| |
| |||||||
Log-Analyse und Auswertung: Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.12.2011, 20:58
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.07.27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
[2011.12.27 06:54:19 | 000,114,688 | ---- | M] (SoftThinks) -- C:\windows\System32\chg.exe
[2011.12.27 06:53:56 | 000,000,326 | ---- | M] () -- C:\windows\tasks\EFRQ.job
[2011.12.26 12:25:01 | 000,002,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SDASET~1.EXE.lnk
[2011.12.26 12:14:15 | 000,002,161 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\sdasetup[1].exe.lnk
[2011.12.25 15:06:27 | 000,163,840 | RHS- | M] () -- C:\windows\System32\kbdcz29.dll
[2010.08.15 10:43:12 | 001,537,696 | ---- | M] (Adobe Systems Incorporated) -- C:\install_flash_player_9_ax.exe
[2010.08.15 10:12:19 | 001,654,059 | ---- | M] () -- C:\mgaw98.EXE
[2010.08.15 09:15:25 | 006,649,121 | ---- | M] () -- C:\w9x_682.exe
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.12.2011, 22:43
| #17 |
 | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Fix Log
__________________Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Programme\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\ deleted successfully.
C:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTOEXEC.BAT moved successfully.
C:\WINDOWS\system32\chg.exe moved successfully.
C:\windows\tasks\EFRQ.job moved successfully.
C:\Dokumente und Einstellungen\Administrator\Desktop\SDASET~1.EXE.lnk moved successfully.
C:\Dokumente und Einstellungen\Administrator\Desktop\sdasetup[1].exe.lnk moved successfully.
C:\WINDOWS\system32\kbdcz29.dll moved successfully.
C:\install_flash_player_9_ax.exe moved successfully.
C:\mgaw98.EXE moved successfully.
C:\w9x_682.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 2791846 bytes
->Temporary Internet Files folder emptied: 44240348 bytes
->Java cache emptied: 2194659 bytes
->Apple Safari cache emptied: 164384768 bytes
->Flash cache emptied: 1619 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82054 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 20293 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66499 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 204,00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12282011_222509
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
28.12.2011, 23:39
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
29.12.2011, 06:57
| #19 |
| | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 TDSSKiller Log Code:
ATTFilter
06:49:32.0843 4724 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
06:49:33.0015 4724 ============================================================
06:49:33.0015 4724 Current date / time: 2011/12/29 06:49:33.0015
06:49:33.0015 4724 SystemInfo:
06:49:33.0015 4724
06:49:33.0015 4724 OS Version: 5.1.2600 ServicePack: 3.0
06:49:33.0015 4724 Product type: Workstation
06:49:33.0015 4724 ComputerName: PC279312431166
06:49:33.0015 4724 UserName: Administrator
06:49:33.0015 4724 Windows directory: C:\windows
06:49:33.0015 4724 System windows directory: C:\windows
06:49:33.0015 4724 Processor architecture: Intel x86
06:49:33.0015 4724 Number of processors: 2
06:49:33.0015 4724 Page size: 0x1000
06:49:33.0015 4724 Boot type: Normal boot
06:49:33.0015 4724 ============================================================
06:49:34.0656 4724 Initialize success
06:53:59.0578 5048 ============================================================
06:53:59.0578 5048 Scan started
06:53:59.0578 5048 Mode: Manual; SigCheck; TDLFS;
06:53:59.0578 5048 ============================================================
06:54:00.0046 5048 3xHybrid (ed7144eb96cb9c90269fd693295cdcf3) C:\windows\system32\DRIVERS\3xHybrid.sys
06:54:00.0250 5048 3xHybrid - ok
06:54:00.0328 5048 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\windows\system32\DRIVERS\61883.sys
06:54:02.0937 5048 61883 - ok
06:54:03.0078 5048 Abiosdsk - ok
06:54:03.0125 5048 abp480n5 - ok
06:54:03.0187 5048 Accelerometer (558a0039f0ef634397e1f61055504478) C:\windows\system32\DRIVERS\Accelerometer.sys
06:54:03.0250 5048 Accelerometer - ok
06:54:03.0375 5048 ACEDRV08 (da06d89cdfdd0d24de75165cf6d4270b) C:\WINDOWS\system32\drivers\ACEDRV08.sys
06:54:03.0390 5048 ACEDRV08 - ok
06:54:03.0531 5048 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\windows\system32\DRIVERS\ACPI.sys
06:54:03.0796 5048 ACPI - ok
06:54:03.0890 5048 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\windows\system32\DRIVERS\ACPIEC.sys
06:54:04.0046 5048 ACPIEC - ok
06:54:04.0156 5048 ADIHdAudAddService (be4beb3fde3edfad4ef2760722717b0f) C:\windows\system32\drivers\ADIHdAud.sys
06:54:04.0203 5048 ADIHdAudAddService - ok
06:54:04.0265 5048 adpu160m - ok
06:54:04.0328 5048 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\windows\system32\drivers\AEAudio.sys
06:54:04.0343 5048 AEAudio - ok
06:54:04.0437 5048 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
06:54:04.0609 5048 aec - ok
06:54:04.0687 5048 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
06:54:04.0750 5048 AFD - ok
06:54:04.0890 5048 AgereSoftModem (90456051c422e09bc36e6340dd891f0c) C:\windows\system32\DRIVERS\AGRSM.sys
06:54:05.0031 5048 AgereSoftModem - ok
06:54:05.0093 5048 Aha154x - ok
06:54:05.0140 5048 aic78u2 - ok
06:54:05.0203 5048 aic78xx - ok
06:54:05.0265 5048 AliIde (1140ab9938809700b46bb88e46d72a96) C:\windows\system32\DRIVERS\aliide.sys
06:54:05.0515 5048 AliIde - ok
06:54:05.0625 5048 AmdK8 (58be3c2f1aa041ea56f7305a6463035c) C:\windows\system32\DRIVERS\AmdK8.sys
06:54:05.0671 5048 AmdK8 - ok
06:54:05.0765 5048 amsint - ok
06:54:05.0828 5048 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys
06:54:05.0984 5048 Arp1394 - ok
06:54:06.0015 5048 asc - ok
06:54:06.0093 5048 asc3350p - ok
06:54:06.0125 5048 asc3550 - ok
06:54:06.0281 5048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
06:54:06.0453 5048 AsyncMac - ok
06:54:06.0515 5048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
06:54:06.0687 5048 atapi - ok
06:54:06.0734 5048 Atdisk - ok
06:54:06.0859 5048 ati2mtag (a1789368b4a31d2111af7aeda0c8d3fc) C:\windows\system32\DRIVERS\ati2mtag.sys
06:54:06.0968 5048 ati2mtag - ok
06:54:07.0109 5048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
06:54:07.0265 5048 Atmarpc - ok
06:54:07.0359 5048 ATSWPDRV (293e8cc3c246a89f4cca75b024ad757f) C:\windows\system32\DRIVERS\ATSwpDrv.sys
06:54:07.0359 5048 ATSWPDRV - ok
06:54:07.0406 5048 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
06:54:07.0562 5048 audstub - ok
06:54:07.0625 5048 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\windows\system32\DRIVERS\avc.sys
06:54:07.0781 5048 Avc - ok
06:54:07.0890 5048 b57w2k (74a65415dfaad20f06e7550fa9b6e012) C:\windows\system32\DRIVERS\b57xp32.sys
06:54:07.0937 5048 b57w2k - ok
06:54:08.0031 5048 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\windows\system32\DRIVERS\bcmwl5.sys
06:54:08.0109 5048 BCM43XX - ok
06:54:08.0218 5048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
06:54:08.0390 5048 Beep - ok
06:54:08.0515 5048 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\windows\system32\drivers\btaudio.sys
06:54:08.0578 5048 btaudio - ok
06:54:08.0640 5048 BTCFilterService - ok
06:54:08.0703 5048 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\windows\system32\DRIVERS\btport.sys
06:54:08.0765 5048 BTDriver - ok
06:54:08.0921 5048 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\windows\system32\DRIVERS\btkrnl.sys
06:54:09.0078 5048 BTKRNL - ok
06:54:09.0187 5048 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\windows\system32\DRIVERS\btwdndis.sys
06:54:09.0234 5048 BTWDNDIS - ok
06:54:09.0359 5048 btwmodem (e206ec370646e42dc862fd995869d31d) C:\windows\system32\DRIVERS\btwmodem.sys
06:54:09.0421 5048 btwmodem - ok
06:54:09.0484 5048 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\windows\system32\Drivers\btwusb.sys
06:54:09.0515 5048 BTWUSB - ok
06:54:09.0593 5048 Cap7134 (fdfe848c821f0666c4507a11717146c2) C:\windows\system32\DRIVERS\Cap7134.sys
06:54:09.0718 5048 Cap7134 - ok
06:54:09.0718 5048 catchme - ok
06:54:09.0828 5048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
06:54:10.0062 5048 cbidf2k - ok
06:54:10.0156 5048 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
06:54:10.0296 5048 CCDECODE - ok
06:54:10.0343 5048 cd20xrnt - ok
06:54:10.0375 5048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
06:54:10.0546 5048 Cdaudio - ok
06:54:10.0625 5048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
06:54:10.0781 5048 Cdfs - ok
06:54:10.0859 5048 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
06:54:11.0015 5048 Cdrom - ok
06:54:11.0046 5048 Changer - ok
06:54:11.0125 5048 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\windows\system32\DRIVERS\CmBatt.sys
06:54:11.0265 5048 CmBatt - ok
06:54:11.0328 5048 CmdIde - ok
06:54:11.0375 5048 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys
06:54:11.0531 5048 Compbatt - ok
06:54:11.0593 5048 Cpqarray - ok
06:54:11.0656 5048 dac2w2k - ok
06:54:11.0687 5048 dac960nt - ok
06:54:11.0750 5048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
06:54:11.0921 5048 Disk - ok
06:54:12.0015 5048 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\windows\system32\drivers\dmboot.sys
06:54:12.0250 5048 dmboot - ok
06:54:12.0328 5048 dmio (53720ab12b48719d00e327da470a619a) C:\windows\system32\drivers\dmio.sys
06:54:12.0468 5048 dmio - ok
06:54:12.0515 5048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
06:54:12.0671 5048 dmload - ok
06:54:12.0796 5048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
06:54:12.0953 5048 DMusic - ok
06:54:13.0062 5048 dpti2o - ok
06:54:13.0125 5048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
06:54:13.0265 5048 drmkaud - ok
06:54:13.0343 5048 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\windows\system32\DRIVERS\eabfiltr.sys
06:54:13.0375 5048 eabfiltr - ok
06:54:13.0500 5048 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
06:54:13.0640 5048 Fastfat - ok
06:54:13.0718 5048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
06:54:13.0875 5048 Fdc - ok
06:54:13.0906 5048 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\windows\system32\drivers\Fips.sys
06:54:14.0046 5048 Fips - ok
06:54:14.0093 5048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys
06:54:14.0250 5048 Flpydisk - ok
06:54:14.0343 5048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys
06:54:14.0484 5048 FltMgr - ok
06:54:14.0578 5048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
06:54:14.0750 5048 Fs_Rec - ok
06:54:14.0828 5048 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\windows\system32\drivers\ftdibus.sys
06:54:14.0828 5048 FTDIBUS - ok
06:54:14.0875 5048 Ftdisk (8f1955ce42e1484714b542f341647778) C:\windows\system32\DRIVERS\ftdisk.sys
06:54:15.0031 5048 Ftdisk - ok
06:54:15.0125 5048 FTSER2K (596d31583ce332b5514520d74837f434) C:\windows\system32\drivers\ftser2k.sys
06:54:15.0125 5048 FTSER2K - ok
06:54:15.0218 5048 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
06:54:15.0234 5048 GEARAspiWDM - ok
06:54:15.0296 5048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
06:54:15.0453 5048 Gpc - ok
06:54:15.0531 5048 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\windows\system32\DRIVERS\cpqbttn.sys
06:54:15.0546 5048 HBtnKey - ok
06:54:15.0625 5048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys
06:54:15.0765 5048 HDAudBus - ok
06:54:15.0859 5048 hpdskflt (5953c0952e4dd2b25b9adef05ab0285c) C:\windows\system32\DRIVERS\hpdskflt.sys
06:54:15.0875 5048 hpdskflt - ok
06:54:15.0921 5048 hpn - ok
06:54:15.0984 5048 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\windows\system32\DRIVERS\HPZid412.sys
06:54:16.0078 5048 HPZid412 - ok
06:54:16.0171 5048 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\windows\system32\DRIVERS\HPZipr12.sys
06:54:16.0265 5048 HPZipr12 - ok
06:54:16.0359 5048 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\windows\system32\DRIVERS\HPZius12.sys
06:54:16.0437 5048 HPZius12 - ok
06:54:16.0515 5048 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
06:54:16.0578 5048 HTTP - ok
06:54:16.0640 5048 i2omgmt - ok
06:54:16.0687 5048 i2omp - ok
06:54:16.0765 5048 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\windows\system32\DRIVERS\i8042prt.sys
06:54:16.0921 5048 i8042prt - ok
06:54:16.0968 5048 IFXTPM (f67554da27d5b55efcb6c7cb4818fbfd) C:\windows\system32\DRIVERS\IFXTPM.SYS
06:54:17.0015 5048 IFXTPM - ok
06:54:17.0078 5048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
06:54:17.0218 5048 Imapi - ok
06:54:17.0343 5048 ini910u - ok
06:54:17.0421 5048 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\windows\system32\DRIVERS\intelide.sys
06:54:17.0562 5048 IntelIde - ok
06:54:17.0609 5048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys
06:54:17.0750 5048 Ip6Fw - ok
06:54:17.0843 5048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
06:54:17.0984 5048 IpFilterDriver - ok
06:54:18.0015 5048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
06:54:18.0156 5048 IpInIp - ok
06:54:18.0343 5048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
06:54:18.0484 5048 IpNat - ok
06:54:18.0578 5048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
06:54:18.0703 5048 IPSec - ok
06:54:18.0750 5048 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\windows\system32\DRIVERS\irda.sys
06:54:18.0890 5048 irda - ok
06:54:18.0984 5048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
06:54:19.0125 5048 IRENUM - ok
06:54:19.0218 5048 isapnp (6dfb88f64135c525433e87648bda30de) C:\windows\system32\DRIVERS\isapnp.sys
06:54:19.0359 5048 isapnp - ok
06:54:19.0421 5048 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\windows\system32\DRIVERS\kbdclass.sys
06:54:19.0562 5048 Kbdclass - ok
06:54:19.0593 5048 kbdhid (b6d6c117d771c98130497265f26d1882) C:\windows\system32\DRIVERS\kbdhid.sys
06:54:19.0734 5048 kbdhid - ok
06:54:19.0781 5048 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
06:54:19.0937 5048 kmixer - ok
06:54:20.0062 5048 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
06:54:20.0171 5048 KSecDD - ok
06:54:20.0265 5048 lbrtfdc - ok
06:54:20.0328 5048 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\windows\system32\drivers\libusb0.sys
06:54:20.0343 5048 libusb0 ( UnsignedFile.Multi.Generic ) - warning
06:54:20.0343 5048 libusb0 - detected UnsignedFile.Multi.Generic (1)
06:54:20.0453 5048 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys
06:54:20.0484 5048 MBAMProtector - ok
06:54:20.0578 5048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
06:54:20.0843 5048 mnmdd - ok
06:54:20.0953 5048 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\windows\system32\drivers\Modem.sys
06:54:21.0093 5048 Modem - ok
06:54:21.0140 5048 motccgp - ok
06:54:21.0265 5048 motccgpfl - ok
06:54:21.0296 5048 motmodem - ok
06:54:21.0328 5048 MotoSwitchService - ok
06:54:21.0375 5048 Motousbnet - ok
06:54:21.0406 5048 motusbdevice - ok
06:54:21.0515 5048 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\windows\system32\DRIVERS\mouclass.sys
06:54:21.0671 5048 Mouclass - ok
06:54:21.0718 5048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
06:54:21.0859 5048 MountMgr - ok
06:54:22.0000 5048 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\windows\system32\DRIVERS\MPE.sys
06:54:22.0140 5048 MPE - ok
06:54:22.0250 5048 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
06:54:22.0390 5048 MQAC - ok
06:54:22.0437 5048 mraid35x - ok
06:54:22.0515 5048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
06:54:22.0656 5048 MRxDAV - ok
06:54:22.0781 5048 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
06:54:22.0921 5048 MRxSmb - ok
06:54:23.0015 5048 MSDV (1477849772712bac69c144dcf2c9ce81) C:\windows\system32\DRIVERS\msdv.sys
06:54:23.0156 5048 MSDV - ok
06:54:23.0265 5048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
06:54:23.0406 5048 Msfs - ok
06:54:23.0468 5048 MSIRCOMM (95c6432151ccff8617352f8e616a1aa4) C:\windows\system32\DRIVERS\MSIRCOMM.sys
06:54:23.0609 5048 MSIRCOMM - ok
06:54:23.0656 5048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
06:54:23.0796 5048 MSKSSRV - ok
06:54:23.0859 5048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
06:54:23.0984 5048 MSPCLOCK - ok
06:54:24.0093 5048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
06:54:24.0250 5048 MSPQM - ok
06:54:24.0375 5048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
06:54:24.0500 5048 mssmbios - ok
06:54:24.0546 5048 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
06:54:24.0703 5048 MSTEE - ok
06:54:24.0765 5048 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
06:54:24.0828 5048 Mup - ok
06:54:24.0984 5048 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
06:54:25.0125 5048 NABTSFEC - ok
06:54:25.0187 5048 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
06:54:25.0343 5048 NDIS - ok
06:54:25.0421 5048 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
06:54:25.0562 5048 NdisIP - ok
06:54:25.0718 5048 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
06:54:25.0796 5048 NdisTapi - ok
06:54:25.0859 5048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
06:54:26.0015 5048 Ndisuio - ok
06:54:26.0062 5048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
06:54:26.0203 5048 NdisWan - ok
06:54:26.0328 5048 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
06:54:26.0390 5048 NDProxy - ok
06:54:26.0453 5048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
06:54:26.0609 5048 NetBIOS - ok
06:54:26.0656 5048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
06:54:26.0796 5048 NetBT - ok
06:54:26.0953 5048 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys
06:54:27.0109 5048 NIC1394 - ok
06:54:27.0187 5048 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\windows\system32\drivers\ccdcmb.sys
06:54:27.0375 5048 nmwcd - ok
06:54:27.0546 5048 nmwcdc (3859c69a77793180548802dac9f34a38) C:\windows\system32\drivers\ccdcmbo.sys
06:54:27.0609 5048 nmwcdc - ok
06:54:27.0828 5048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
06:54:28.0046 5048 Npfs - ok
06:54:28.0203 5048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
06:54:28.0390 5048 Ntfs - ok
06:54:28.0484 5048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
06:54:28.0640 5048 Null - ok
06:54:28.0703 5048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
06:54:28.0875 5048 NwlnkFlt - ok
06:54:29.0031 5048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
06:54:29.0187 5048 NwlnkFwd - ok
06:54:29.0265 5048 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys
06:54:29.0406 5048 ohci1394 - ok
06:54:29.0453 5048 Parport (f84785660305b9b903fb3bca8ba29837) C:\windows\system32\DRIVERS\parport.sys
06:54:29.0593 5048 Parport - ok
06:54:29.0656 5048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
06:54:29.0781 5048 PartMgr - ok
06:54:29.0890 5048 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\windows\system32\drivers\ParVdm.sys
06:54:30.0062 5048 ParVdm - ok
06:54:30.0140 5048 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys
06:54:30.0187 5048 pccsmcfd - ok
06:54:30.0281 5048 PCI (387e8dedc343aa2d1efbc30580273acd) C:\windows\system32\DRIVERS\pci.sys
06:54:30.0421 5048 PCI - ok
06:54:30.0484 5048 PCIDump - ok
06:54:30.0562 5048 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\windows\system32\DRIVERS\pciide.sys
06:54:30.0734 5048 PCIIde - ok
06:54:30.0765 5048 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\windows\system32\DRIVERS\pcmcia.sys
06:54:30.0906 5048 Pcmcia - ok
06:54:30.0984 5048 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\windows\system32\Drivers\pcouffin.sys
06:54:31.0015 5048 pcouffin ( UnsignedFile.Multi.Generic ) - warning
06:54:31.0015 5048 pcouffin - detected UnsignedFile.Multi.Generic (1)
06:54:31.0093 5048 PDCOMP - ok
06:54:31.0125 5048 PDFRAME - ok
06:54:31.0203 5048 PDRELI - ok
06:54:31.0250 5048 PDRFRAME - ok
06:54:31.0281 5048 perc2 - ok
06:54:31.0312 5048 perc2hib - ok
06:54:31.0390 5048 PhTVTune (94e7f6107c70251059ae4d01b1d76124) C:\windows\system32\DRIVERS\PhTVTune.sys
06:54:31.0437 5048 PhTVTune - ok
06:54:31.0546 5048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
06:54:31.0781 5048 PptpMiniport - ok
06:54:31.0875 5048 Processor (2cb55427c58679f49ad600fccba76360) C:\windows\system32\DRIVERS\processr.sys
06:54:32.0015 5048 Processor - ok
06:54:32.0062 5048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
06:54:32.0218 5048 PSched - ok
06:54:32.0265 5048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
06:54:32.0437 5048 Ptilink - ok
06:54:32.0531 5048 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\windows\system32\Drivers\PxHelp20.sys
06:54:32.0531 5048 PxHelp20 - ok
06:54:32.0562 5048 ql1080 - ok
06:54:32.0671 5048 Ql10wnt - ok
06:54:32.0703 5048 ql12160 - ok
06:54:32.0734 5048 ql1240 - ok
06:54:32.0765 5048 ql1280 - ok
06:54:32.0828 5048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
06:54:32.0968 5048 RasAcd - ok
06:54:33.0046 5048 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\windows\system32\DRIVERS\rasirda.sys
06:54:33.0218 5048 Rasirda - ok
06:54:33.0328 5048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
06:54:33.0468 5048 Rasl2tp - ok
06:54:33.0515 5048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
06:54:33.0640 5048 RasPppoe - ok
06:54:33.0718 5048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
06:54:33.0890 5048 Raspti - ok
06:54:33.0984 5048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
06:54:34.0125 5048 Rdbss - ok
06:54:34.0218 5048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
06:54:34.0375 5048 RDPCDD - ok
06:54:34.0453 5048 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys
06:54:34.0609 5048 rdpdr - ok
06:54:34.0703 5048 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\windows\system32\drivers\RDPWD.sys
06:54:34.0765 5048 RDPWD - ok
06:54:34.0843 5048 redbook (ed761d453856f795a7fe056e42c36365) C:\windows\system32\DRIVERS\redbook.sys
06:54:34.0984 5048 redbook - ok
06:54:35.0093 5048 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
06:54:35.0171 5048 RMCAST - ok
06:54:35.0250 5048 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\windows\system32\Drivers\RootMdm.sys
06:54:35.0390 5048 ROOTMODEM - ok
06:54:35.0468 5048 RsvLock (874ed329b959e7ca77168fd0f1b837e2) C:\windows\system32\drivers\RsvLock.sys
06:54:35.0484 5048 RsvLock ( UnsignedFile.Multi.Generic ) - warning
06:54:35.0484 5048 RsvLock - detected UnsignedFile.Multi.Generic (1)
06:54:35.0593 5048 SafeBoot (bf2d1bc0649aedbe8caa47d2f89e8d47) C:\windows\system32\drivers\SafeBoot.sys
06:54:35.0593 5048 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: bf2d1bc0649aedbe8caa47d2f89e8d47
06:54:35.0593 5048 SafeBoot ( LockedFile.Multi.Generic ) - warning
06:54:35.0593 5048 SafeBoot - detected LockedFile.Multi.Generic (1)
06:54:35.0640 5048 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\windows\system32\drivers\SbAlg.sys
06:54:35.0656 5048 SbAlg ( UnsignedFile.Multi.Generic ) - warning
06:54:35.0656 5048 SbAlg - detected UnsignedFile.Multi.Generic (1)
06:54:35.0703 5048 SbFsLock (df4a90b29b878e8cd95a1ac8f94ca954) C:\windows\system32\drivers\SbFsLock.sys
06:54:35.0718 5048 SbFsLock - ok
06:54:35.0796 5048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
06:54:35.0937 5048 Secdrv - ok
06:54:36.0046 5048 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\windows\system32\DRIVERS\serenum.sys
06:54:36.0203 5048 serenum - ok
06:54:36.0281 5048 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\windows\system32\DRIVERS\serial.sys
06:54:36.0421 5048 Serial - ok
06:54:36.0484 5048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\DRIVERS\sfloppy.sys
06:54:36.0609 5048 Sfloppy - ok
06:54:36.0656 5048 Simbad - ok
06:54:36.0703 5048 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
06:54:36.0859 5048 SLIP - ok
06:54:36.0953 5048 SMCIRDA (d03a4cdb1b089e3f6c23501339506e5e) C:\windows\system32\DRIVERS\smcirda.sys
06:54:37.0031 5048 SMCIRDA - ok
06:54:37.0109 5048 Sparrow - ok
06:54:37.0187 5048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
06:54:37.0328 5048 splitter - ok
06:54:37.0375 5048 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\windows\system32\DRIVERS\sr.sys
06:54:37.0500 5048 sr - ok
06:54:37.0609 5048 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
06:54:37.0718 5048 Srv - ok
06:54:37.0875 5048 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
06:54:37.0890 5048 ssmdrv - ok
06:54:38.0000 5048 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\windows\system32\DRIVERS\irstusb.sys
06:54:38.0109 5048 STIrUsb - ok
06:54:38.0203 5048 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
06:54:38.0437 5048 streamip - ok
06:54:38.0562 5048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
06:54:38.0687 5048 swenum - ok
06:54:38.0765 5048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
06:54:38.0906 5048 swmidi - ok
06:54:38.0953 5048 symc810 - ok
06:54:38.0984 5048 symc8xx - ok
06:54:39.0015 5048 sym_hi - ok
06:54:39.0109 5048 sym_u3 - ok
06:54:39.0187 5048 SynTP (5876072999220ef2fba1ddec86d2b97e) C:\windows\system32\DRIVERS\SynTP.sys
06:54:39.0234 5048 SynTP - ok
06:54:39.0343 5048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
06:54:39.0484 5048 sysaudio - ok
06:54:39.0578 5048 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
06:54:39.0640 5048 Tcpip - ok
06:54:39.0734 5048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
06:54:39.0875 5048 TDPIPE - ok
06:54:39.0968 5048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
06:54:40.0109 5048 TDTCP - ok
06:54:40.0156 5048 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
06:54:40.0296 5048 TermDD - ok
06:54:40.0343 5048 TosIde - ok
06:54:40.0390 5048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
06:54:40.0531 5048 Udfs - ok
06:54:40.0625 5048 ultra - ok
06:54:40.0734 5048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
06:54:40.0906 5048 Update - ok
06:54:40.0984 5048 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\windows\system32\DRIVERS\usbser_lowerflt.sys
06:54:41.0031 5048 upperdev - ok
06:54:41.0109 5048 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
06:54:41.0171 5048 USBAAPL - ok
06:54:41.0312 5048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
06:54:41.0453 5048 usbccgp - ok
06:54:41.0531 5048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
06:54:41.0671 5048 usbehci - ok
06:54:41.0734 5048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
06:54:41.0875 5048 usbhub - ok
06:54:42.0000 5048 usbohci (0daecce65366ea32b162f85f07c6753b) C:\windows\system32\DRIVERS\usbohci.sys
06:54:42.0140 5048 usbohci - ok
06:54:42.0203 5048 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
06:54:42.0343 5048 usbprint - ok
06:54:42.0421 5048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
06:54:42.0562 5048 usbscan - ok
06:54:42.0625 5048 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\windows\system32\drivers\usbser.sys
06:54:42.0781 5048 usbser - ok
06:54:42.0937 5048 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\windows\system32\DRIVERS\usbser_lowerfltj.sys
06:54:43.0000 5048 UsbserFilt - ok
06:54:43.0078 5048 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
06:54:43.0218 5048 USBSTOR - ok
06:54:43.0281 5048 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys
06:54:43.0421 5048 usbuhci - ok
06:54:43.0546 5048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
06:54:43.0687 5048 VgaSave - ok
06:54:43.0718 5048 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\windows\system32\DRIVERS\viaide.sys
06:54:43.0843 5048 ViaIde - ok
06:54:43.0890 5048 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\windows\system32\drivers\VolSnap.sys
06:54:44.0046 5048 VolSnap - ok
06:54:44.0109 5048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
06:54:44.0250 5048 Wanarp - ok
06:54:44.0375 5048 wceusbsh (dc7f91b2ed24a738c807ea07f298928c) C:\windows\system32\DRIVERS\wceusbsh.sys
06:54:44.0406 5048 wceusbsh - ok
06:54:44.0500 5048 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\windows\system32\Drivers\wdf01000.sys
06:54:44.0531 5048 Wdf01000 - ok
06:54:44.0609 5048 WDICA - ok
06:54:44.0765 5048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
06:54:45.0000 5048 wdmaud - ok
06:54:45.0062 5048 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\windows\system32\DRIVERS\wmiacpi.sys
06:54:45.0203 5048 WmiAcpi - ok
06:54:45.0281 5048 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\windows\system32\DRIVERS\wpdusb.sys
06:54:45.0406 5048 WpdUsb - ok
06:54:45.0562 5048 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
06:54:45.0718 5048 WS2IFSL - ok
06:54:45.0796 5048 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
06:54:45.0968 5048 WSTCODEC - ok
06:54:46.0046 5048 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\windows\system32\DRIVERS\WudfPf.sys
06:54:46.0093 5048 WudfPf - ok
06:54:46.0234 5048 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\wudfrd.sys
06:54:46.0265 5048 WudfRd - ok
06:54:46.0312 5048 MBR (0x1B8) (4f02a8d4048a138c450ed7f867eb0144) \Device\Harddisk0\DR0
06:54:46.0656 5048 \Device\Harddisk0\DR0 - ok
06:54:46.0656 5048 Boot (0x1200) (705491fb1a45a2e3c7a0bfd6812d4222) \Device\Harddisk0\DR0\Partition0
06:54:46.0656 5048 \Device\Harddisk0\DR0\Partition0 - ok
06:54:46.0656 5048 Boot (0x1200) (c025b8cd252fdfa762e72b452f243ced) \Device\Harddisk0\DR0\Partition1
06:54:46.0671 5048 \Device\Harddisk0\DR0\Partition1 - ok
06:54:46.0671 5048 ============================================================
06:54:46.0671 5048 Scan finished
06:54:46.0671 5048 ============================================================
06:54:46.0781 3992 Detected object count: 5
06:54:46.0781 3992 Actual detected object count: 5
06:55:11.0062 3992 libusb0 ( UnsignedFile.Multi.Generic ) - skipped by user
06:55:11.0062 3992 libusb0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:55:11.0062 3992 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
06:55:11.0062 3992 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:55:11.0078 3992 RsvLock ( UnsignedFile.Multi.Generic ) - skipped by user
06:55:11.0078 3992 RsvLock ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:55:11.0078 3992 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
06:55:11.0078 3992 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
06:55:11.0078 3992 SbAlg ( UnsignedFile.Multi.Generic ) - skipped by user
06:55:11.0078 3992 SbAlg ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:55:17.0140 5356 Deinitialize success
|
|
29.12.2011, 16:09
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2011, 16:29
| #21 |
| | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Die Installation der Wiederherstellungskonsole bricht ab. Meldung "Bootpartition konnte nicht enummeriert werden" Combofix Logfile: Code:
ATTFilter ComboFix 11-12-25.03 - Administrator 29.12.2011 16:15:36.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1919.1128 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-29 ))))))))))))))))))))))))))))))
.
.
2011-12-28 21:37 . 2011-12-28 21:37 114688 ----a-w- c:\windows\system32\chg.exe
2011-12-28 21:25 . 2011-12-28 21:25 -------- d-----w- C:\_OTL
2011-12-26 17:17 . 2011-12-26 17:22 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-12-26 17:17 . 2011-12-26 17:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2011-12-26 17:06 . 2011-12-26 17:07 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-12-26 17:06 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-26 12:50 . 2011-12-26 12:50 -------- d-----w- c:\programme\ESET
2011-12-26 12:05 . 2011-12-26 12:05 -------- d--h--w- c:\dokumente und einstellungen\Administrator\Druckumgebung
2011-12-26 11:35 . 2011-12-26 11:35 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2011-12-26 11:14 . 2011-12-26 11:14 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\TestApp
2011-12-25 22:46 . 2011-12-26 11:57 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2011-12-25 22:46 . 2011-12-25 22:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2011-12-25 22:46 . 2011-12-25 22:46 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\PC Tools
2011-12-25 22:04 . 2011-12-25 22:04 94896 ----a-w- c:\windows\system32\drivers\99128409.sys
2011-12-25 21:52 . 2011-12-25 21:52 94896 ----a-w- c:\windows\system32\drivers\78121793.sys
2011-12-25 21:41 . 2011-12-25 21:41 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-25 21:21 . 2011-12-25 21:21 94896 ----a-w- c:\windows\system32\drivers\11120164.sys
2011-12-25 20:06 . 2011-12-25 20:06 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2011-12-25 20:05 . 2011-12-25 20:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-25 19:52 . 2011-12-26 10:46 -------- d-----w- c:\windows\system32\NtmsData
2011-12-25 19:20 . 2011-12-25 19:22 -------- dc-h--w- c:\windows\ie8
2011-12-25 18:56 . 2011-12-25 18:56 -------- d-----w- c:\programme\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 21:02 . 2011-06-10 15:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2004-08-04 08:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-04 08:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2004-08-04 08:00 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2010-07-23 13:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2007-07-27 00:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2007-11-18 16:21 . 2007-11-18 16:21 2293848 ----a-w- c:\programme\FLV PlayerFCSetup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-26_12.24.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-26 12:17 . 2011-12-26 12:17 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
+ 2011-12-28 21:37 . 2011-12-28 21:37 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 76354 c:\windows\system32\perfc009.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 76354 c:\windows\system32\perfc009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 90670 c:\windows\system32\perfc007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 90670 c:\windows\system32\perfc007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 456910 c:\windows\system32\perfh009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 456910 c:\windows\system32\perfh009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 477896 c:\windows\system32\perfh007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 477896 c:\windows\system32\perfh007.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PDF Complete"="c:\programme\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"QlbCtrl"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"HP Software Update"="c:\programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"Cpqset"="c:\programme\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="c:\programme\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 188416]
"TVBroadcast"="c:\programme\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\programme\InterVideo\DVD Check\DVDCheck.exe [2007-11-10 192512]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=
"c:\\Programme\\FRITZ!fax\\FriFax32.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [07.02.2007 10:22 100495]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [09.10.2006 12:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [29.03.2007 15:54 13696]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [07.02.2007 10:23 5808]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [28.08.2008 16:05 108768]
R2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]
R2 HpFkCryptService;Drive Encryption Service;c:\programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [29.03.2007 16:50 221184]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [26.12.2011 18:07 366152]
R2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [27.07.2007 00:58 540448]
R2 srvcPVR;Sceneo PVR Service;c:\programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe [25.11.2007 14:02 1681408]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19.09.2006 17:58 36608]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [10.03.2011 17:24 28160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.12.2011 18:06 22216]
S2 gupdate1ca09ec5bbd2fdc;Google Update Service (gupdate1ca09ec5bbd2fdc);c:\programme\Google\Update\GoogleUpdate.exe [21.07.2009 11:16 133104]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [23.07.2007 15:07 1223008]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [21.07.2009 11:16 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.11.2008 17:09 47360]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [10.11.2007 19:33 24704]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 56806176
*NewlyCreated* - 97462309
*Deregistered* - 56806176
*Deregistered* - 97462309
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-21 10:16]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-21 10:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Translate this web page with Babylon - c:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: onlinetvrecorder.com\www
Trusted Zone: tuev-nord.de\webmail
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-McDonald's Fairies - c:\programme\McDonaldsFairies\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-29 16:22
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programme\Hewlett-Packard\Default Settings\cpqset.exe? ??????????T??????????????|?M?|?????M?|&?@
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3055690752-176306364-2229275396-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,39,a4,e8,63,d0,65,4c,92,a9,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,39,a4,e8,63,d0,65,4c,92,a9,fc,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"70403E1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\APSHook.dll
c:\windows\system32\Ati2evxx.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programme\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\programme\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programme\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\ItMsg.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\programme\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\BioAuth.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\programme\Hewlett-Packard\IAM\Bin\ittal.dll
c:\programme\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\programme\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\AuthWiz.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\APSHook.dll
c:\windows\SbHpNp.dll
.
Zeit der Fertigstellung: 2011-12-29 16:24:47
ComboFix-quarantined-files.txt 2011-12-29 15:24
ComboFix2.txt 2011-12-26 12:30
.
Vor Suchlauf: 30 Verzeichnis(se), 29.288.861.696 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 29.257.924.608 Bytes frei
.
- - End Of File - - 7CF0B1D86E8C55DE62DFC105C25732C8
Quarantained files Code:
ATTFilter 2011-12-26 12:40:03 . 2011-12-26 18:51:05 19,456 ----a-w- C:\Qoobox\Quarantine\C\Thumbs.db.vir
2011-12-26 12:29:57 . 2011-12-26 12:29:57 816 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Windows CE Services.reg.dat
2011-12-26 12:29:57 . 2011-12-26 12:29:57 532 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Microsoft Interactive Training.reg.dat
2011-12-26 12:29:57 . 2011-12-26 12:29:57 684 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-FRITZ!fax.reg.dat
2011-12-26 12:29:57 . 2011-12-26 12:29:57 692 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-FRITZ!DSL.reg.dat
2011-12-26 12:29:51 . 2011-12-26 12:29:51 210 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_ActiveSetup-ccc-core-static.reg.dat
2011-12-26 12:29:49 . 2011-12-26 12:29:49 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat
2011-12-26 12:29:49 . 2011-12-26 12:29:49 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat
2011-12-26 12:23:57 . 2004-04-30 14:01:00 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2011-12-26 12:12:55 . 2011-12-29 15:20:21 9,528 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-26 12:06:02 . 2011-12-29 15:14:04 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-02-04 14:12:36 . 2009-02-04 14:12:36 99,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET1C.tmp.vir
2009-01-30 19:35:54 . 2009-01-30 19:35:54 133,632 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET82.tmp.vir
2009-01-30 19:34:02 . 2009-01-30 19:34:02 254,976 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET72.tmp.vir
2009-01-30 19:34:02 . 2009-01-30 19:34:02 166,912 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET74.tmp.vir
2009-01-30 19:33:48 . 2009-01-30 19:33:48 212,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET4D.tmp.vir
2008-12-11 16:56:47 . 1996-11-06 11:05:10 302,592 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\unin0407.exe.vir
1998-11-17 06:44:44 . 1998-11-17 11:44:44 328,704 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\IsUn0407.exe.vir
|
|
29.12.2011, 17:14
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Wir brauchen die Wiederherstellungskonsole: Gehe auf die Microsoft Seite => http://support.microsoft.com/?scid=kb%3Bde%3B310994&x=21&y=12 Wähle den Download, der für dein Betriebssystem bestimmt ist: Hinweis: Für WinXP Sp3 wähle die Sp2 Version.  Lade die Datei herunter und speichere diese mit dem original Namen, neben ComboFix.exe ab (bzw. cofi.exe wenn umbenannt)  Nun schließe alle offenen Programme und Fenster, inklusive der Antiviren und Antimalware Programme. Dies ist notwendig, damit kein Program den Suchlauf von ComboFix behindert.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.12.2011, 18:34
| #23 |
| | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Selber Fehler "Bootpartition kann nicht richtig enummeriert werden" [code] Combofix Logfile: Code:
ATTFilter ComboFix 11-12-29.04 - Administrator 29.12.2011 18:24:56.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1919.1027 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Administrator\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-29 ))))))))))))))))))))))))))))))
.
.
2011-12-28 21:37 . 2011-12-28 21:37 114688 ----a-w- c:\windows\system32\chg.exe
2011-12-28 21:25 . 2011-12-28 21:25 -------- d-----w- C:\_OTL
2011-12-26 17:17 . 2011-12-26 17:22 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-12-26 17:17 . 2011-12-26 17:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2011-12-26 17:06 . 2011-12-26 17:07 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-12-26 17:06 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-26 12:50 . 2011-12-26 12:50 -------- d-----w- c:\programme\ESET
2011-12-26 12:05 . 2011-12-26 12:05 -------- d--h--w- c:\dokumente und einstellungen\Administrator\Druckumgebung
2011-12-26 11:35 . 2011-12-26 11:35 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2011-12-26 11:14 . 2011-12-26 11:14 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\TestApp
2011-12-25 22:46 . 2011-12-26 11:57 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2011-12-25 22:46 . 2011-12-25 22:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2011-12-25 22:46 . 2011-12-25 22:46 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\PC Tools
2011-12-25 22:04 . 2011-12-25 22:04 94896 ----a-w- c:\windows\system32\drivers\99128409.sys
2011-12-25 21:52 . 2011-12-25 21:52 94896 ----a-w- c:\windows\system32\drivers\78121793.sys
2011-12-25 21:41 . 2011-12-25 21:41 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-25 21:21 . 2011-12-25 21:21 94896 ----a-w- c:\windows\system32\drivers\11120164.sys
2011-12-25 20:06 . 2011-12-25 20:06 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2011-12-25 20:05 . 2011-12-25 20:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-25 19:52 . 2011-12-26 10:46 -------- d-----w- c:\windows\system32\NtmsData
2011-12-25 19:20 . 2011-12-25 19:22 -------- dc-h--w- c:\windows\ie8
2011-12-25 18:56 . 2011-12-25 18:56 -------- d-----w- c:\programme\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 21:02 . 2011-06-10 15:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2004-08-04 08:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-04 08:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2004-08-04 08:00 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2010-07-23 13:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2007-07-27 00:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2007-11-18 16:21 . 2007-11-18 16:21 2293848 ----a-w- c:\programme\FLV PlayerFCSetup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-26_12.24.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-26 12:17 . 2011-12-26 12:17 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
+ 2011-12-28 21:37 . 2011-12-28 21:37 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 76354 c:\windows\system32\perfc009.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 76354 c:\windows\system32\perfc009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 90670 c:\windows\system32\perfc007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 90670 c:\windows\system32\perfc007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 456910 c:\windows\system32\perfh009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 456910 c:\windows\system32\perfh009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 477896 c:\windows\system32\perfh007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 477896 c:\windows\system32\perfh007.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PDF Complete"="c:\programme\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"QlbCtrl"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"HP Software Update"="c:\programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"Cpqset"="c:\programme\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="c:\programme\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 188416]
"TVBroadcast"="c:\programme\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\programme\InterVideo\DVD Check\DVDCheck.exe [2007-11-10 192512]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=
"c:\\Programme\\FRITZ!fax\\FriFax32.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [07.02.2007 10:22 100495]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [09.10.2006 12:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [29.03.2007 15:54 13696]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [07.02.2007 10:23 5808]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [28.08.2008 16:05 108768]
R2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]
R2 HpFkCryptService;Drive Encryption Service;c:\programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [29.03.2007 16:50 221184]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [26.12.2011 18:07 366152]
R2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [27.07.2007 00:58 540448]
R2 srvcPVR;Sceneo PVR Service;c:\programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe [25.11.2007 14:02 1681408]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19.09.2006 17:58 36608]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [10.03.2011 17:24 28160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.12.2011 18:06 22216]
S2 gupdate1ca09ec5bbd2fdc;Google Update Service (gupdate1ca09ec5bbd2fdc);c:\programme\Google\Update\GoogleUpdate.exe [21.07.2009 11:16 133104]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [23.07.2007 15:07 1223008]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [21.07.2009 11:16 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.11.2008 17:09 47360]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [10.11.2007 19:33 24704]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 56806176
*NewlyCreated* - 97462309
*Deregistered* - 56806176
*Deregistered* - 97462309
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-21 10:16]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-21 10:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Translate this web page with Babylon - c:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: onlinetvrecorder.com\www
Trusted Zone: tuev-nord.de\webmail
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-McDonald's Fairies - c:\programme\McDonaldsFairies\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-29 18:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programme\Hewlett-Packard\Default Settings\cpqset.exe? ??????????T??????????????|?M?|?????M?|&?@
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3055690752-176306364-2229275396-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,39,a4,e8,63,d0,65,4c,92,a9,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,39,a4,e8,63,d0,65,4c,92,a9,fc,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"70403E1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\APSHook.dll
c:\windows\system32\Ati2evxx.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programme\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\programme\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programme\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\ItMsg.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\programme\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\BioAuth.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\programme\Hewlett-Packard\IAM\Bin\ittal.dll
c:\programme\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\programme\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\AuthWiz.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\APSHook.dll
c:\windows\SbHpNp.dll
.
- - - - - - - > 'explorer.exe'(2448)
c:\windows\system32\APSHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2011-12-29 18:31:40
ComboFix-quarantined-files.txt 2011-12-29 17:31
ComboFix2.txt 2011-12-29 15:24
ComboFix3.txt 2011-12-26 12:30
.
Vor Suchlauf: 30 Verzeichnis(se), 29.261.410.304 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 29.229.158.400 Bytes frei
.
- - End Of File - - D96C1838E40511B3BA784C5F6F85DF73
|
|
29.12.2011, 23:25
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\windows\system32\chg.exe
c:\windows\system32\drivers\99128409.sys
c:\windows\system32\drivers\78121793.sys
c:\windows\system32\drivers\11120164.sys
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2011, 07:44
| #25 |
| | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Combofix Logfile: Code:
ATTFilter ComboFix 11-12-29.05 - Administrator 30.12.2011 7:20.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1919.1062 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Administrator\Desktop\CFScript.txt
.
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
FILE ::
"c:\windows\system32\chg.exe"
"c:\windows\system32\drivers\11120164.sys"
"c:\windows\system32\drivers\78121793.sys"
"c:\windows\system32\drivers\99128409.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\chg.exe
c:\windows\system32\drivers\11120164.sys
c:\windows\system32\drivers\78121793.sys
c:\windows\system32\drivers\99128409.sys
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-28 bis 2011-12-30 ))))))))))))))))))))))))))))))
.
.
2011-12-28 21:25 . 2011-12-28 21:25 -------- d-----w- C:\_OTL
2011-12-26 17:17 . 2011-12-26 17:22 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-12-26 17:17 . 2011-12-26 17:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2011-12-26 17:06 . 2011-12-26 17:07 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-12-26 17:06 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-26 12:50 . 2011-12-26 12:50 -------- d-----w- c:\programme\ESET
2011-12-26 12:05 . 2011-12-26 12:05 -------- d--h--w- c:\dokumente und einstellungen\Administrator\Druckumgebung
2011-12-26 11:35 . 2011-12-26 11:35 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2011-12-26 11:14 . 2011-12-26 11:14 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\TestApp
2011-12-25 22:46 . 2011-12-26 11:57 -------- d-----w- c:\programme\Gemeinsame Dateien\PC Tools
2011-12-25 22:46 . 2011-12-25 22:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2011-12-25 22:46 . 2011-12-25 22:46 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\PC Tools
2011-12-25 21:41 . 2011-12-25 21:41 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-25 20:06 . 2011-12-25 20:06 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2011-12-25 20:05 . 2011-12-25 20:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-25 19:52 . 2011-12-26 10:46 -------- d-----w- c:\windows\system32\NtmsData
2011-12-25 19:20 . 2011-12-25 19:22 -------- dc-h--w- c:\windows\ie8
2011-12-25 18:56 . 2011-12-25 18:56 -------- d-----w- c:\programme\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-26 21:02 . 2011-06-10 15:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 14:40 . 2004-08-04 08:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:13 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 08:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-04 08:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:49 . 2004-08-04 08:00 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 04:06 . 2010-07-23 13:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 01:37 . 2007-07-27 00:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2007-11-18 16:21 . 2007-11-18 16:21 2293848 ----a-w- c:\programme\FLV PlayerFCSetup.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-26_12.24.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-26 12:17 . 2011-12-26 12:17 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
+ 2011-12-28 21:37 . 2011-12-28 21:37 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 76354 c:\windows\system32\perfc009.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 76354 c:\windows\system32\perfc009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 90670 c:\windows\system32\perfc007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 90670 c:\windows\system32\perfc007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 456910 c:\windows\system32\perfh009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 456910 c:\windows\system32\perfh009.dat
- 2004-08-07 06:04 . 2011-12-24 15:02 477896 c:\windows\system32\perfh007.dat
+ 2004-08-07 06:04 . 2011-12-28 21:25 477896 c:\windows\system32\perfh007.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"PDF Complete"="c:\programme\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\programme\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"QlbCtrl"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-02 163840]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"HP Software Update"="c:\programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"Cpqset"="c:\programme\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"WatchDog"="c:\programme\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-08 188416]
"TVBroadcast"="c:\programme\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe" [2007-08-07 797696]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\programme\InterVideo\DVD Check\DVDCheck.exe [2007-11-10 192512]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
CCC.lnk - c:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Programme\\Microsoft ActiveSync\\WcesMgr.exe"=
"c:\\Programme\\FRITZ!fax\\FriFax32.exe"=
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [07.02.2007 10:22 100495]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [09.10.2006 12:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [29.03.2007 15:54 13696]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [07.02.2007 10:23 5808]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [28.08.2008 16:05 108768]
R2 ASBroker;Anmeldesitzungsbroker;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]
R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]
R2 HpFkCryptService;Drive Encryption Service;c:\programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [29.03.2007 16:50 221184]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [26.12.2011 18:07 366152]
R2 pdfcDispatcher;PDF Document Manager;c:\programme\PDF Complete\pdfsvc.exe [27.07.2007 00:58 540448]
R2 srvcPVR;Sceneo PVR Service;c:\programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe [25.11.2007 14:02 1681408]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [19.09.2006 17:58 36608]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [10.03.2011 17:24 28160]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.12.2011 18:06 22216]
S2 gupdate1ca09ec5bbd2fdc;Google Update Service (gupdate1ca09ec5bbd2fdc);c:\programme\Google\Update\GoogleUpdate.exe [21.07.2009 11:16 133104]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [23.07.2007 15:07 1223008]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [21.07.2009 11:16 133104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [17.11.2008 17:09 47360]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\drivers\PhTVTune.sys [10.11.2007 19:33 24704]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 56806176
*NewlyCreated* - 97462309
*Deregistered* - 56806176
*Deregistered* - 97462309
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-21 10:16]
.
2011-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-21 10:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Translate this web page with Babylon - c:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: onlinetvrecorder.com\www
Trusted Zone: tuev-nord.de\webmail
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-McDonald's Fairies - c:\programme\McDonaldsFairies\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-30 07:26
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programme\Hewlett-Packard\Default Settings\cpqset.exe? ??????????T??????????????|?M?|?????M?|&?@
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="c:\programme\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3055690752-176306364-2229275396-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,39,a4,e8,63,d0,65,4c,92,a9,fc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,39,a4,e8,63,d0,65,4c,92,a9,fc,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"70403E1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1008)
c:\windows\system32\APSHook.dll
c:\windows\system32\Ati2evxx.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\programme\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\programme\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\programme\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\HPBrand.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\ItMsg.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItDAC.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\programme\Hewlett-Packard\IAM\Bin\BioAuth.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\BioAuth.dll
c:\programme\Hewlett-Packard\IAM\Bin\ASBIoAT.dll
c:\programme\Hewlett-Packard\IAM\Bin\ittal.dll
c:\programme\Hewlett-Packard\IAM\Bin\STEngine.dll
c:\programme\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\programme\Hewlett-Packard\IAM\Bin\AuthWiz.dll
c:\programme\Hewlett-Packard\IAM\bin\DEU\AuthWiz.dll
.
- - - - - - - > 'lsass.exe'(1068)
c:\windows\system32\APSHook.dll
c:\windows\SbHpNp.dll
.
Zeit der Fertigstellung: 2011-12-30 07:28:06
ComboFix-quarantined-files.txt 2011-12-30 06:28
ComboFix2.txt 2011-12-29 17:31
ComboFix3.txt 2011-12-29 15:24
ComboFix4.txt 2011-12-26 12:30
.
Vor Suchlauf: 30 Verzeichnis(se), 29.243.707.392 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 29.210.714.112 Bytes frei
.
- - End Of File - - 6E321CC797089D35A0091CCBB220ECA9
|
|
30.12.2011, 18:28
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2011, 19:45
| #27 |
| | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Ist hochgeladen. |
|
30.12.2011, 19:48
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.12.2011, 21:38
| #29 |
| | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 So, gmer läuft nicht durch. OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:35:30 on 30.12.2011 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Bioscrypt Inc." - C:\WINDOWS\system32\APSHook.dll [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "accelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\windows\system32\accelerometercp.CPL "btcpl.cpl" - "Broadcom Corporation." - C:\windows\system32\btcpl.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\windows\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\windows\system32\javacpl.cpl "mbllnk.cpl" - "AvantGo, Inc." - C:\windows\system32\mbllnk.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Accelerometer" - "Hewlett-Packard Corporation" - C:\windows\system32\accelerometercp.cpl "Avira AntiVir Personal - Free Antivirus " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl (File not found) "Avira AntiVir PersonalEdition Classic " - ? - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl (File not found) "CognizanceWS" - "Cognizance Corporation" - C:\PROGRA~1\HEWLET~1\IAM\Bin\Settings.dll "HPWACpl" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Wireless Assistant\WACntlPnl.cpl "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL "PTHOST.CPL" - " Hewlett-Packard Development Company, L.P" - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOST.CPL "QlbConfig" - " Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbConfg.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV08.sys "catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\windows\system32\drivers\Changer.sys (File not found) "i2omgmt" (i2omgmt) - ? - C:\windows\system32\drivers\i2omgmt.sys (File not found) "kwtdakob" (kwtdakob) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kwtdakob.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\windows\system32\drivers\lbrtfdc.sys (File not found) "LibUsb-Win32 - Kernel Driver, Version 0.1.12.2" (libusb0) - "hxxp://libusb-win32.sourceforge.net" - C:\windows\System32\drivers\libusb0.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys "mbr" (mbr) - ? - C:\ComboFix\mbr.sys (Hidden registry entry, rootkit activity | File not found) "MotCcgpFlService" (motccgpfl) - ? - C:\windows\System32\DRIVERS\motccgpfl.sys (File not found) "Motorola USB CDC ACM Driver" (motmodem) - ? - C:\windows\System32\DRIVERS\motmodem.sys (File not found) "Motorola USB Composite Device Driver" (motccgp) - ? - C:\windows\System32\DRIVERS\motccgp.sys (File not found) "Motorola USB Dev Driver" (motusbdevice) - ? - C:\windows\System32\DRIVERS\motusbdevice.sys (File not found) "Motorola USB Networking Driver Service" (Motousbnet) - ? - C:\windows\System32\DRIVERS\Motousbnet.sys (File not found) "MotoSwitch Service" (MotoSwitchService) - ? - C:\windows\System32\DRIVERS\motswch.sys (File not found) "PCIDump" (PCIDump) - ? - C:\windows\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\windows\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\windows\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\windows\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\windows\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\windows\System32\Drivers\PxHelp20.sys "RsvLock" (RsvLock) - "SafeBoot International" - C:\windows\system32\drivers\RsvLock.sys "SafeBoot" (SafeBoot) - "SafeBoot International" - C:\windows\system32\drivers\SafeBoot.sys (File is exclusively opened, access blocked) "SbAlg" (SbAlg) - "SafeBoot N.V." - C:\windows\system32\drivers\SbAlg.sys "SbFsLock" (SbFsLock) - "SafeBoot International" - C:\windows\system32\drivers\SbFsLock.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys "USB Networking Driver Filter Service" (BTCFilterService) - ? - C:\windows\System32\DRIVERS\motfilt.sys (File not found) "VSO Software pcouffin" (pcouffin) - "VSO Software" - C:\windows\System32\Drivers\pcouffin.sys "WDICA" (WDICA) - ? - C:\windows\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\windows\system32\Rundll32.exe c:\windows\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\windows\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\windows\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\windows\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {CF184AD3-CDCB-4168-A3F7-8E447D129300} "CZipHandler Object" - "Hewlett-Packard Company" - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {d7b95390-b1c5-11d0-b111-0080c712fe82} "mctp: Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\aatp.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll {34F4B935-17DC-4885-8BC9-CCD1ADF42F93} "CISORecorderContextMenu Object" - "Alex Feinman" - C:\Programme\Alex Feinman\ISO Recorder\ISORecorder.dll {2AA59FC0-31E8-42DA-9D3C-E9A52953853B} "CopyToCD shell extension" - ? - (File not found | COM-object registry key not found) {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {B28C18DB-6816-4F31-9630-397683E3C2C3} "Filzip Shell Extension" - ? - C:\Programme\Filzip\fzshext.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\windows\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {BC476F4C-D9D7-4100-8D4E-E043F6DEC409} "Microsoft Browser Architecture" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - ? - (File not found | COM-object registry key not found) {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - ? - (File not found | COM-object registry key not found) {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - ? - (File not found | COM-object registry key not found) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "SampleView" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\windows\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\windows\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {E0D79300-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll {E0D79301-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll {E0D79302-84BE-11CE-9641-444553540000} "WinZip" - ? - C:\PROGRA~1\WinZip\wzshlext.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL Sldworks Shell Extension "{3AFCEAFB-FFC5-403D-AD33-5914AB4B7ECC}" - ? - (File not found | COM-object registry key not found) XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\INetRepl.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - ? - (File not found | COM-object registry key not found) {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Mobilen Favoriten erstellen" - "Microsoft Corporation" - C:\Programme\Microsoft ActiveSync\INetRepl.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL "Translate this web page with Babylon" - ? - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) {53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - ? - (File not found | COM-object registry key not found) {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} "{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}" - ? - (File not found | COM-object registry key not found) {DF21F1DB-80C6-11D3-9483-B03D0EC10000} "{DF21F1DB-80C6-11D3-9483-B03D0EC10000}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "SafeBoot International" - C:\windows\SbHpNp.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "DVD Check.lnk" - "InterVideo Inc." - C:\Programme\InterVideo\DVD Check\DVDCheck.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" "LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden "PC Suite Tray" - "Nokia" - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray "StartCCC" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AccelerometerSysTrayApplet" - "Hewlett-Packard Corporation" - C:\WINDOWS\system32\AccelerometerSt.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe "CognizanceTS" - "Cognizance Corporation" - rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule "Cpqset" - ? - C:\Programme\Hewlett-Packard\Default Settings\cpqset.exe (File found, but it contains no detailed information) "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "HP Component Manager" - "Hewlett-Packard Company" - "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update" - "Hewlett-Packard" - "C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe" "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PDF Complete" - "PDF Complete Inc" - "C:\Programme\PDF Complete\pdfsty.exe" "PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start "QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "Recguard" - ? - C:\WINDOWS\Sminst\Recguard.exe "Reminder" - ? - C:\WINDOWS\Creator\Remind_XP.exe "Scheduler" - ? - C:\WINDOWS\SMINST\Scheduler.exe "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TVBroadcast" - "ODSoft multimedia" - C:\Programme\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe "WatchDog" - "InterVideo Inc." - C:\Programme\InterVideo\DVD Check\DVDCheck.exe [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Credential Manager" - "Cognizance Corporation" - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "HP FVE Network Provider" - "SafeBoot International" - c:\WINDOWS\SbHpNp.DLL [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\windows\system32\avmprmon.dll "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\windows\system32\bthcrp.dll "FRITZ!fax Color Port Monitor" - "AVM Berlin GmbH" - C:\windows\system32\FritzColorPort.dll "FRITZ!fax Port Monitor" - "AVM Berlin GmbH" - C:\windows\system32\FritzPort.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\windows\system32\mdimon.dll "PDFC" - "PDF Complete, Inc." - C:\windows\system32\pdfc_port.dll "Redirected Port" - ? - C:\windows\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anmeldesitzungsbroker" (ASBroker) - "Cognizance Corporation" - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe "AVM IGD CTRL Service" (AVM IGD CTRL Service) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "Drive Encryption Service" (HpFkCryptService) - "SafeBoot International" - c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe "Google Update Service (gupdate1ca09ec5bbd2fdc)" (gupdate1ca09ec5bbd2fdc) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe "Imapi Helper" (Imapi Helper) - "Alex Feinman" - C:\Programme\Alex Feinman\ISO Recorder\ImapiHelper.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Lokaler Verbindungskanal" (ASChannel) - "Cognizance Corporation" - C:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "PC Angel" (PCA) - "SoftThinks" - C:\WINDOWS\SMINST\PCAngel.exe "PDF Document Manager" (pdfcDispatcher) - "PDF Complete Inc" - C:\Programme\PDF Complete\pdfsvc.exe "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll "RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - c:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe "Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Programme\Sceneo\AbsolutTV\Services\PVR\PVRService.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe "SolidWorks Licensing Service" (SolidWorks Licensing Service) - "SolidWorks" - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {8F51D94E-8B89-4844-B15C-9C049BA0F49F} "DLLName" - "Cognizance Corporation" - C:\Programme\Hewlett-Packard\IAM\Bin\ItVCard.dll -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "OneCard" - "Cognizance Corporation" - C:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll "WgaLogon" - "Microsoft Corporation" - C:\windows\system32\WgaLogon.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswmbr Log Code:
ATTFilter aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2011-12-30 20:37:17
-----------------------------
20:37:17.711 OS Version: Windows 5.1.2600 Service Pack 3
20:37:17.711 Number of processors: 2 586 0x6801
20:37:17.711 ComputerName: PC279312431166 UserName: Administrator
20:37:18.742 Initialize success
20:40:45.196 AVAST engine defs: 11123000
20:44:40.321 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:44:40.321 Disk 0 Vendor: FUJITSU_MHY2120BH 890B Size: 114473MB BusType: 3
20:44:40.367 Disk 0 MBR read successfully
20:44:40.367 Disk 0 MBR scan
20:44:40.414 Disk 0 unknown MBR code
20:44:40.430 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 103418 MB offset 63
20:44:40.461 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 11052 MB offset 211801023
20:44:40.477 Disk 0 scanning sectors +234436545
20:44:40.586 Disk 0 scanning C:\windows\system32\drivers
20:44:54.305 Service scanning
20:44:54.899 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
20:44:55.461 Modules scanning
20:45:03.524 Disk 0 trace - called modules:
20:45:03.555 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
20:45:03.571 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a93eab8]
20:45:03.571 3 CLASSPNP.SYS[f74f7fd7] -> nt!IofCallDriver -> [0x8a9779e8]
20:45:03.586 5 hpdskflt.sys[f7518ffd] -> nt!IofCallDriver -> \Device\00000095[0x8a8cf500]
20:45:03.586 7 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a97b940]
20:45:04.117 AVAST engine scan C:\windows
20:45:13.539 AVAST engine scan C:\windows\system32
20:47:44.555 AVAST engine scan C:\windows\system32\drivers
20:48:03.961 AVAST engine scan C:\Dokumente und Einstellungen\Administrator
21:13:57.602 AVAST engine scan C:\Dokumente und Einstellungen\All Users
21:16:06.571 Scan finished successfully
21:33:52.774 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat"
21:33:52.789 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.txt"
|
|
30.12.2011, 22:35
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Ungewollte Weiterleitung bei Google Suche unter Internet Explorer 8 |
| anderen, betriebssystem, board, combofix, explorer, fehler, folge, folgende, google, internet, internet explorer, klicke, nichts, problem, scan, scanner, scanner finden nichts, seite, suche, suchergebnisse, ungewollte, virenscan, virenscanner, weiterleitung, win, win xp |
Linear-Darstellung
