 15:24:22.0328 4344 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/07/20 15:24:22.0431 4344 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/07/20 15:24:22.0567 4344 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/07/20 15:24:22.0645 4344 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/07/20 15:24:22.0781 4344 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/07/20 15:24:22.0850 4344 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/07/20 15:24:23.0008 4344 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys 2011/07/20 15:24:23.0115 4344 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/07/20 15:24:23.0250 4344 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/07/20 15:24:23.0351 4344 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/07/20 15:24:23.0482 4344 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/07/20 15:24:23.0545 4344 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 2011/07/20 15:24:23.0681 4344 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/07/20 15:24:23.0752 4344 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 2011/07/20 15:24:23.0826 4344 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 2011/07/20 15:24:23.0964 4344 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/07/20 15:24:24.0056 4344 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 2011/07/20 15:24:24.0194 4344 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/07/20 15:24:24.0257 4344 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/07/20 15:24:24.0288 4344 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/07/20 15:24:24.0460 4344 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 2011/07/20 15:24:24.0733 4344 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 2011/07/20 15:24:24.0889 4344 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/07/20 15:24:24.0960 4344 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/07/20 15:24:25.0022 4344 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/07/20 15:24:25.0180 4344 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/07/20 15:24:25.0256 4344 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/07/20 15:24:25.0286 4344 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/07/20 15:24:25.0416 4344 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/07/20 15:24:25.0501 4344 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 2011/07/20 15:24:25.0621 4344 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/07/20 15:24:25.0687 4344 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/07/20 15:24:25.0841 4344 MTsensor32 (648cbe572ffe978bf33b8d7e60ac441b) C:\Windows\system32\DRIVERS\PuAcpi32.sys 2011/07/20 15:24:25.0903 4344 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/07/20 15:24:26.0053 4344 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/07/20 15:24:26.0140 4344 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 2011/07/20 15:24:26.0314 4344 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/07/20 15:24:26.0377 4344 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/07/20 15:24:26.0519 4344 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/07/20 15:24:26.0583 4344 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/07/20 15:24:26.0643 4344 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 2011/07/20 15:24:26.0815 4344 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/07/20 15:24:26.0890 4344 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 2011/07/20 15:24:27.0200 4344 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys 2011/07/20 15:24:27.0590 4344 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 2011/07/20 15:24:27.0880 4344 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/07/20 15:24:27.0922 4344 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/07/20 15:24:27.0972 4344 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/07/20 15:24:28.0158 4344 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 2011/07/20 15:24:28.0353 4344 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/07/20 15:24:28.0449 4344 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 2011/07/20 15:24:28.0589 4344 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 2011/07/20 15:24:28.0647 4344 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/07/20 15:24:28.0839 4344 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/07/20 15:24:29.0079 4344 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/07/20 15:24:29.0150 4344 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 2011/07/20 15:24:29.0242 4344 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/07/20 15:24:29.0425 4344 PCDSRVC{C4B36920-79E24793-06000000}_0 (a88f42ad20418620d08a13ad1a70c083) c:\progra~1\pc-doc~1\pcdsrvc.pkms 2011/07/20 15:24:29.0881 4344 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 2011/07/20 15:24:29.0986 4344 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/07/20 15:24:30.0096 4344 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/07/20 15:24:30.0191 4344 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/07/20 15:24:30.0238 4344 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/07/20 15:24:30.0495 4344 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/07/20 15:24:30.0540 4344 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/07/20 15:24:30.0732 4344 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys 2011/07/20 15:24:30.0812 4344 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/07/20 15:24:31.0000 4344 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/07/20 15:24:31.0181 4344 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/07/20 15:24:31.0226 4344 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/07/20 15:24:31.0259 4344 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/07/20 15:24:31.0412 4344 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/07/20 15:24:31.0487 4344 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/07/20 15:24:31.0673 4344 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/07/20 15:24:31.0724 4344 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/07/20 15:24:31.0878 4344 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 2011/07/20 15:24:31.0961 4344 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/07/20 15:24:32.0112 4344 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/07/20 15:24:32.0186 4344 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 2011/07/20 15:24:32.0273 4344 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/07/20 15:24:32.0405 4344 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/07/20 15:24:32.0479 4344 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 2011/07/20 15:24:32.0651 4344 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 2011/07/20 15:24:32.0741 4344 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/07/20 15:24:32.0916 4344 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 2011/07/20 15:24:33.0057 4344 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/07/20 15:24:33.0145 4344 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys 2011/07/20 15:24:33.0341 4344 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/07/20 15:24:33.0430 4344 RTL8167 (e099d23ee1bbce0cf5745f811f3b1882) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/07/20 15:24:33.0565 4344 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 2011/07/20 15:24:33.0771 4344 SAVOnAccess (27788298bc54afcfd8b31ea599fd6b5c) C:\Windows\system32\DRIVERS\savonaccess.sys 2011/07/20 15:24:33.0935 4344 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 2011/07/20 15:24:34.0012 4344 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 2011/07/20 15:24:34.0210 4344 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys 2011/07/20 15:24:34.0313 4344 sdcfilter (30bde6ba44a5afeb63f78eda06c64866) C:\Windows\system32\DRIVERS\sdcfilter.sys 2011/07/20 15:24:34.0458 4344 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/07/20 15:24:34.0548 4344 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/07/20 15:24:34.0578 4344 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/07/20 15:24:34.0699 4344 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/07/20 15:24:34.0787 4344 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/07/20 15:24:34.0913 4344 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/07/20 15:24:34.0975 4344 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 2011/07/20 15:24:35.0034 4344 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/07/20 15:24:35.0170 4344 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/07/20 15:24:35.0269 4344 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/07/20 15:24:35.0406 4344 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/07/20 15:24:35.0483 4344 SKMScan (e407a8eea2fd4bf560c05c0ebf1793b3) C:\Windows\system32\DRIVERS\skmscan.sys 2011/07/20 15:24:35.0643 4344 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/07/20 15:24:35.0861 4344 SophosBootDriver (f2b7bd04146b3e6a895a1919e1f5da89) C:\Windows\system32\DRIVERS\SophosBootDriver.sys 2011/07/20 15:24:35.0922 4344 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/07/20 15:24:36.0108 4344 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 2011/07/20 15:24:36.0164 4344 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 2011/07/20 15:24:36.0334 4344 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/07/20 15:24:36.0389 4344 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/07/20 15:24:36.0577 4344 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/07/20 15:24:36.0739 4344 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 2011/07/20 15:24:36.0898 4344 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/07/20 15:24:37.0071 4344 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 2011/07/20 15:24:37.0115 4344 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 2011/07/20 15:24:37.0195 4344 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 2011/07/20 15:24:37.0375 4344 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys 2011/07/20 15:24:37.0532 4344 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys 2011/07/20 15:24:37.0754 4344 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys 2011/07/20 15:24:37.0910 4344 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/07/20 15:24:37.0973 4344 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 2011/07/20 15:24:38.0009 4344 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 2011/07/20 15:24:38.0154 4344 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 2011/07/20 15:24:38.0214 4344 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 2011/07/20 15:24:38.0404 4344 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys 2011/07/20 15:24:38.0486 4344 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/07/20 15:24:38.0658 4344 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 2011/07/20 15:24:38.0736 4344 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 2011/07/20 15:24:38.0899 4344 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/07/20 15:24:38.0966 4344 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 2011/07/20 15:24:39.0155 4344 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/07/20 15:24:39.0247 4344 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 2011/07/20 15:24:39.0412 4344 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/07/20 15:24:39.0518 4344 USB28xxBGA (62e22a4fa518bafef35bdc17bc5b2819) C:\Windows\system32\DRIVERS\emBDA.sys 2011/07/20 15:24:39.0694 4344 USB28xxOEM (9d055ed70e584df1563b745a7b86de59) C:\Windows\system32\DRIVERS\emOEM.sys 2011/07/20 15:24:39.0862 4344 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 2011/07/20 15:24:39.0913 4344 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/07/20 15:24:39.0970 4344 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/07/20 15:24:40.0124 4344 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/07/20 15:24:40.0209 4344 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 2011/07/20 15:24:40.0307 4344 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 2011/07/20 15:24:40.0400 4344 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/07/20 15:24:40.0565 4344 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/07/20 15:24:40.0619 4344 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/07/20 15:24:40.0656 4344 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/07/20 15:24:40.0836 4344 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 2011/07/20 15:24:40.0910 4344 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/07/20 15:24:41.0096 4344 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/07/20 15:24:41.0130 4344 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/07/20 15:24:41.0198 4344 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 2011/07/20 15:24:41.0372 4344 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/07/20 15:24:41.0433 4344 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/07/20 15:24:41.0580 4344 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/07/20 15:24:41.0639 4344 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 2011/07/20 15:24:41.0779 4344 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 2011/07/20 15:24:41.0826 4344 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 2011/07/20 15:24:41.0897 4344 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/07/20 15:24:42.0049 4344 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 2011/07/20 15:24:42.0126 4344 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/07/20 15:24:42.0287 4344 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/07/20 15:24:42.0328 4344 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/07/20 15:24:42.0497 4344 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/07/20 15:24:42.0541 4344 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/07/20 15:24:42.0714 4344 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/20 15:24:42.0730 4344 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/07/20 15:24:42.0920 4344 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/07/20 15:24:42.0970 4344 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/07/20 15:24:43.0201 4344 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/07/20 15:24:43.0268 4344 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/07/20 15:24:43.0446 4344 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys 2011/07/20 15:24:43.0511 4344 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/07/20 15:24:43.0662 4344 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/07/20 15:24:43.0758 4344 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 2011/07/20 15:24:43.0803 4344 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/07/20 15:24:43.0897 4344 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/07/20 15:24:43.0918 4344 Boot (0x1200) (4b4fae18f372d778218775733e30c830) \Device\Harddisk0\DR0\Partition0 2011/07/20 15:24:43.0949 4344 Boot (0x1200) (61e9873af548b14b61d761182dab405a) \Device\Harddisk0\DR0\Partition1 2011/07/20 15:24:43.0982 4344 Boot (0x1200) (7022ad6c49904470f395a5566b539858) \Device\Harddisk0\DR0\Partition2 2011/07/20 15:24:43.0988 4344 ================================================================================ 2011/07/20 15:24:43.0988 4344 Scan finished 2011/07/20 15:24:43.0988 4344 ================================================================================ 2011/07/20 15:24:44.0006 4760 Detected object count: 0 2011/07/20 15:24:44.0006 4760 Actual detected object count: 0 Anscheinend wurde nichts gefunden. Aber du hast Recht, dass ich in der Tat nicht mehr auf meine eigenen Dateien zugreifen kann. Ein fieser Wurm/Trojaner (was auch immer). Lasse jetzt gerade das unhide.exe Programm durchlaufen. Was muss ich als nächstes tun? Danke nochmal. Du bist mir wirklich eine sehr große Hilfe! LG |
20.07.2011, 14:42 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Malware Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
20.07.2011, 15:41 | #10 |
| Google redirect Malware So lieber Arne, hier meine Log Datei vom Combo Fix: Für mich sind das nur Hieroglyphen, aber vielleicht kannst du ja etwas damit anfangen!? Combofix Logfile: Code:
ATTFilter ComboFix 11-07-20.02 - Maite 20.07.2011 15:56:32.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1033.18.2013.987 [GMT 2:00] ausgeführt von:: c:\users\Maite\Contacts\Desktop\ComboFix.exe AV: Sophos Anti-Virus *Disabled/Outdated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A} SP: Sophos Anti-Virus *Disabled/Outdated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((( Dateien erstellt von 2011-06-20 bis 2011-07-20 )))))))))))))))))))))))))))))) . . 2011-07-20 14:20 . 2011-07-20 14:24 -------- d-----w- c:\users\Maite\AppData\Local\temp 2011-07-20 14:20 . 2011-07-20 14:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-20 12:32 . 2011-07-20 12:32 -------- d-----w- C:\_OTL 2011-07-14 12:03 . 2011-07-14 12:03 -------- d-----w- c:\users\Maite\AppData\Roaming\Malwarebytes 2011-07-14 12:01 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-14 12:01 . 2011-07-14 12:01 -------- d-----w- c:\programdata\Malwarebytes 2011-07-14 12:01 . 2011-07-18 07:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-14 12:01 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-14 07:34 . 2011-07-14 07:34 -------- d-----w- c:\program files\Common Files\Java 2011-07-14 07:29 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys 2011-07-11 19:44 . 2011-07-11 19:44 115712 --sha-r- c:\windows\system32\appmgmtsl.dll 2011-07-11 19:40 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-07-11 19:40 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll 2011-07-11 19:40 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll 2011-07-11 19:40 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-06-22 11:05 . 2011-06-22 11:05 -------- d-----w- c:\program files\Common Files\Cisco Systems 2011-06-22 11:05 . 2011-07-11 19:33 30744 ----a-w- c:\windows\system32\SophosBootTasks.exe 2011-06-22 10:58 . 2011-06-22 10:58 22536 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys 2011-06-21 19:40 . 2011-06-22 10:56 -------- d-----w- c:\program files\Sophos 2011-06-21 19:09 . 2011-06-21 19:09 -------- d-----w- c:\program files\Cisco Systems 2011-06-21 17:57 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll 2011-06-21 17:57 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll 2011-06-21 17:57 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2011-06-21 17:57 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2011-06-21 17:57 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2011-06-21 17:57 . 2011-06-21 17:57 -------- d-----w- c:\programdata\Simply Super Software 2011-06-21 17:57 . 2011-06-21 17:59 -------- d-----w- c:\program files\Trojan Remover 2011-06-21 17:57 . 2011-06-21 17:57 -------- d-----w- c:\users\Maite\AppData\Roaming\Simply Super Software 2011-06-21 10:05 . 2011-06-21 10:05 -------- d-----w- c:\users\Maite\AppData\Local\Sophos 2011-06-21 10:02 . 2011-07-11 19:38 -------- d-----w- c:\programdata\Sophos 2011-06-21 10:00 . 2011-06-21 10:00 -------- d-----w- C:\stdtsa 2011-06-21 09:54 . 2011-06-21 10:18 -------- d-----w- C:\escw_97_sa 2011-06-20 20:47 . 2011-06-20 21:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-06-20 20:47 . 2011-06-20 20:50 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-06-20 20:19 . 2011-06-20 20:30 -------- d-----w- c:\programdata\Autorun Eater . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-20 12:34 . 2011-06-20 12:34 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-20 12:34 . 2011-06-20 12:34 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-20 12:34 . 2011-06-20 12:34 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-20 12:34 . 2011-06-20 12:34 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-20 12:34 . 2011-06-20 12:34 161792 ----a-w- c:\windows\system32\msls31.dll 2011-06-20 12:34 . 2011-06-20 12:34 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-06-20 12:34 . 2011-06-20 12:34 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-06-20 12:34 . 2011-06-20 12:34 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-06-20 12:34 . 2011-06-20 12:34 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-06-20 12:34 . 2011-06-20 12:34 367104 ----a-w- c:\windows\system32\html.iec 2011-06-20 12:34 . 2011-06-20 12:34 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-20 12:34 . 2011-06-20 12:34 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-06-20 12:34 . 2011-06-20 12:34 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-06-20 12:34 . 2011-06-20 12:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-06-20 12:34 . 2011-06-20 12:34 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-20 12:34 . 2011-06-20 12:34 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-06-20 12:34 . 2011-06-20 12:34 152064 ----a-w- c:\windows\system32\wextract.exe 2011-06-20 12:34 . 2011-06-20 12:34 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-06-20 12:34 . 2011-06-20 12:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-06-20 12:34 . 2011-06-20 12:34 11776 ----a-w- c:\windows\system32\mshta.exe 2011-06-20 12:34 . 2011-06-20 12:34 101888 ----a-w- c:\windows\system32\admparse.dll 2011-06-06 11:38 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2011-05-24 17:14 . 2009-11-15 19:18 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-04 02:52 . 2010-06-15 07:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-03 04:30 . 2011-06-19 20:32 741376 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 02:46 . 2011-06-19 20:32 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-29 02:46 . 2011-06-19 20:32 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 02:46 . 2011-06-19 20:32 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-27 02:17 . 2011-06-19 20:32 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-27 02:17 . 2011-06-19 20:32 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-27 02:17 . 2011-06-19 20:32 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 04:31 . 2011-06-19 20:32 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-04-25 02:18 . 2011-06-19 20:32 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-04-22 19:14 . 2011-05-25 08:22 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-09 714016] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-02-03 273544] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-07-05 1167296] "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2011-07-11 494616] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-26 113664] VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-6-22 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService] @="service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-08-18 20848] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040] R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2011-07-11 24312] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-23 1343400] R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2011-06-22 22536] S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2011-07-11 123680] S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [2011-07-11 31736] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [2009-04-15 208896] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-07-11 167960] S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2011-07-11 99864] S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-07-11 1543192] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712] S3 MTsensor32;PU ACPI UTILITY;c:\windows\system32\DRIVERS\PuAcpi32.sys [2009-06-04 14344] S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 37070890 *Deregistered* - 37070890 . Inhalt des "geplante Tasks" Ordners . 2011-06-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:43] . 2011-05-16 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:43] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyServer = http=192.168.91.254:8080;https=192.168.91.254:8080;ftp=192.168.91.254:8080;socks=192.168.91.254:1080 uInternet Settings,ProxyOverride = *.local IE: Free YouTube to Mp3 Converter - c:\users\Maite\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Maite\AppData\Roaming\Mozilla\Firefox\Profiles\uqzv2ah0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://sn119w.snt119.mail.live.com/default.aspx?wa=wsignin1.0|hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe AddRemove-{F46BF5EA-0B4E-4A41-8C4B-3B127346E30F} - c:\users\Maite\AppData\Local\{2853BFD5-3865-45EB-A4E3-967D4A9B969A}\NBCDirectInstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0] "ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-07-20 16:32:52 ComboFix-quarantined-files.txt 2011-07-20 14:32 . Vor Suchlauf: 49.485.033.472 bytes free Nach Suchlauf: 52.129.734.656 bytes free . - - End Of File - - 0E4C189EDB6A3C09878FC4214AC73E03 Vielen Dank. |
20.07.2011, 20:12 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Malware Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
21.07.2011, 08:35 | #12 |
| Google redirect Malware Hey Arne, der Scan mit GMER hat ziemlich lange gedauert (mehrere Stunden). Es war zum Ende jetzt auch keine Nachricht, dass er beendet ist, sodass ich nun unsicher bin, ob er fertig war oder abgestürzt ist. Hier trotzdem das Ergebnis bis dahin: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-07-21 09:01:19 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS543232L9SA00 rev.FB4ZC48C Running: th5ghnnz.exe; Driver: C:\Users\Maite\AppData\Local\Temp\kwdoypob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82E81339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. ! ? C:\Users\Maite\AppData\Local\Temp\catchme.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[2348] kernel32.dll!SetUnhandledExceptionFilter 778DF4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Lenovo\System Update\SUService.exe[2520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Lenovo\System Update\SUService.exe[2520] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Lenovo\System Update\SUService.exe[2520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Lenovo\System Update\SUService.exe[2520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Lenovo\System Update\SUService.exe[2520] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Lenovo\System Update\SUService.exe[2520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[3168] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[3168] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[3168] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[3168] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Program Files\Sophos\AutoUpdate\ALsvc.exe[3168] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75DDFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [746E2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [746C5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [746C56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [746E24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [746D8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [746D4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [746D506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [746D5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746D6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [746D826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [746D87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [746D901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [746DE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[5756] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [746D4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000085 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000087 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00234def4dfa Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00234def4dfa (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 928 ---- EOF - GMER 1.0.15 ---- Nun noch die Ergebniss von OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 09:28:05 on 21.07.2011 OS: Windows 7 Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.18 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Sophos Limited" - C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll [Common] -----( %SystemRoot%\Tasks )----- "PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\pcdr5cuiw32.exe "SystemToolsDailyTest.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl "PWMCP32V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP32V.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASMMAP" (ASMMAP) - ? - C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys "BlackBerry Smartphone" (RimUsb) - ? - C:\Windows\System32\Drivers\RimUsb.sys (File not found) "catchme" (catchme) - ? - C:\Users\Maite\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "kwdoypob" (kwdoypob) - ? - C:\Users\Maite\AppData\Local\Temp\kwdoypob.sys (Hidden registry entry, rootkit activity | File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{3037D694-FD904ACA-06000000}_0) - "PC-Doctor, Inc." - c:\program files\pc-doctor\pcdsrvc.pkms "PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{C4B36920-79E24793-06000000}_0) - "PC-Doctor, Inc." - c:\progra~1\pc-doc~1\pcdsrvc.pkms "SAVOnAccess" (SAVOnAccess) - "Sophos Limited" - C:\Windows\System32\DRIVERS\savonaccess.sys "sdcfilter" (sdcfilter) - "Sophos Plc" - C:\Windows\System32\DRIVERS\sdcfilter.sys "SKMScan" (SKMScan) - "Sophos Plc" - C:\Windows\System32\DRIVERS\skmscan.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} "ContextMenuHandler Class" - "Sophos Limited" - C:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} "Sophos Web Content Scanner" - "Sophos Limited" - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SpybotSD TeaTimer" - "Safer-Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "Sophos AutoUpdate Monitor" - "Sophos Limited" - C:\Program Files\Sophos\AutoUpdate\almon.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot "TPHOTKEY" - "Lenovo Group Limited" - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe "TrojanScanner" - "Simply Super Software" - C:\Program Files\Trojan Remover\Trjscan.exe /boot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "ASLDR Service" (ASLDRService) - ? - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - ? - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "On Screen Display" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe "Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE "Service of LFKA" (LFKAS) - ? - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe "Sophos Anti-Virus" (SAVService) - "Sophos Limited" - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe "Sophos Anti-Virus Statusreporter" (SAVAdminService) - "Sophos Limited" - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe "Sophos AutoUpdate Service" (Sophos AutoUpdate Service) - "Sophos Limited" - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe "Sophos Web Intelligence Service" (swi_service) - "Sophos Limited" - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe "System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files\Lenovo\System Update\SUService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== Und zu guter letzt das Ergebnis von MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 32-bit Logical Drives Mask: 0x0005000c Kernel Drivers (total 214): 0x82E43000 \SystemRoot\system32\ntkrnlpa.exe 0x82E0C000 \SystemRoot\system32\halmacpi.dll 0x80BC8000 \SystemRoot\system32\kdcom.dll 0x8882B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x888B0000 \SystemRoot\system32\PSHED.dll 0x888C1000 \SystemRoot\system32\BOOTVID.dll 0x888C9000 \SystemRoot\system32\CLFS.SYS 0x8890B000 \SystemRoot\system32\CI.dll 0x88A26000 \SystemRoot\system32\drivers\Wdf01000.sys 0x88A97000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x88AA5000 \SystemRoot\system32\drivers\ACPI.sys 0x88AED000 \SystemRoot\system32\drivers\WMILIB.SYS 0x88AF6000 \SystemRoot\system32\drivers\msisadrv.sys 0x88AFE000 \SystemRoot\system32\drivers\pci.sys 0x88B28000 \SystemRoot\system32\drivers\vdrvroot.sys 0x88B33000 \SystemRoot\System32\drivers\partmgr.sys 0x88B44000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x88B4C000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x88B57000 \SystemRoot\system32\drivers\volmgr.sys 0x88B67000 \SystemRoot\System32\drivers\volmgrx.sys 0x88BB2000 \SystemRoot\System32\drivers\mountmgr.sys 0x88BC8000 \SystemRoot\system32\drivers\vmbus.sys 0x88A00000 \SystemRoot\system32\drivers\winhv.sys 0x88A12000 \SystemRoot\system32\drivers\atapi.sys 0x889B6000 \SystemRoot\system32\drivers\ataport.SYS 0x88A1B000 \SystemRoot\system32\drivers\msahci.sys 0x88BF2000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x889D9000 \SystemRoot\system32\drivers\amdxata.sys 0x88C00000 \SystemRoot\system32\drivers\fltmgr.sys 0x88C34000 \SystemRoot\system32\drivers\fileinfo.sys 0x88C45000 \SystemRoot\System32\Drivers\Ntfs.sys 0x88D74000 \SystemRoot\System32\Drivers\msrpc.sys 0x88D9F000 \SystemRoot\System32\Drivers\ksecdd.sys 0x88E23000 \SystemRoot\System32\Drivers\cng.sys 0x88E80000 \SystemRoot\System32\drivers\pcw.sys 0x88E8E000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x88E97000 \SystemRoot\system32\drivers\ndis.sys 0x88F4E000 \SystemRoot\system32\drivers\NETIO.SYS 0x88F8C000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x89026000 \SystemRoot\System32\drivers\tcpip.sys 0x89170000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x891A1000 \SystemRoot\system32\drivers\vmstorfl.sys 0x891AA000 \SystemRoot\system32\drivers\volsnap.sys 0x891E9000 \SystemRoot\System32\Drivers\spldr.sys 0x88FB1000 \SystemRoot\System32\drivers\rdyboost.sys 0x89000000 \SystemRoot\System32\Drivers\mup.sys 0x89010000 \SystemRoot\System32\drivers\hwpolicy.sys 0x88DB2000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x88FDE000 \SystemRoot\system32\DRIVERS\disk.sys 0x88800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8E215000 \SystemRoot\system32\drivers\cdrom.sys 0x8E234000 \SystemRoot\system32\DRIVERS\savonaccess.sys 0x8E25A000 \SystemRoot\System32\Drivers\Null.SYS 0x8E261000 \SystemRoot\System32\Drivers\Beep.SYS 0x8E268000 \SystemRoot\System32\drivers\vga.sys 0x8E274000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8E295000 \SystemRoot\System32\drivers\watchdog.sys 0x8E2A2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8E2AA000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8E2B2000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8E2BA000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8E2C5000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8E2D3000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8E2EA000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8E2F6000 \SystemRoot\system32\drivers\afd.sys 0x8E350000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8E382000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x8E389000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8E3A8000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x8E3B9000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8E3C7000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8E3DA000 \SystemRoot\System32\drivers\Tppwr32v.sys 0x8E3E1000 \SystemRoot\system32\drivers\termdd.sys 0x8E3F2000 \SystemRoot\system32\DRIVERS\skmscan.sys 0x8E810000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8E851000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8E85B000 \SystemRoot\system32\drivers\mssmbios.sys 0x8E865000 \SystemRoot\System32\drivers\discache.sys 0x8E871000 \SystemRoot\system32\drivers\csc.sys 0x8E8D5000 \SystemRoot\System32\Drivers\dfsc.sys 0x8E8ED000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8E8FB000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8E91C000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8F00D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8F92D000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8E92E000 \SystemRoot\System32\drivers\dxgmms1.sys 0x8F9E4000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8E967000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8F9EF000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8E9B2000 \SystemRoot\system32\drivers\HDAudBus.sys 0x95209000 \SystemRoot\system32\DRIVERS\NETw5s32.sys 0x957E8000 \SystemRoot\System32\drivers\vwifibus.sys 0x94E35000 \SystemRoot\system32\DRIVERS\Rt86win7.sys 0x94E8F000 \SystemRoot\system32\drivers\1394ohci.sys 0x94EBC000 \SystemRoot\system32\drivers\sdbus.sys 0x94ED5000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x94F26000 \SystemRoot\system32\drivers\i8042prt.sys 0x94F3E000 \SystemRoot\system32\drivers\kbdclass.sys 0x94F4B000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x94F82000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x94F84000 \SystemRoot\system32\drivers\mouclass.sys 0x94F91000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x94F97000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x94F9B000 \SystemRoot\system32\DRIVERS\PuAcpi32.sys 0x94FA3000 \SystemRoot\system32\drivers\CompositeBus.sys 0x94FB0000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x94FCF000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x94FE1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x94E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x94E0B000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8E9D1000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8E9E9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x88DE4000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x957F2000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x94E2D000 \SystemRoot\system32\DRIVERS\psadd.sys 0x94E33000 \SystemRoot\system32\drivers\swenum.sys 0x82037000 \SystemRoot\system32\drivers\ks.sys 0x8206B000 \SystemRoot\system32\drivers\umbus.sys 0x82079000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x820BD000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x820CE000 \SystemRoot\system32\drivers\HdAudio.sys 0x8211E000 \SystemRoot\system32\drivers\portcls.sys 0x8214D000 \SystemRoot\system32\drivers\drmk.sys 0x82166000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS 0x82638000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS 0x8273A000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS 0x827EF000 \SystemRoot\system32\drivers\modem.sys 0x976E0000 \SystemRoot\System32\win32k.sys 0x82600000 \SystemRoot\System32\drivers\Dxapi.sys 0x8260A000 \SystemRoot\System32\Drivers\crashdmp.sys 0x82617000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x82622000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x821A3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x821B4000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x821CB000 \SystemRoot\System32\Drivers\usbvideo.sys 0x97940000 \SystemRoot\System32\TSDDD.dll 0x97970000 \SystemRoot\System32\cdd.dll 0x821EF000 \SystemRoot\system32\drivers\btusbflt.sys 0x82000000 \SystemRoot\System32\Drivers\BTHUSB.sys 0x8FC08000 \SystemRoot\System32\Drivers\bthport.sys 0x8FC96000 \SystemRoot\system32\drivers\luafv.sys 0x8FCB1000 \SystemRoot\system32\drivers\WudfPf.sys 0x8FCCB000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0x8FCEF000 \SystemRoot\system32\drivers\BthEnum.sys 0x8FCFC000 \SystemRoot\system32\DRIVERS\bthpan.sys 0x8FD17000 \SystemRoot\system32\DRIVERS\hidbth.sys 0x8FD32000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8FD45000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8FD4C000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8FD81000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8FD91000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8FDD7000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8FDE7000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8FC00000 \??\C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys 0xAA82D000 \SystemRoot\system32\drivers\HTTP.sys 0xAA8B2000 \SystemRoot\system32\DRIVERS\bowser.sys 0xAA8CB000 \SystemRoot\System32\drivers\mpsdrv.sys 0xAA8DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAA900000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xAA93B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xAA96E000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0xB103A000 \SystemRoot\system32\drivers\peauth.sys 0xB10D1000 \SystemRoot\System32\Drivers\secdrv.SYS 0xB10DB000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xB10FC000 \SystemRoot\System32\drivers\tcpipreg.sys 0xB1109000 \SystemRoot\System32\DRIVERS\srv2.sys 0xB1159000 \SystemRoot\System32\DRIVERS\srv.sys 0xB11AB000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xB11C1000 \??\C:\Windows\system32\drivers\mbam.sys 0xB9499000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xB94D2000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0xB94DB000 \??\C:\Users\Maite\AppData\Local\Temp\catchme.sys 0xB94F9000 \??\C:\Users\Maite\AppData\Local\Temp\kwdoypob.sys 0xB9512000 \??\c:\program files\pc-doctor\pcdsrvc.pkms 0xB952E000 \SystemRoot\system32\DRIVERS\monitor.sys 0x77D00000 \Windows\System32\ntdll.dll 0x47BB0000 \Windows\System32\smss.exe 0x77F40000 \Windows\System32\apisetschema.dll 0x00070000 \Windows\System32\autochk.exe 0x77EA0000 \Windows\System32\clbcatq.dll 0x77C30000 \Windows\System32\user32.dll 0x77B80000 \Windows\System32\msvcrt.dll 0x77E90000 \Windows\System32\lpk.dll 0x77E80000 \Windows\System32\normaliz.dll 0x77B00000 \Windows\System32\comdlg32.dll 0x77E60000 \Windows\System32\imm32.dll 0x77AD0000 \Windows\System32\imagehlp.dll 0x77E50000 \Windows\System32\nsi.dll 0x77970000 \Windows\System32\ole32.dll 0x77890000 \Windows\System32\kernel32.dll 0x777C0000 \Windows\System32\msctf.dll 0x77720000 \Windows\System32\advapi32.dll 0x776E0000 \Windows\System32\ws2_32.dll 0x76A90000 \Windows\System32\shell32.dll 0x76980000 \Windows\System32\urlmon.dll 0x77E40000 \Windows\System32\psapi.dll 0x767C0000 \Windows\System32\iertutil.dll 0x76770000 \Windows\System32\gdi32.dll 0x76720000 \Windows\System32\Wldap32.dll 0x76670000 \Windows\System32\rpcrt4.dll 0x764D0000 \Windows\System32\setupapi.dll 0x763B0000 \Windows\System32\wininet.dll 0x76350000 \Windows\System32\shlwapi.dll 0x762C0000 \Windows\System32\oleaut32.dll 0x76260000 \Windows\System32\difxapi.dll 0x76240000 \Windows\System32\sechost.dll 0x761A0000 \Windows\System32\usp10.dll 0x76170000 \Windows\System32\wintrust.dll 0x76140000 \Windows\System32\cfgmgr32.dll 0x760F0000 \Windows\System32\KernelBase.dll 0x760D0000 \Windows\System32\devobj.dll 0x75FB0000 \Windows\System32\crypt32.dll 0x75F20000 \Windows\System32\comctl32.dll 0x75F10000 \Windows\System32\msasn1.dll Processes (total 68): 0 System Idle Process 4 System 272 C:\Windows\System32\smss.exe 376 csrss.exe 432 C:\Windows\System32\wininit.exe 444 csrss.exe 480 C:\Windows\System32\services.exe 496 C:\Windows\System32\lsass.exe 504 C:\Windows\System32\lsm.exe 568 C:\Windows\System32\winlogon.exe 652 C:\Windows\System32\svchost.exe 728 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\svchost.exe 864 C:\Windows\System32\svchost.exe 896 C:\Windows\System32\svchost.exe 1044 C:\Windows\System32\svchost.exe 1120 C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe 1424 C:\Windows\System32\dwm.exe 1724 C:\Windows\System32\svchost.exe 1804 C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe 1828 C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe 1852 C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe 1968 C:\Windows\System32\spoolsv.exe 636 C:\Windows\System32\taskhost.exe 936 C:\Windows\System32\svchost.exe 1364 C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe 1352 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1340 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 1960 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe 308 C:\Program Files\Lenovo\ZOOM\TpScrex.exe 2304 C:\Program Files\Lenovo\ATK Hotkey\LControl.exe 2312 C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe 2336 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 2348 C:\Program Files\Real\RealPlayer\Update\realsched.exe 2440 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2480 C:\Windows\System32\igfxtray.exe 2488 C:\Windows\System32\hkcmd.exe 2512 C:\Windows\System32\igfxpers.exe 2576 C:\Program Files\Bonjour\mDNSResponder.exe 2752 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 2780 C:\Program Files\Sophos\AutoUpdate\ALMon.exe 2796 C:\Windows\System32\svchost.exe 2848 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 2868 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3040 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 3120 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe 3168 C:\Program Files\Sophos\AutoUpdate\ALsvc.exe 3256 C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe 3332 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe 3776 C:\Program Files\Windows Sidebar\sidebar.exe 3956 PrintIsolationHost.exe 4056 C:\Windows\System32\StikyNot.exe 2552 C:\Windows\System32\SearchIndexer.exe 4032 C:\Windows\System32\svchost.exe 3112 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 2676 C:\Program Files\iPod\bin\iPodService.exe 324 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 2520 C:\Program Files\Lenovo\System Update\SUService.exe 3700 C:\Program Files\Windows Media Player\wmpnetwk.exe 4912 C:\Windows\System32\svchost.exe 4992 C:\Windows\System32\svchost.exe 4956 C:\Windows\System32\svchost.exe 5756 C:\Windows\explorer.exe 9928 C:\Program Files\Mozilla Firefox\firefox.exe 8720 C:\Program Files\Mozilla Firefox\plugin-container.exe 9948 C:\Users\Maite\Contacts\Desktop\MBRCheck.exe 7516 C:\Windows\System32\conhost.exe 6528 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS) \\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000048`14c00000 (NTFS) \\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: HITACHIHTS543232L9SA00, Rev: FB4ZC48C Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! Ich hoffe das hilft dir weiter. Bin gespannt wie es weitergeht ;-) |
21.07.2011, 09:45 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect Malware Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
22.07.2011, 09:57 | #14 |
| Google redirect Malware Guten Morgen Arne, die Scans haben einige Zeit in Anspruch genommen. Hier nun die angeforderten logs: Malewarebytes: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7219 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 21.07.2011 15:08:34 mbam-log-2011-07-21 (15-08-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|) Durchsuchte Objekte: 459343 Laufzeit: 3 Stunde(n), 54 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Super Anti Spyware: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 07/21/2011 at 10:36 PM Application Version : 4.55.1000 Core Rules Database Version : 7437 Trace Rules Database Version: 5249 Scan type : Complete Scan Total Scan Time : 06:59:49 Memory items scanned : 780 Memory threats detected : 0 Registry items scanned : 10149 Registry threats detected : 0 File items scanned : 288881 File threats detected : 102 Adware.Tracking Cookie C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ads.addynamix[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad.360yield[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@clicksor[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad.adc-serv[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@specificclick[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@mediabrandsww[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@mvtracker[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad1.adfarm1.adition[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@myroitracking[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad2.adfarm1.adition[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@imrworldwide[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@revsci[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ads.adk2[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@bs.serving-sys[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad3.adfarm1.adition[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@media6degrees[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@adtech[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@server.cpmstar[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@tracking.mindshare[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad.ad-srv[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@adxpose[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@adsrv1.admediate[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@2o7[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad.adition[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@zanox[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad.zanox[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@content.yieldmanager[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ads.247activemedia[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@traffictrack[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@smartadserver[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@xm.xtendmedia[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@weborama[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad.adserver01[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@atdmt[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@a1.interclick[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@demandwarecrocs.112.2o7[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ads.gamersmedia[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@content.yieldmanager[3].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@invitemedia[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@adserver[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@adserving.versaneeds[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@advertising[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@webmasterplan[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@tracking.quisma[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@legolas-media[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@unitymedia[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@www.usenext[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ads.creative-serving[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@e2.emediate[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@vidasco.rotator.hadj7.adjuggler[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad.adnet[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@interclick[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@www.etracker[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@yieldmanager[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@adfarm1.adition[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@zanox-affiliate[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@www.matrix-media[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@serving-sys[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ru4[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@fidelity.rotator.hadj7.adjuggler[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@adbrite[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@vodafonegroup.122.2o7[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ads.intergi[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@eas.apm.emediate[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@harrenmedianetwork[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@m1.mediasrv[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@eyewonder[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad.dyntracker[1].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@yieldmanager[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@ad.dyntracker[2].txt C:\Users\Maite\AppData\Roaming\Microsoft\Windows\Cookies\maite@dc.tremormedia[2].txt a.ads2.msads.net [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] ads2.msads.net [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] aka-cdn-ns.adtech.de [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] b.ads2.msads.net [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] cdn5.specificclick.net [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] cloud.video.unrulymedia.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] ia.media-imdb.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] imagesrv.adition.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] media.expedia.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] media.scanscout.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] media.socialvibe.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] msnbcmedia.msn.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] msntest.serving-sys.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] objects.tremormedia.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] s0.2mdn.net [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] secure-us.imrworldwide.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] www.99counters.com [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] www.ardmediathek.de [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] www.secmedia.de [ C:\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BBZBVFRZ ] cdn1.eyewonder.com [ C:\Windows.old\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQAADRRK ] content.oddcast.com [ C:\Windows.old\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQAADRRK ] ds.serving-sys.com [ C:\Windows.old\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQAADRRK ] googleads.g.doubleclick.net [ C:\Windows.old\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQAADRRK ] media.mtvnservices.com [ C:\Windows.old\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQAADRRK ] media.tattomedia.com [ C:\Windows.old\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQAADRRK ] msntest.serving-sys.com [ C:\Windows.old\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQAADRRK ] objects.tremormedia.com [ C:\Windows.old\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQAADRRK ] objects.tremormedia.eu [ C:\Windows.old\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQAADRRK ] serving-sys.com [ C:\Windows.old\Users\Maite\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\YQAADRRK ] Trojan.Agent/Gen-Falcomp[RE] C:\WINDOWS\SYSTEM32\APPMGMTSL.DLL Trojan.Dropper/Win-NV C:\WINDOWS.OLD\PROGRAM FILES\PCDR5\HTTP.DLL Bei Eset hat er nur folgendes als Threat herausgefunden: C:\Users\Maite\Downloads\Nero-9.4.12.3d_free.exe Win32/Toolbar.AskSBar application Eine log Datei wurde nicht erstellt, bzw. konnte ich irgendwie nicht erstellen. Auch wenn ich auf das Windowszeichen +R gehen und das eintippe, was du gepostet hast, findet er nichts!? Das Windows Security Center scheint wieder zu funktionieren, jedoch erscheinen "My Documents", "My Pictures", "My Music" und "My Videos" zweimal. Eines kann ich öffnen, bei dem anderen heißt es "Access denied"!? LG |
22.07.2011, 10:24 | #15 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google redirect MalwareZitat:
Bei SUPERAntiSpyware nur Cookies und Überreste, ESET hat einen "halben" Fehlalarm gemeldet, halb deswegen, weil viele Installer Adware in Form von Toolbars enthält. Man darf sie nur nicht mitinstallieren, deswegen immer die benutzerdefinierte Methode beim Installieren verwenden!
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Google redirect Malware |
alternate, autorun, bho, bonjour, converter, defender, dringend, error, explorer, firefox, format, ftp, gfnexsrv.exe, google, google redirect malware virus entfernen, hijack.zones, langs, launch, lenovo, logfile, malwar, malware, mbamservice.exe, monitor, mozilla, mp3, object, plug-in, registry, safer networking, scan, software, start menu, super, taskhost.exe, temp, trojan.fakealert.sa, trojan.fraudpack.gen, trojaner, unterschiede, version=1.0, virus, webcheck, wurm |