Trojaner/Virus -zeigt sich durch Ordner auf externen Festplatte die als Verknüpfung angezeigt werden

cosinus · 24.02.2012, 20:58

Brich es ggf ab und mach den Fix im abgesicherten Modus

curry36 · 24.02.2012, 23:59

was meinst du mit abgesicherten Modus, als nicht Admin?

cosinus · 25.02.2012, 00:40

Doch immer mit einem Konto mit Adminrechten alles machen! Sonst kann man nicht alles entfernen!

curry36 · 25.02.2012, 15:06

sicherlich mach ich alles als Admin (die Scans), wusste nur nicht was der abgesicherte Modus ist, hab es aber nun herausgefunden

hier die logs vom OTL fix im abgesicherten Modus

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-855794685-3435106535-32800436-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-855794685-3435106535-32800436-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-855794685-3435106535-32800436-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-855794685-3435106535-32800436-1007\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-855794685-3435106535-32800436-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-855794685-3435106535-32800436-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully.
C:\Programme\SFT_de3\prxtbSFT_.dll moved successfully.
Prefs.js: "SFT_de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031778&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "SFT_de3 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT3031778&SearchSource=13" removed from browser.startup.homepage
Prefs.js: pdfforge@mybrowserbar.com:4.6 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.6 removed from extensions.enabledItems
C:\Dokumente und Einstellungen\curry36\Anwendungsdaten\Mozilla\Firefox\Profiles\vdn542ss.default\extensions\{ff88a983-649d-4207-9336-9b999280b436}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\curry36\Anwendungsdaten\Mozilla\Firefox\Profiles\vdn542ss.default\extensions\{ff88a983-649d-4207-9336-9b999280b436}\modules folder moved successfully.
C:\Dokumente und Einstellungen\curry36\Anwendungsdaten\Mozilla\Firefox\Profiles\vdn542ss.default\extensions\{ff88a983-649d-4207-9336-9b999280b436}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\curry36\Anwendungsdaten\Mozilla\Firefox\Profiles\vdn542ss.default\extensions\{ff88a983-649d-4207-9336-9b999280b436}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\curry36\Anwendungsdaten\Mozilla\Firefox\Profiles\vdn542ss.default\extensions\{ff88a983-649d-4207-9336-9b999280b436}\components folder moved successfully.
C:\Dokumente und Einstellungen\curry36\Anwendungsdaten\Mozilla\Firefox\Profiles\vdn542ss.default\extensions\{ff88a983-649d-4207-9336-9b999280b436}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\curry36\Anwendungsdaten\Mozilla\Firefox\Profiles\vdn542ss.default\extensions\{ff88a983-649d-4207-9336-9b999280b436} folder moved successfully.
C:\Dokumente und Einstellungen\curry36\Anwendungsdaten\Mozilla\Firefox\Profiles\vdn542ss.default\searchplugins\conduit.xml moved successfully.
C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\zh-TW\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\zh-TW\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\zh-TW folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\zh-CN\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\zh-CN\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\zh-CN folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\tr-TR\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\tr-TR\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\tr-TR folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\sv-SE\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\sv-SE\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\sv-SE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\sk-SK\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\sk-SK\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\sk-SK folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\ru-RU\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\ru-RU\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\ru-RU folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\pt-PT\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\pt-PT\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\pt-PT folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\pt-BR\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\pt-BR\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\pt-BR folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\pl-PL\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\pl-PL\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\pl-PL folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\no-NO\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\no-NO\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\no-NO folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\nl-NL\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\nl-NL\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\nl-NL folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\nb-NO\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\nb-NO\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\nb-NO folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\ko-KR\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\ko-KR\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\ko-KR folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\ja-JP\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\ja-JP\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\ja-JP folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\it-IT\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\it-IT\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\it-IT folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\hu-HU\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\hu-HU\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\hu-HU folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\fr-FR\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\fr-FR\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\fr-FR folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\fr-CA\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\fr-CA\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\fr-CA folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\fi-FI\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\fi-FI\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\fi-FI folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-PE\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-PE\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-PE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-MX\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-MX\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-MX folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-ES\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-ES\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-ES folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-CL\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-CL\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-CL folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-AR\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-AR\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\es-AR folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-US\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-US\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-US folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-IE\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-IE\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-GB\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-GB\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-GB folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-CA\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-CA\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-CA folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-AU\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-AU\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\en-AU folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\el-GR\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\el-GR\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\el-GR folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\de-DE\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\de-DE\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\de-DE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\da-DK\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\da-DK\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\da-DK folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\cs-CZ\IE folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\cs-CZ\FF folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale\cs-CZ folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts\locale folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Scripts folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Download folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR\Components folder moved successfully.
C:\PROGRAMME\MCAFEE\SITEADVISOR folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAMME\PDFFORGE TOOLBAR\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
C:\Programme\Crawler\ctbr.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Programme\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}\ deleted successfully.
c:\Programme\McAfee\MSK\mcapbho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Programme\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
C:\Programme\McAfee\VirusScan\scriptsn.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
File c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.
File C:\Programme\SFT_de3\prxtbSFT_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
File c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-t826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FCm33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ deleted successfully.
File C:\Programme\Crawler\ctbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.
File C:\Programme\SFT_de3\prxtbSFT_.dll not found.
Registry value HKEY_USERS\S-1-5-21-855794685-3435106535-32800436-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Programme\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-855794685-3435106535-32800436-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
File C:\Programme\Crawler\ctbr.dll not found.
Registry value HKEY_USERS\S-1-5-21-855794685-3435106535-32800436-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-855794685-3435106535-32800436-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF88A983-649D-4207-9336-9B999280B436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}\ not found.
File C:\Programme\SFT_de3\prxtbSFT_.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-855794685-3435106535-32800436-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
File F:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68b1ac97-41df-11e1-9263-0022691c04e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68b1ac97-41df-11e1-9263-0022691c04e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68b1ac97-41df-11e1-9263-0022691c04e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68b1ac97-41df-11e1-9263-0022691c04e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68b1ac97-41df-11e1-9263-0022691c04e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68b1ac97-41df-11e1-9263-0022691c04e2}\ not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{decca682-29ce-11e1-9236-0022691c04e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{decca682-29ce-11e1-9236-0022691c04e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{decca682-29ce-11e1-9236-0022691c04e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{decca682-29ce-11e1-9236-0022691c04e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{decca682-29ce-11e1-9236m0022691c04e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{decca682-29ce-11e1-9236-0022691c04e2}\ not found.
File F:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 212992 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: All Users
 
User: curry36
->Temp folder emptied: 30690343 bytes
->Temporary Internet Files folder emptied: 7316211 bytes
->FireFox cache emptied: 34447449 bytes
->Apple Safari cache emptied: 24676352 bytes
->Flash cache emptied: 1759 bytes
 
User: Default User
->Temp folder emptied: 212992 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: Franzi
 
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast.NETBOOK-FRANZI
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 525855 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3148679 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12860056 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 109,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.29.1 log created on 02242012_220630

Files\Folders moved on Reboot...
File\Folder E:\AutoRun.exe not found!
File\Folder E:\AUTORUN.INF not found!
File\Folder C:\WINDOWS\temp\mcmsc_0phPrZOWpl1HXBz not found!
File\Folder C:\WINDOWS\temp\sqlite_mzs5QA3KvDNzeIo not found!

Registry entries deleted on Reboot...

cosinus · 26.02.2012, 15:25

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

curry36 · 26.02.2012, 17:31

Das Log von Kaserpsky

Code:

ATTFilter

10:21:02.0687 1196	TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
10:21:04.0703 1196	============================================================
10:21:04.0703 1196	Current date / time: 2012/02/26 10:21:04.0703
10:21:04.0703 1196	SystemInfo:
10:21:04.0703 1196	
10:21:04.0703 1196	OS Version: 5.1.2600 ServicePack: 3.0
10:21:04.0703 1196	Product type: Workstation
10:21:04.0703 1196	ComputerName: NETBOOK-FRANZI
10:21:04.0703 1196	UserName: curry36
10:21:04.0703 1196	Windows directory: C:\WINDOWS
10:21:04.0703 1196	System windows directory: C:\WINDOWS
10:21:04.0703 1196	Processor architecture: Intel x86
10:21:04.0703 1196	Number of processors: 2
10:21:04.0703 1196	Page size: 0x1000
10:21:04.0703 1196	Boot type: Normal boot
10:21:04.0703 1196	============================================================
10:21:08.0062 1196	Drive \Device\Harddisk2\DR5 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
10:21:08.0093 1196	Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:21:08.0125 1196	Drive \Device\Harddisk2\DR5 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:21:08.0125 1196	Drive \Device\Harddisk3\DR7 - Size: 0x1D9FC1000 (7.41 Gb), SectorSize: 0x1000, Cylinders: 0x78, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:21:08.0125 1196	\Device\Harddisk2\DR5:
10:21:08.0125 1196	MBR used
10:21:08.0125 1196	\Device\Harddisk2\DR5\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
10:21:08.0125 1196	\Device\Harddisk0\DR0:
10:21:08.0125 1196	MBR used
10:21:08.0125 1196	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xBB47FC, BlocksNum 0xD3DEFC5
10:21:08.0125 1196	\Device\Harddisk2\DR5:
10:21:08.0125 1196	MBR used
10:21:08.0125 1196	\Device\Harddisk2\DR5\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
10:21:08.0125 1196	\Device\Harddisk3\DR7:
10:21:08.0125 1196	MBR used
10:21:08.0125 1196	\Device\Harddisk3\DR7\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1D9F81
10:21:08.0187 1196	Initialize success
10:21:08.0187 1196	============================================================
10:22:14.0875 3756	============================================================
10:22:14.0875 3756	Scan started
10:22:14.0875 3756	Mode: Manual; SigCheck; TDLFS; 
10:22:14.0875 3756	============================================================
10:22:16.0640 3756	17034739        (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\17034739.sys
10:22:17.0531 3756	17034739 - ok
10:22:17.0562 3756	Abiosdsk - ok
10:22:17.0625 3756	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:22:18.0078 3756	abp480n5 - ok
10:22:18.0140 3756	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:22:18.0671 3756	ACPI - ok
10:22:18.0734 3756	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:22:19.0125 3756	ACPIEC - ok
10:22:19.0140 3756	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:22:19.0578 3756	adpu160m - ok
10:22:19.0640 3756	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:22:19.0921 3756	aec - ok
10:22:20.0015 3756	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:22:20.0125 3756	AFD - ok
10:22:20.0140 3756	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:22:20.0484 3756	agp440 - ok
10:22:20.0515 3756	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:22:21.0609 3756	agpCPQ - ok
10:22:21.0906 3756	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:22:22.0312 3756	Aha154x - ok
10:22:22.0343 3756	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:22:22.0718 3756	aic78u2 - ok
10:22:22.0765 3756	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:22:23.0109 3756	aic78xx - ok
10:22:23.0156 3756	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:22:23.0578 3756	AliIde - ok
10:22:23.0625 3756	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:22:24.0234 3756	alim1541 - ok
10:22:24.0281 3756	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:22:24.0656 3756	amdagp - ok
10:22:24.0859 3756	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:22:25.0015 3756	amsint - ok
10:22:25.0437 3756	AR5416          (7cae93fe5511d0c0688cfa56cf241e31) C:\WINDOWS\system32\DRIVERS\athw.sys
10:22:26.0015 3756	AR5416 - ok
10:22:26.0343 3756	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:22:27.0000 3756	asc - ok
10:22:27.0046 3756	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:22:27.0718 3756	asc3550 - ok
10:22:27.0812 3756	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:22:28.0265 3756	AsyncMac - ok
10:22:28.0281 3756	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:22:28.0765 3756	atapi - ok
10:22:28.0812 3756	Atdisk - ok
10:22:28.0875 3756	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:22:29.0375 3756	Atmarpc - ok
10:22:29.0437 3756	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:22:30.0078 3756	audstub - ok
10:22:30.0171 3756	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:22:30.0656 3756	Beep - ok
10:22:30.0765 3756	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:22:31.0218 3756	cbidf - ok
10:22:31.0265 3756	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:22:31.0562 3756	cbidf2k - ok
10:22:31.0609 3756	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:22:32.0000 3756	CCDECODE - ok
10:22:32.0046 3756	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:22:32.0250 3756	cd20xrnt - ok
10:22:32.0312 3756	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:22:32.0734 3756	Cdaudio - ok
10:22:32.0765 3756	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:22:33.0296 3756	Cdfs - ok
10:22:33.0328 3756	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:22:33.0937 3756	Cdrom - ok
10:22:33.0968 3756	Changer - ok
10:22:34.0046 3756	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:22:34.0593 3756	CmBatt - ok
10:22:34.0640 3756	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:22:35.0125 3756	CmdIde - ok
10:22:35.0140 3756	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:22:36.0187 3756	Compbatt - ok
10:22:36.0359 3756	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:22:36.0968 3756	Cpqarray - ok
10:22:37.0062 3756	d347bus         (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
10:22:37.0328 3756	d347bus ( UnsignedFile.Multi.Generic ) - warning
10:22:37.0328 3756	d347bus - detected UnsignedFile.Multi.Generic (1)
10:22:37.0343 3756	d347prt         (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
10:22:37.0718 3756	d347prt ( UnsignedFile.Multi.Generic ) - warning
10:22:37.0718 3756	d347prt - detected UnsignedFile.Multi.Generic (1)
10:22:37.0765 3756	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:22:38.0265 3756	dac2w2k - ok
10:22:38.0296 3756	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:22:38.0906 3756	dac960nt - ok
10:22:38.0984 3756	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:22:39.0531 3756	Disk - ok
10:22:39.0578 3756	DKbFltr         (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
10:22:39.0953 3756	DKbFltr - ok
10:22:40.0031 3756	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
10:22:40.0671 3756	dmboot - ok
10:22:40.0703 3756	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
10:22:41.0265 3756	dmio - ok
10:22:41.0593 3756	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:22:42.0234 3756	dmload - ok
10:22:42.0296 3756	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:22:42.0718 3756	DMusic - ok
10:22:42.0781 3756	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:22:43.0218 3756	dpti2o - ok
10:22:43.0296 3756	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:22:43.0687 3756	drmkaud - ok
10:22:43.0812 3756	eppvad_simple   (802f427a85feb7cc5f63587f82e4479e) C:\WINDOWS\system32\drivers\EMP_UDAU.sys
10:22:44.0015 3756	eppvad_simple - ok
10:22:44.0125 3756	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:22:45.0109 3756	Fastfat - ok
10:22:45.0250 3756	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:22:45.0750 3756	Fdc - ok
10:22:45.0812 3756	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
10:22:46.0375 3756	Fips - ok
10:22:46.0453 3756	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:22:46.0890 3756	Flpydisk - ok
10:22:46.0937 3756	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:22:47.0328 3756	FltMgr - ok
10:22:47.0375 3756	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:22:47.0828 3756	Fs_Rec - ok
10:22:47.0890 3756	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:22:48.0390 3756	Ftdisk - ok
10:22:48.0468 3756	GEARAspiWDM     (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:22:48.0718 3756	GEARAspiWDM - ok
10:22:48.0765 3756	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:22:49.0156 3756	Gpc - ok
10:22:49.0234 3756	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:22:49.0593 3756	HDAudBus - ok
10:22:49.0968 3756	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:22:50.0484 3756	HidUsb - ok
10:22:50.0546 3756	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:22:51.0015 3756	hpn - ok
10:22:51.0109 3756	HSPADataCardusbmdm (47d18b77fbc5b3e0de82ddf5ee92c937) C:\WINDOWS\system32\DRIVERS\HSPADataCardusbmdm.sys
10:22:51.0546 3756	HSPADataCardusbmdm - ok
10:22:51.0578 3756	HSPADataCardusbnmea (47d18b77fbc5b3e0de82ddf5ee92c937) C:\WINDOWS\system32\DRIVERS\HSPADataCardusbnmea.sys
10:22:52.0093 3756	HSPADataCardusbnmea - ok
10:22:52.0156 3756	HSPADataCardusbser (47d18b77fbc5b3e0de82ddf5ee92c937) C:\WINDOWS\system32\DRIVERS\HSPADataCardusbser.sys
10:22:52.0562 3756	HSPADataCardusbser - ok
10:22:52.0718 3756	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:22:52.0921 3756	HTTP - ok
10:22:53.0015 3756	hwdatacard      (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
10:22:53.0500 3756	hwdatacard - ok
10:22:53.0546 3756	hwusbdev        (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
10:22:54.0250 3756	hwusbdev - ok
10:22:54.0312 3756	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:22:54.0781 3756	i2omgmt - ok
10:22:54.0843 3756	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:22:55.0265 3756	i2omp - ok
10:22:55.0312 3756	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:22:55.0718 3756	i8042prt - ok
10:22:56.0046 3756	ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:22:56.0984 3756	ialm - ok
10:22:57.0046 3756	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:22:57.0484 3756	Imapi - ok
10:22:57.0578 3756	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:22:58.0156 3756	ini910u - ok
10:22:58.0265 3756	int15.sys       (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
10:22:58.0281 3756	int15.sys ( UnsignedFile.Multi.Generic ) - warning
10:22:58.0281 3756	int15.sys - detected UnsignedFile.Multi.Generic (1)
10:22:58.0578 3756	IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:22:59.0359 3756	IntcAzAudAddService - ok
10:22:59.0421 3756	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:22:59.0875 3756	IntelIde - ok
10:22:59.0937 3756	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:23:00.0421 3756	intelppm - ok
10:23:00.0453 3756	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:23:01.0015 3756	Ip6Fw - ok
10:23:01.0031 3756	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:23:01.0328 3756	IpFilterDriver - ok
10:23:01.0390 3756	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:23:01.0687 3756	IpInIp - ok
10:23:01.0703 3756	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:23:01.0984 3756	IpNat - ok
10:23:02.0000 3756	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:23:02.0406 3756	IPSec - ok
10:23:02.0515 3756	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:23:02.0734 3756	IRENUM - ok
10:23:02.0765 3756	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:23:03.0093 3756	isapnp - ok
10:23:03.0156 3756	JMCR            (da971cfc625d13636e04c405948e9d62) C:\WINDOWS\system32\DRIVERS\jmcr.sys
10:23:03.0250 3756	JMCR - ok
10:23:03.0265 3756	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:23:03.0593 3756	Kbdclass - ok
10:23:03.0703 3756	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:23:04.0000 3756	kmixer - ok
10:23:04.0109 3756	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:23:04.0250 3756	KSecDD - ok
10:23:04.0296 3756	lbrtfdc - ok
10:23:04.0375 3756	M3000Srv        (8da3ac548c6ef91b284dcff1a84be3db) C:\WINDOWS\system32\Drivers\M3000KNT.sys
10:23:04.0875 3756	M3000Srv - ok
10:23:04.0953 3756	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
10:23:05.0250 3756	MBAMProtector - ok
10:23:05.0390 3756	mfeavfk         (c97cbfd71c1c215150a3b3e55f77a7a3) C:\WINDOWS\system32\drivers\mfeavfk.sys
10:23:05.0437 3756	mfeavfk - ok
10:23:05.0468 3756	mfebopk         (5447338b83a1a2354fb2fea7604387fd) C:\WINDOWS\system32\drivers\mfebopk.sys
10:23:05.0531 3756	mfebopk - ok
10:23:05.0609 3756	mfehidk         (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\WINDOWS\system32\drivers\mfehidk.sys
10:23:05.0656 3756	mfehidk - ok
10:23:05.0703 3756	mferkdk         (a551154b51d6a93fccf70fc4e8eaf4bd) C:\WINDOWS\system32\drivers\mferkdk.sys
10:23:05.0765 3756	mferkdk - ok
10:23:05.0796 3756	mfesmfk         (299a86b780c9627aaa24e74292363ed2) C:\WINDOWS\system32\drivers\mfesmfk.sys
10:23:05.0921 3756	mfesmfk - ok
10:23:05.0968 3756	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:23:06.0500 3756	mnmdd - ok
10:23:06.0609 3756	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
10:23:07.0156 3756	Modem - ok
10:23:07.0234 3756	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:23:07.0687 3756	Mouclass - ok
10:23:07.0765 3756	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:23:08.0031 3756	mouhid - ok
10:23:08.0093 3756	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:23:08.0359 3756	MountMgr - ok
10:23:08.0406 3756	MPFP            (e454f42ae5524d695d76eab5d363b8ac) C:\WINDOWS\system32\Drivers\Mpfp.sys
10:23:08.0453 3756	MPFP - ok
10:23:08.0484 3756	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:23:08.0828 3756	mraid35x - ok
10:23:08.0859 3756	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:23:09.0312 3756	MRxDAV - ok
10:23:09.0468 3756	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:23:09.0609 3756	MRxSmb - ok
10:23:09.0640 3756	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:23:09.0921 3756	Msfs - ok
10:23:09.0984 3756	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:23:10.0375 3756	MSKSSRV - ok
10:23:10.0437 3756	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:23:10.0796 3756	MSPCLOCK - ok
10:23:10.0843 3756	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:23:11.0281 3756	MSPQM - ok
10:23:11.0359 3756	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:23:11.0718 3756	mssmbios - ok
10:23:11.0812 3756	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:23:12.0109 3756	MSTEE - ok
10:23:12.0203 3756	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:23:12.0296 3756	Mup - ok
10:23:12.0359 3756	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:23:12.0671 3756	NABTSFEC - ok
10:23:12.0750 3756	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:23:13.0765 3756	NDIS - ok
10:23:13.0843 3756	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:23:14.0296 3756	NdisIP - ok
10:23:14.0375 3756	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:23:14.0453 3756	NdisTapi - ok
10:23:14.0500 3756	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:23:14.0765 3756	Ndisuio - ok
10:23:14.0828 3756	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:23:15.0109 3756	NdisWan - ok
10:23:15.0234 3756	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:23:15.0343 3756	NDProxy - ok
10:23:15.0390 3756	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:23:15.0750 3756	NetBIOS - ok
10:23:15.0781 3756	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:23:16.0203 3756	NetBT - ok
10:23:16.0296 3756	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:23:16.0625 3756	Npfs - ok
10:23:16.0703 3756	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:23:17.0000 3756	Ntfs - ok
10:23:17.0062 3756	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:23:17.0343 3756	Null - ok
10:23:17.0406 3756	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:23:17.0843 3756	NwlnkFlt - ok
10:23:17.0906 3756	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:23:18.0281 3756	NwlnkFwd - ok
10:23:18.0328 3756	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
10:23:18.0578 3756	Parport - ok
10:23:18.0593 3756	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:23:18.0859 3756	PartMgr - ok
10:23:18.0906 3756	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
10:23:19.0187 3756	ParVdm - ok
10:23:19.0265 3756	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
10:23:20.0453 3756	PCI - ok
10:23:20.0484 3756	PCIDump - ok
10:23:20.0578 3756	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:23:21.0140 3756	PCIIde - ok
10:23:21.0265 3756	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:23:21.0687 3756	Pcmcia - ok
10:23:21.0718 3756	PDCOMP - ok
10:23:21.0750 3756	PDFRAME - ok
10:23:21.0765 3756	PDRELI - ok
10:23:21.0796 3756	PDRFRAME - ok
10:23:21.0828 3756	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:23:22.0109 3756	perc2 - ok
10:23:22.0140 3756	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:23:22.0515 3756	perc2hib - ok
10:23:22.0718 3756	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:23:23.0093 3756	PptpMiniport - ok
10:23:23.0140 3756	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:23:23.0500 3756	PSched - ok
10:23:23.0578 3756	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:23:23.0843 3756	Ptilink - ok
10:23:23.0875 3756	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:23:24.0125 3756	ql1080 - ok
10:23:24.0140 3756	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:23:24.0484 3756	Ql10wnt - ok
10:23:24.0531 3756	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:23:24.0906 3756	ql12160 - ok
10:23:24.0937 3756	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:23:25.0343 3756	ql1240 - ok
10:23:25.0406 3756	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:23:25.0703 3756	ql1280 - ok
10:23:25.0781 3756	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:23:26.0046 3756	RasAcd - ok
10:23:26.0125 3756	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:23:26.0375 3756	Rasl2tp - ok
10:23:26.0421 3756	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:23:26.0765 3756	RasPppoe - ok
10:23:26.0890 3756	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:23:27.0312 3756	Raspti - ok
10:23:27.0390 3756	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:23:27.0953 3756	Rdbss - ok
10:23:28.0031 3756	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:23:28.0453 3756	RDPCDD - ok
10:23:28.0546 3756	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:23:28.0796 3756	rdpdr - ok
10:23:28.0906 3756	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:23:28.0984 3756	RDPWD - ok
10:23:29.0046 3756	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:23:29.0328 3756	redbook - ok
10:23:29.0468 3756	RTLE8023xp      (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:23:29.0812 3756	RTLE8023xp - ok
10:23:30.0000 3756	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:23:30.0484 3756	Secdrv - ok
10:23:30.0609 3756	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
10:23:30.0859 3756	Serial - ok
10:23:30.0984 3756	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:23:31.0265 3756	Sfloppy - ok
10:23:31.0312 3756	Simbad - ok
10:23:31.0375 3756	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:23:31.0687 3756	sisagp - ok
10:23:31.0828 3756	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:23:32.0312 3756	SLIP - ok
10:23:32.0343 3756	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:23:32.0531 3756	Sparrow - ok
10:23:32.0578 3756	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:23:32.0828 3756	splitter - ok
10:23:32.0921 3756	sp_rsdrv2       (7b426b8e809edf081d771ef429345528) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
10:23:33.0031 3756	sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - warning
10:23:33.0031 3756	sp_rsdrv2 - detected UnsignedFile.Multi.Generic (1)
10:23:33.0062 3756	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
10:23:33.0281 3756	sr - ok
10:23:33.0359 3756	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:23:33.0437 3756	Srv - ok
10:23:33.0546 3756	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:23:34.0328 3756	streamip - ok
10:23:34.0406 3756	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:23:34.0968 3756	swenum - ok
10:23:35.0031 3756	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:23:35.0375 3756	swmidi - ok
10:23:35.0406 3756	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:23:35.0718 3756	symc810 - ok
10:23:35.0734 3756	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:23:36.0046 3756	symc8xx - ok
10:23:36.0109 3756	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:23:36.0484 3756	sym_hi - ok
10:23:36.0531 3756	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:23:36.0906 3756	sym_u3 - ok
10:23:37.0015 3756	SynTP           (409f7eeb079d6154ccb26a02e6e27844) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:23:37.0250 3756	SynTP - ok
10:23:37.0281 3756	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:23:37.0609 3756	sysaudio - ok
10:23:37.0781 3756	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:23:37.0890 3756	Tcpip - ok
10:23:37.0937 3756	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:23:38.0265 3756	TDPIPE - ok
10:23:38.0359 3756	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:23:38.0734 3756	TDTCP - ok
10:23:38.0812 3756	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:23:39.0156 3756	TermDD - ok
10:23:39.0218 3756	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
10:23:39.0515 3756	TosIde - ok
10:23:39.0656 3756	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:23:39.0953 3756	Udfs - ok
10:23:39.0984 3756	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:23:40.0171 3756	ultra - ok
10:23:40.0312 3756	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:23:41.0187 3756	Update - ok
10:23:41.0343 3756	USBAAPL         (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
10:23:41.0453 3756	USBAAPL - ok
10:23:41.0546 3756	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:23:41.0968 3756	usbccgp - ok
10:23:42.0062 3756	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:23:42.0359 3756	usbehci - ok
10:23:42.0390 3756	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:23:42.0656 3756	usbhub - ok
10:23:42.0765 3756	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:23:43.0078 3756	usbscan - ok
10:23:43.0156 3756	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:23:43.0625 3756	USBSTOR - ok
10:23:43.0703 3756	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:23:44.0000 3756	usbuhci - ok
10:23:44.0062 3756	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:23:44.0421 3756	VgaSave - ok
10:23:44.0453 3756	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:23:44.0703 3756	viaagp - ok
10:23:44.0750 3756	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:23:45.0093 3756	ViaIde - ok
10:23:45.0125 3756	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
10:23:45.0609 3756	VolSnap - ok
10:23:45.0781 3756	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:23:46.0187 3756	Wanarp - ok
10:23:46.0250 3756	WDICA - ok
10:23:46.0312 3756	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:23:46.0765 3756	wdmaud - ok
10:23:46.0937 3756	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:23:47.0187 3756	WmiAcpi - ok
10:23:47.0421 3756	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:23:47.0859 3756	WSTCODEC - ok
10:23:48.0015 3756	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:23:48.0406 3756	WudfPf - ok
10:23:48.0453 3756	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:23:48.0906 3756	WudfRd - ok
10:23:49.0078 3756	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR5
10:23:49.0203 3756	\Device\Harddisk2\DR5 - ok
10:23:49.0265 3756	MBR (0x1B8)     (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
10:23:59.0062 3756	\Device\Harddisk0\DR0 - ok
10:23:59.0078 3756	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR5
10:23:59.0203 3756	\Device\Harddisk2\DR5 - ok
10:23:59.0218 3756	MBR (0x1B8)     (d5d61b84c47512dd7e5e5a724be853be) \Device\Harddisk3\DR7
10:24:14.0203 3756	\Device\Harddisk3\DR7 - ok
10:24:14.0218 3756	Boot (0x1200)   (e4429023d391cdfd8f2924151652b67e) \Device\Harddisk2\DR5\Partition0
10:24:14.0218 3756	\Device\Harddisk2\DR5\Partition0 - ok
10:24:14.0296 3756	Boot (0x1200)   (934829d2e0f636163d880c7094c1c6ab) \Device\Harddisk0\DR0\Partition0
10:24:14.0296 3756	\Device\Harddisk0\DR0\Partition0 - ok
10:24:14.0312 3756	Boot (0x1200)   (e4429023d391cdfd8f2924151652b67e) \Device\Harddisk2\DR5\Partition0
10:24:14.0312 3756	\Device\Harddisk2\DR5\Partition0 - ok
10:24:14.0328 3756	Boot (0x1200)   (2604971d826cfb1c4f9e9e8ea425c200) \Device\Harddisk3\DR7\Partition0
10:24:14.0328 3756	\Device\Harddisk3\DR7\Partition0 - ok
10:24:14.0343 3756	============================================================
10:24:14.0343 3756	Scan finished
10:24:14.0343 3756	============================================================
10:24:14.0500 2432	Detected object count: 4
10:24:14.0500 2432	Actual detected object count: 4
10:28:34.0015 2432	d347bus ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:34.0015 2432	d347bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:28:34.0015 2432	d347prt ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:34.0015 2432	d347prt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:28:34.0031 2432	int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:34.0031 2432	int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:28:34.0031 2432	sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - skipped by user
10:28:34.0031 2432	sp_rsdrv2 ( UnsignedFile.Multi.Generic ) - User select action: Skip

mfg

cosinus · 26.02.2012, 18:16

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

curry36 · 26.02.2012, 20:15

hier der ComboFix-Log

Code:

ATTFilter

ComboFix 12-02-25.02 - curry36 26.02.2012  12:03:12.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1012.545 [GMT -6:00]
ausgeführt von:: c:\dokume~1\curry36\LOKALE~1\Temp\mjmqogm9.tmp\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\AskSearch\bin\DeFAultsearch.dll
c:\windows\daemon.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-26 bis 2012-02-26  ))))))))))))))))))))))))))))))
.
.
2012-02-26 00:58 . 2012-02-26 00:58	--------	d-----w-	c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2012-02-26 00:58 . 2012-02-26 00:58	--------	d-----w-	c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Anwendungsdaten\Apple Computer
2012-02-26 00:58 . 2012-02-26 00:58	--------	d-----w-	C:\Application Data
2012-02-26 00:56 . 2012-02-26 00:56	--------	d-----w-	c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\Mozilla
2012-02-25 03:23 . 2012-02-25 03:23	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2012-02-24 13:09 . 2012-02-24 13:09	--------	d-----w-	C:\_OTL
2012-02-21 18:37 . 2012-02-21 18:37	--------	d-----w-	c:\programme\gs
2012-02-21 17:36 . 2012-02-21 17:39	--------	d-----w-	c:\dokumente und einstellungen\curry36\.scribus
2012-02-21 17:34 . 2012-02-21 17:35	--------	d-----w-	c:\programme\Scribus 1.3.3.14
2012-02-20 13:56 . 2012-02-20 13:56	--------	d-----w-	c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\SFT_de3
2012-02-20 13:55 . 2012-02-20 13:56	--------	d-----w-	c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\ConduitEngine
2012-02-16 05:18 . 2012-01-11 19:06	3072	-c----w-	c:\windows\system32\dllcache\iacenc.dll
2012-02-16 05:18 . 2012-01-11 19:06	3072	------w-	c:\windows\system32\iacenc.dll
2012-01-31 15:13 . 2012-01-31 15:14	--------	d-----w-	c:\programme\Google
2012-01-29 19:58 . 2010-04-27 01:46	106880	----a-w-	c:\windows\system32\drivers\HSPADataCardusbser.sys
2012-01-29 19:58 . 2010-04-27 01:46	106880	----a-w-	c:\windows\system32\drivers\HSPADataCardusbnmea.sys
2012-01-29 19:58 . 2010-04-27 01:46	106880	----a-w-	c:\windows\system32\drivers\HSPADataCardusbmdm.sys
2012-01-29 19:58 . 2012-02-04 00:02	--------	d-----w-	c:\programme\D-Link Connection Manager
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 15:07 . 2011-09-17 20:02	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2008-04-14 12:00	1860096	----a-w-	c:\windows\system32\win32k.sys
2011-12-19 08:53 . 2008-04-14 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2011-12-19 08:53 . 2008-04-14 12:00	672768	----a-w-	c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2008-04-14 12:00	61952	----a-w-	c:\windows\system32\tdc.ocx
2011-12-19 08:52 . 2008-04-14 12:00	371200	----a-w-	c:\windows\system32\html.iec
2011-12-10 21:24 . 2011-10-03 04:05	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SpywareTerminatorShield"="c:\programme\Spyware Terminator\SpywareTerminatorShield.exe" [2011-11-22 2779824]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"mcagent_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"DAEMON Tools-1033"="c:\programme\D-Tools\daemon.exe" [2004-08-22 81920]
"AzMixerSel"="c:\programme\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"EPSON_UD_START"="c:\programme\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2008-05-22 329632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
InterVideo WinCinema Manager.lnk - c:\programme\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [13.06.2009 15:27 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [13.06.2009 15:27 5248]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [12.09.2011 09:42 32768]
R2 EMP_UDSA;EMP_UDSA;c:\programme\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [27.01.2012 10:07 94208]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [02.10.2011 22:05 652360]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\programme\Spyware Terminator\st_rsser.exe [12.09.2011 09:42 482992]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [27.01.2012 10:07 17664]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [21.05.2008 02:11 96856]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05.05.2008 01:01 254976]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02.10.2011 22:05 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\programme\McAfee\SiteAdvisor\McSACore.exe" --> c:\programme\McAfee\SiteAdvisor\McSACore.exe [?]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\drivers\HSPADataCardusbmdm.sys [29.01.2012 13:58 106880]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\drivers\HSPADataCardusbnmea.sys [29.01.2012 13:58 106880]
S3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\drivers\HSPADataCardusbser.sys [29.01.2012 13:58 106880]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [18.12.2011 17:26 100736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2008-07-11 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-07-25 11:32]
.
2011-10-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-07-25 11:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mLocal Page = 
mStart Page = 
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
TCP: Interfaces\{BBCEFF55-18EC-4F8B-9EE1-26E8736E7BBA}: NameServer = 200.91.75.5 200.91.75.6
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - 
FF - ProfilePath - c:\dokumente und einstellungen\curry36\Anwendungsdaten\Mozilla\Firefox\Profiles\vdn542ss.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{ff88a983-649d-4207-9336-9b999280b436} - (no file)
AddRemove-tulox Freeware-Wörterbuch (Spanisch) - c:\progra~1\TULOXF~1\UNWISE32
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-26 12:57
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(460)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\GEMEIN~1\mcafee\mna\mcnasvc.exe
c:\progra~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
c:\programme\McAfee\VirusScan\McShield.exe
c:\programme\McAfee\MPF\MPFSrv.exe
c:\programme\McAfee\MSK\MskSrver.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\programme\iPod\bin\iPodService.exe
c:\dokume~1\curry36\LOKALE~1\Temp\RtkBtMnt.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-26  13:04:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-26 19:04
.
Vor Suchlauf: 4.496.998.400 Bytes frei
Nach Suchlauf: 4.671.905.792 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - B572B82EA26BE4A678BC4CEBBFD566D5

mfG

cosinus · 26.02.2012, 20:17

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Folder::
c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\SFT_de3
c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\ConduitEngine

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

curry36 · 27.02.2012, 14:44

mir wurde lediglich der log.txt nach der Aktion angezeigt

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-25.02 - curry36 27.02.2012   7:27.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1012.317 [GMT -6:00]
ausgeführt von:: c:\dokumente und einstellungen\curry36\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\curry36\Desktop\CFScript.txt
AV: McAfee VirusScan *Enabled/Outdated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\ConduitEngine
c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ConduitEngine.dll
c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\ldrConduitEngine.dll
c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\ConduitEngine\toolbar.cfg
c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\SFT_de3
c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\SFT_de3\ldrtbSFT_.dll
c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\SFT_de3\tbSFT_.dll
c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\SFT_de3\toolbar.cfg
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-27 bis 2012-02-27  ))))))))))))))))))))))))))))))
.
.
2012-02-26 00:58 . 2012-02-26 00:58	--------	d-----w-	c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2012-02-26 00:58 . 2012-02-26 00:58	--------	d-----w-	c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Anwendungsdaten\Apple Computer
2012-02-26 00:58 . 2012-02-26 00:58	--------	d-----w-	C:\Application Data
2012-02-26 00:56 . 2012-02-26 00:56	--------	d-----w-	c:\dokumente und einstellungen\Gast.NETBOOK-FRANZI\Lokale Einstellungen\Anwendungsdaten\Mozilla
2012-02-25 03:23 . 2012-02-25 03:23	--------	d-----w-	c:\dokumente und einstellungen\Administrator
2012-02-24 13:09 . 2012-02-24 13:09	--------	d-----w-	C:\_OTL
2012-02-21 18:37 . 2012-02-21 18:37	--------	d-----w-	c:\programme\gs
2012-02-21 17:36 . 2012-02-21 17:39	--------	d-----w-	c:\dokumente und einstellungen\curry36\.scribus
2012-02-21 17:34 . 2012-02-21 17:35	--------	d-----w-	c:\programme\Scribus 1.3.3.14
2012-02-16 05:18 . 2012-01-11 19:06	3072	-c----w-	c:\windows\system32\dllcache\iacenc.dll
2012-02-16 05:18 . 2012-01-11 19:06	3072	------w-	c:\windows\system32\iacenc.dll
2012-01-31 15:13 . 2012-01-31 15:14	--------	d-----w-	c:\programme\Google
2012-01-29 19:58 . 2010-04-27 01:46	106880	----a-w-	c:\windows\system32\drivers\HSPADataCardusbser.sys
2012-01-29 19:58 . 2010-04-27 01:46	106880	----a-w-	c:\windows\system32\drivers\HSPADataCardusbnmea.sys
2012-01-29 19:58 . 2010-04-27 01:46	106880	----a-w-	c:\windows\system32\drivers\HSPADataCardusbmdm.sys
2012-01-29 19:58 . 2012-02-04 00:02	--------	d-----w-	c:\programme\D-Link Connection Manager
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 15:07 . 2011-09-17 20:02	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2008-04-14 12:00	1860096	----a-w-	c:\windows\system32\win32k.sys
2011-12-19 08:53 . 2008-04-14 12:00	81920	----a-w-	c:\windows\system32\ieencode.dll
2011-12-19 08:53 . 2008-04-14 12:00	672768	----a-w-	c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2008-04-14 12:00	61952	----a-w-	c:\windows\system32\tdc.ocx
2011-12-19 08:52 . 2008-04-14 12:00	371200	----a-w-	c:\windows\system32\html.iec
2011-12-10 21:24 . 2011-10-03 04:05	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-02-26_18.57.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-02 18:33 . 2012-02-27 12:51	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2008-10-02 18:33 . 2012-02-26 14:56	32768              c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2012-02-26 19:54 . 2012-02-27 12:51	32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-10-02 18:33 . 2012-02-26 14:56	32768              c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SpywareTerminatorShield"="c:\programme\Spyware Terminator\SpywareTerminatorShield.exe" [2011-11-22 2779824]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"mcagent_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"DAEMON Tools-1033"="c:\programme\D-Tools\daemon.exe" [2004-08-22 81920]
"AzMixerSel"="c:\programme\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"EPSON_UD_START"="c:\programme\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2008-05-22 329632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
InterVideo WinCinema Manager.lnk - c:\programme\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [13.06.2009 15:27 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [13.06.2009 15:27 5248]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [12.09.2011 09:42 32768]
R2 EMP_UDSA;EMP_UDSA;c:\programme\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [27.01.2012 10:07 94208]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [02.10.2011 22:05 652360]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\programme\Spyware Terminator\st_rsser.exe [12.09.2011 09:42 482992]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [27.01.2012 10:07 17664]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [21.05.2008 02:11 96856]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05.05.2008 01:01 254976]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02.10.2011 22:05 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\programme\McAfee\SiteAdvisor\McSACore.exe" --> c:\programme\McAfee\SiteAdvisor\McSACore.exe [?]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\drivers\HSPADataCardusbmdm.sys [29.01.2012 13:58 106880]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\drivers\HSPADataCardusbnmea.sys [29.01.2012 13:58 106880]
S3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\drivers\HSPADataCardusbser.sys [29.01.2012 13:58 106880]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [18.12.2011 17:26 100736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2008-07-11 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-07-25 11:32]
.
2011-10-02 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-07-25 11:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mLocal Page = 
mStart Page = 
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - 
FF - ProfilePath - c:\dokumente und einstellungen\curry36\Anwendungsdaten\Mozilla\Firefox\Profiles\vdn542ss.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-27 07:37
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-27  07:40:17
ComboFix-quarantined-files.txt  2012-02-27 13:40
ComboFix2.txt  2012-02-26 19:04
.
Vor Suchlauf: 3.921.543.168 Bytes frei
Nach Suchlauf: 3.889.524.736 Bytes frei
.
- - End Of File - - C324EB191298A5AB4F7CAFDF9B0B3D3B

--- --- ---

cosinus · 27.02.2012, 19:49

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

curry36 · 28.02.2012, 00:40

Hier der Gmer-Log

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-27 15:55:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVS-22UST0 rev.01.01A01
Running: 9ovzew1d.exe; Driver: C:\DOKUME~1\curry36\LOKALE~1\Temp\agddiuob.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwClose [0xAA0F6444]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwCreateFile [0xAA0F5C8A]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwCreateKey [0xAA0F5958]
SSDT            d347bus.sys (PnP BIOS Extension/ )                                                            ZwCreatePagingFile [0xF7661A20]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwCreateSection [0xAA0F7520]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwDeleteKey [0xAA0F5A68]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwDeleteValueKey [0xAA0F5B5A]
SSDT            d347bus.sys (PnP BIOS Extension/ )                                                            ZwEnumerateKey [0xF76622A8]
SSDT            d347bus.sys (PnP BIOS Extension/ )                                                            ZwEnumerateValueKey [0xF766D910]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwLoadDriver [0xAA0F6780]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwOpenFile [0xAA0F5F9C]
SSDT            d347bus.sys (PnP BIOS Extension/ )                                                            ZwOpenKey [0xF766D794]
SSDT            d347bus.sys (PnP BIOS Extension/ )                                                            ZwQueryKey [0xF76622C8]
SSDT            d347bus.sys (PnP BIOS Extension/ )                                                            ZwQueryValueKey [0xF766D866]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwSetInformationFile [0xAA0F60D2]
SSDT            d347bus.sys (PnP BIOS Extension/ )                                                            ZwSetSystemPowerState [0xF766D0B0]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwSetValueKey [0xAA0F577E]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwTerminateProcess [0xAA0F66C8]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys                                                 ZwWriteFile [0xAA0F62BC]

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateProcess [0xAA00195A]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwCreateProcessEx [0xAA00196E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwMapViewOfSection [0xAA0019EE]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwNotifyChangeKey [0xAA001B1F]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenProcess [0xAA001932]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwOpenThread [0xAA001946]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwProtectVirtualMemory [0xAA0019C2]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwQueryMultipleValueKey [0xAA001ACA]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwRenameKey [0xAA001A72]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwReplaceKey [0xAA001B47]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwRestoreKey [0xAA001B33]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetContextThread [0xAA001998]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwSetInformationProcess [0xAA001984]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwUnloadKey [0xAA001B09]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwUnmapViewOfSection [0xAA001A04]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  ZwYieldExecution [0xAA0019D8]
Code            \??\C:\DOKUME~1\curry36\LOKALE~1\Temp\catchme.sys                                             pIofCallDriver
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtMapViewOfSection
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtOpenProcess
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtOpenThread
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)  NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwYieldExecution                                                                 80515AB2 7 Bytes  JMP AA0019DC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!NtSetInformationProcess                                                          80574B1F 5 Bytes  JMP AA001988 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwUnmapViewOfSection                                                             8057A7A9 5 Bytes  JMP AA001A08 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!NtMapViewOfSection                                                               8057AC21 7 Bytes  JMP AA0019F2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwProtectVirtualMemory                                                           8057F56B 7 Bytes  JMP AA0019C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!NtOpenProcess                                                                    8057F93A 5 Bytes  JMP AA001936 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                8058B9EC 7 Bytes  JMP AA001972 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!NtOpenThread                                                                     80596743 5 Bytes  JMP AA00194A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwNotifyChangeKey                                                                80596D8A 5 Bytes  JMP AA001B23 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwCreateProcess                                                                  805C7A4D 5 Bytes  JMP AA00195E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwSetContextThread                                                               80635EFB 5 Bytes  JMP AA00199C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwUnloadKey                                                                      80655A96 7 Bytes  JMP AA001B0D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwQueryMultipleValueKey                                                          806563CF 7 Bytes  JMP AA001ACE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwRenameKey                                                                      8065684C 7 Bytes  JMP AA001A76 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwRestoreKey                                                                     80656D3D 5 Bytes  JMP AA001B37 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntoskrnl.exe!ZwReplaceKey                                                                     806571A8 5 Bytes  JMP AA001B4B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                    Das System kann die angegebene Datei nicht finden. !
?               C:\DOKUME~1\curry36\LOKALE~1\Temp\catchme.sys                                                 Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateFileA                                 7C801A28 5 Bytes  JMP 00BF0000 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!VirtualProtectEx                            7C801A61 5 Bytes  JMP 00BF008B 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!VirtualProtect                              7C801AD4 5 Bytes  JMP 00BF007A 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryExW                              7C801AF5 5 Bytes  JMP 00BF0069 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryExA                              7C801D53 5 Bytes  JMP 00BF0058 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryA                                7C801D7B 5 Bytes  JMP 00BF003D 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetStartupInfoW                             7C801E54 5 Bytes  JMP 00BF00B7 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetStartupInfoA                             7C801EF2 5 Bytes  JMP 00BF00A6 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateProcessW                              7C802336 5 Bytes  JMP 00BF0F32 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateProcessA                              7C80236B 5 Bytes  JMP 00BF0F43 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!GetProcAddress                              7C80AE40 5 Bytes  JMP 00BF00DC 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!LoadLibraryW                                7C80AEEB 5 Bytes  JMP 00BF0FC0 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateFileW                                 7C810800 5 Bytes  JMP 00BF0FDB 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreatePipe                                  7C81D83F 5 Bytes  JMP 00BF0F7B 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateNamedPipeW                            7C82F0DD 5 Bytes  JMP 00BF002C 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!CreateNamedPipeA                            7C860CDC 5 Bytes  JMP 00BF0011 
.text           C:\WINDOWS\system32\svchost.exe[440] kernel32.dll!WinExec                                     7C86250D 5 Bytes  JMP 00BF0F54 
.text           C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyExW                               77DA6AAF 5 Bytes  JMP 00BE0F9E 
.text           C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyExW                             77DA776C 5 Bytes  JMP 00BE0F57 
.text           C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyExA                               77DA7852 5 Bytes  JMP 00BE0FC3 
.text           C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyW                                 77DA7946 5 Bytes  JMP 00BE0FD4 
.text           C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyExA                             77DAE9F4 5 Bytes  JMP 00BE0F68 
.text           C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegOpenKeyA                                 77DAEFC8 5 Bytes  JMP 00BE0FEF 
.text           C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyW                               77DCBA55 5 Bytes  JMP 00BE0014 
.text           C:\WINDOWS\system32\svchost.exe[440] ADVAPI32.dll!RegCreateKeyA                               77DCBCF3 5 Bytes  JMP 00BE0F8D 
.text           C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_wsystem                                      77BF931E 5 Bytes  JMP 00BD0FA6 
.text           C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!system                                        77BF93C7 5 Bytes  JMP 00BD0FB7 
.text           C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_creat                                        77BFD40F 5 Bytes  JMP 00BD0FD2 
.text           C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_open                                         77BFF566 5 Bytes  JMP 00BD0000 
.text           C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_wcreat                                       77BFFC9B 5 Bytes  JMP 00BD0027 
.text           C:\WINDOWS\system32\svchost.exe[440] msvcrt.dll!_wopen                                        77C00055 5 Bytes  JMP 00BD0FEF 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileA                                7C801A28 5 Bytes  JMP 00070FE5 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtectEx                           7C801A61 5 Bytes  JMP 00070056 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!VirtualProtect                             7C801AD4 5 Bytes  JMP 00070045 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExW                             7C801AF5 5 Bytes  JMP 00070F6B 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryExA                             7C801D53 5 Bytes  JMP 00070F7C 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryA                               7C801D7B 5 Bytes  JMP 00070F97 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetStartupInfoW                            7C801E54 5 Bytes  JMP 00070F29 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetStartupInfoA                            7C801EF2 5 Bytes  JMP 00070071 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessW                             7C802336 5 Bytes  JMP 00070F0E 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateProcessA                             7C80236B 5 Bytes  JMP 000700A7 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!GetProcAddress                             7C80AE40 5 Bytes  JMP 00070EF3 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!LoadLibraryW                               7C80AEEB 5 Bytes  JMP 00070028 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateFileW                                7C810800 5 Bytes  JMP 00070FD4 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreatePipe                                 7C81D83F 5 Bytes  JMP 00070F46 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateNamedPipeW                           7C82F0DD 5 Bytes  JMP 00070FB2 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!CreateNamedPipeA                           7C860CDC 5 Bytes  JMP 00070FC3 
.text           C:\WINDOWS\system32\services.exe[824] kernel32.dll!WinExec                                    7C86250D 5 Bytes  JMP 0007008C 
.text           C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyExW                              77DA6AAF 5 Bytes  JMP 00060FCA 
.text           C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyExW                            77DA776C 5 Bytes  JMP 00060073 
.text           C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyExA                              77DA7852 5 Bytes  JMP 00060FDB 
.text           C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyW                                77DA7946 5 Bytes  JMP 0006001B 
.text           C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyExA                            77DAE9F4 5 Bytes  JMP 00060058 
.text           C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegOpenKeyA                                77DAEFC8 5 Bytes  JMP 0006000A 
.text           C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyW                              77DCBA55 5 Bytes  JMP 00060047 
.text           C:\WINDOWS\system32\services.exe[824] ADVAPI32.dll!RegCreateKeyA                              77DCBCF3 5 Bytes  JMP 00060036 
.text           C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_wsystem                                     77BF931E 5 Bytes  JMP 00050F7F 
.text           C:\WINDOWS\system32\services.exe[824] msvcrt.dll!system                                       77BF93C7 5 Bytes  JMP 00050F90 
.text           C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_creat                                       77BFD40F 5 Bytes  JMP 00050000 
.text           C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_open                                        77BFF566 5 Bytes  JMP 00050FEF 
.text           C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_wcreat                                      77BFFC9B 5 Bytes  JMP 00050FAB 
.text           C:\WINDOWS\system32\services.exe[824] msvcrt.dll!_wopen                                       77C00055 5 Bytes  JMP 00050FC6 
.text           C:\WINDOWS\system32\services.exe[824] WS2_32.dll!socket                                       71A14211 5 Bytes  JMP 00040000 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateFileA                                   7C801A28 5 Bytes  JMP 00F90000 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtectEx                              7C801A61 5 Bytes  JMP 00F9009A 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!VirtualProtect                                7C801AD4 5 Bytes  JMP 00F9007F 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryExW                                7C801AF5 5 Bytes  JMP 00F90062 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryExA                                7C801D53 5 Bytes  JMP 00F90051 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryA                                  7C801D7B 5 Bytes  JMP 00F90FC0 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetStartupInfoW                               7C801E54 5 Bytes  JMP 00F900BF 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetStartupInfoA                               7C801EF2 5 Bytes  JMP 00F90F6D 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessW                                7C802336 5 Bytes  JMP 00F90F26 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateProcessA                                7C80236B 5 Bytes  JMP 00F90F41 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!GetProcAddress                                7C80AE40 5 Bytes  JMP 00F900E4 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!LoadLibraryW                                  7C80AEEB 5 Bytes  JMP 00F90FAF 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateFileW                                   7C810800 5 Bytes  JMP 00F90FE5 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreatePipe                                    7C81D83F 5 Bytes  JMP 00F90F8A 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateNamedPipeW                              7C82F0DD 5 Bytes  JMP 00F9002C 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!CreateNamedPipeA                              7C860CDC 5 Bytes  JMP 00F9001B 
.text           C:\WINDOWS\system32\lsass.exe[836] kernel32.dll!WinExec                                       7C86250D 5 Bytes  JMP 00F90F5C 
.text           C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyExW                                 77DA6AAF 5 Bytes  JMP 00F80040 
.text           C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyExW                               77DA776C 5 Bytes  JMP 00F80080 
.text           C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyExA                                 77DA7852 5 Bytes  JMP 00F80025 
.text           C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyW                                   77DA7946 5 Bytes  JMP 00F80FE5 
.text           C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyExA                               77DAE9F4 5 Bytes  JMP 00F80FB9 
.text           C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegOpenKeyA                                   77DAEFC8 5 Bytes  JMP 00F80000 
.text           C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyW                                 77DCBA55 5 Bytes  JMP 00F80065 
.text           C:\WINDOWS\system32\lsass.exe[836] ADVAPI32.dll!RegCreateKeyA                                 77DCBCF3 5 Bytes  JMP 00F80FD4 
.text           C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_wsystem                                        77BF931E 5 Bytes  JMP 00F7002E 
.text           C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!system                                          77BF93C7 5 Bytes  JMP 00F7001D 
.text           C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_creat                                          77BFD40F 5 Bytes  JMP 00F70FC8 
.text           C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_open                                           77BFF566 5 Bytes  JMP 00F70000 
.text           C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_wcreat                                         77BFFC9B 5 Bytes  JMP 00F70FAD 
.text           C:\WINDOWS\system32\lsass.exe[836] msvcrt.dll!_wopen                                          77C00055 5 Bytes  JMP 00F70FE3 
.text           C:\WINDOWS\system32\lsass.exe[836] WS2_32.dll!socket                                          71A14211 5 Bytes  JMP 00F60FEF 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateFileA                                 7C801A28 5 Bytes  JMP 00F80000 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!VirtualProtectEx                            7C801A61 5 Bytes  JMP 00F80F7C 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!VirtualProtect                              7C801AD4 5 Bytes  JMP 00F80071 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExW                              7C801AF5 5 Bytes  JMP 00F80F8D 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExA                              7C801D53 5 Bytes  JMP 00F80FA8 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryA                                7C801D7B 5 Bytes  JMP 00F80040 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetStartupInfoW                             7C801E54 5 Bytes  JMP 00F80F57 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetStartupInfoA                             7C801EF2 5 Bytes  JMP 00F8009D 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessW                              7C802336 5 Bytes  JMP 00F800F0 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessA                              7C80236B 5 Bytes  JMP 00F800DF 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetProcAddress                              7C80AE40 5 Bytes  JMP 00F80101 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryW                                7C80AEEB 5 Bytes  JMP 00F80FB9 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateFileW                                 7C810800 5 Bytes  JMP 00F80FE5 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreatePipe                                  7C81D83F 5 Bytes  JMP 00F8008C 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateNamedPipeW                            7C82F0DD 5 Bytes  JMP 00F80FD4 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateNamedPipeA                            7C860CDC 5 Bytes  JMP 00F8001B 
.text           C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!WinExec                                     7C86250D 5 Bytes  JMP 00F800C4 
.text           C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExW                               77DA6AAF 5 Bytes  JMP 00F70FCD 
.text           C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExW                             77DA776C 5 Bytes  JMP 00F70065 
.text           C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExA                               77DA7852 5 Bytes  JMP 00F70014 
.text           C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyW                                 77DA7946 5 Bytes  JMP 00F70FDE 
.text           C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExA                             77DAE9F4 5 Bytes  JMP 00F70FA8 
.text           C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyA                                 77DAEFC8 5 Bytes  JMP 00F70FEF 
.text           C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyW                               77DCBA55 5 Bytes  JMP 00F70054 
.text           C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyA                               77DCBCF3 5 Bytes  JMP 00F70039 
.text           C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_wsystem                                      77BF931E 5 Bytes  JMP 00F6003A 
.text           C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!system                                        77BF93C7 5 Bytes  JMP 00F60029 
.text           C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_creat                                        77BFD40F 5 Bytes  JMP 00F60FD4 
.text           C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_open                                         77BFF566 5 Bytes  JMP 00F60FEF 
.text           C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_wcreat                                       77BFFC9B 5 Bytes  JMP 00F60FC3 
.text           C:\WINDOWS\system32\svchost.exe[984] msvcrt.dll!_wopen                                        77C00055 5 Bytes  JMP 00F6000C 
.text           C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!socket                                        71A14211 5 Bytes  JMP 00F50FEF 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA                                7C801A28 5 Bytes  JMP 00CA0000 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx                           7C801A61 5 Bytes  JMP 00CA0F48 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect                             7C801AD4 5 Bytes  JMP 00CA0F59 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW                             7C801AF5 5 Bytes  JMP 00CA003D 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA                             7C801D53 5 Bytes  JMP 00CA0F80 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA                               7C801D7B 5 Bytes  JMP 00CA0FB6 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW                            7C801E54 5 Bytes  JMP 00CA007F 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA                            7C801EF2 5 Bytes  JMP 00CA0F37 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW                             7C802336 5 Bytes  JMP 00CA00D0 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA                             7C80236B 5 Bytes  JMP 00CA00BF 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress                             7C80AE40 5 Bytes  JMP 00CA0F1C 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW                               7C80AEEB 5 Bytes  JMP 00CA0F91 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW                                7C810800 5 Bytes  JMP 00CA0011 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreatePipe                                 7C81D83F 5 Bytes  JMP 00CA0058 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW                           7C82F0DD 5 Bytes  JMP 00CA0FD1 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA                           7C860CDC 5 Bytes  JMP 00CA0022 
.text           C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec                                    7C86250D 5 Bytes  JMP 00CA00A4 
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW                              77DA6AAF 5 Bytes  JMP 00C9001B 
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW                            77DA776C 5 Bytes  JMP 00C90F72 
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA                              77DA7852 5 Bytes  JMP 00C90FD4 
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW                                77DA7946 5 Bytes  JMP 00C9000A 
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA                            77DAE9F4 5 Bytes  JMP 00C90F8D 
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA                                77DAEFC8 5 Bytes  JMP 00C90FEF 
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW                              77DCBA55 2 Bytes  JMP 00C90F9E 
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW + 3                          77DCBA58 2 Bytes  [EC, 88]
.text           C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA                              77DCBCF3 5 Bytes  JMP 00C90FAF 
.text           C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wsystem                                     77BF931E 5 Bytes  JMP 00C80040 
.text           C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!system                                       77BF93C7 5 Bytes  JMP 00C80FB5 
.text           C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_creat                                       77BFD40F 5 Bytes  JMP 00C80FC6 
.text           C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_open                                        77BFF566 3 Bytes  JMP 00C80FE3 
.text           C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_open + 4                                    77BFF56A 1 Byte  [89]
.text           C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wcreat                                      77BFFC9B 5 Bytes  JMP 00C8001B 
.text           C:\WINDOWS\system32\svchost.exe[1068] msvcrt.dll!_wopen                                       77C00055 5 Bytes  JMP 00C80000 
.text           C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!socket                                       71A14211 5 Bytes  JMP 00C70000 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateFileA                                7C801A28 5 Bytes  JMP 02020000 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!VirtualProtectEx                           7C801A61 5 Bytes  JMP 0202007F 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!VirtualProtect                             7C801AD4 5 Bytes  JMP 02020064 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExW                             7C801AF5 5 Bytes  JMP 02020053 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryExA                             7C801D53 5 Bytes  JMP 02020F8A 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryA                               7C801D7B 5 Bytes  JMP 02020FA5 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!GetStartupInfoW                            7C801E54 5 Bytes  JMP 02020F59 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!GetStartupInfoA                            7C801EF2 5 Bytes  JMP 020200A1 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateProcessW                             7C802336 5 Bytes  JMP 020200E8 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateProcessA                             7C80236B 5 Bytes  JMP 020200CD 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!GetProcAddress                             7C80AE40 5 Bytes  JMP 02020103 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!LoadLibraryW                               7C80AEEB 5 Bytes  JMP 0202002C 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateFileW                                7C810800 5 Bytes  JMP 02020FE5 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreatePipe                                 7C81D83F 5 Bytes  JMP 02020090 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateNamedPipeW                           7C82F0DD 5 Bytes  JMP 0202001B 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!CreateNamedPipeA                           7C860CDC 5 Bytes  JMP 02020FCA 
.text           C:\WINDOWS\System32\svchost.exe[1120] kernel32.dll!WinExec                                    7C86250D 5 Bytes  JMP 020200BC 
.text           C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExW                              77DA6AAF 5 Bytes  JMP 02010025 
.text           C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExW                            77DA776C 5 Bytes  JMP 02010F8D 
.text           C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyExA                              77DA7852 5 Bytes  JMP 02010FD4 
.text           C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyW                                77DA7946 5 Bytes  JMP 02010014 
.text           C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyExA                            77DAE9F4 5 Bytes  JMP 02010F9E 
.text           C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegOpenKeyA                                77DAEFC8 5 Bytes  JMP 02010FEF 
.text           C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyW                              77DCBA55 5 Bytes  JMP 0201004A 
.text           C:\WINDOWS\System32\svchost.exe[1120] ADVAPI32.dll!RegCreateKeyA                              77DCBCF3 5 Bytes  JMP 02010FB9 
.text           C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!_wsystem                                     77BF931E 5 Bytes  JMP 01EC0F9C 
.text           C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!system                                       77BF93C7 5 Bytes  JMP 01EC0031 
.text           C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!_creat                                       77BFD40F 5 Bytes  JMP 01EC000C 
.text           C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!_open                                        77BFF566 5 Bytes  JMP 01EC0FE3 
.text           C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!_wcreat                                      77BFFC9B 5 Bytes  JMP 01EC0FB7 
.text           C:\WINDOWS\System32\svchost.exe[1120] msvcrt.dll!_wopen                                       77C00055 5 Bytes  JMP 01EC0FD2 
.text           C:\WINDOWS\System32\svchost.exe[1120] WS2_32.dll!socket                                       71A14211 5 Bytes  JMP 01A70FEF 
.text           C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenW                               7718AF61 5 Bytes  JMP 01A90000 
.text           C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenA                               771957AE 5 Bytes  JMP 01A90FEF 
.text           C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenUrlA                            77195A7A 5 Bytes  JMP 01A90011 
.text           C:\WINDOWS\System32\svchost.exe[1120] WININET.dll!InternetOpenUrlW                            771A5BB2 5 Bytes  JMP 01A9002E 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileA                                7C801A28 5 Bytes  JMP 00810FEF 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtectEx                           7C801A61 5 Bytes  JMP 00810F3C 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!VirtualProtect                             7C801AD4 5 Bytes  JMP 00810F57 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExW                             7C801AF5 5 Bytes  JMP 00810F68 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryExA                             7C801D53 5 Bytes  JMP 00810F79 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryA                               7C801D7B 5 Bytes  JMP 00810FA5 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoW                            7C801E54 5 Bytes  JMP 00810F15 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetStartupInfoA                            7C801EF2 5 Bytes  JMP 00810067 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessW                             7C802336 5 Bytes  JMP 00810EFA 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessA                             7C80236B 5 Bytes  JMP 00810093 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!GetProcAddress                             7C80AE40 5 Bytes  JMP 00810EDF 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!LoadLibraryW                               7C80AEEB 5 Bytes  JMP 00810F8A 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateFileW                                7C810800 5 Bytes  JMP 00810000 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreatePipe                                 7C81D83F 5 Bytes  JMP 0081004C 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW                           7C82F0DD 5 Bytes  JMP 00810FC0 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA                           7C860CDC 5 Bytes  JMP 00810011 
.text           C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!WinExec                                    7C86250D 5 Bytes  JMP 00810078 
.text           C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW                              77DA6AAF 5 Bytes  JMP 00800036 
.text           C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW                            77DA776C 5 Bytes  JMP 00800073 
.text           C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA                              77DA7852 5 Bytes  JMP 00800025 
.text           C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW                                77DA7946 5 Bytes  JMP 00800FEF 
.text           C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA                            77DAE9F4 5 Bytes  JMP 00800062 
.text           C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA                                77DAEFC8 5 Bytes  JMP 0080000A 
.text           C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW                              77DCBA55 5 Bytes  JMP 00800051 
.text           C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA                              77DCBCF3 5 Bytes  JMP 00800FCA 
.text           C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_wsystem                                     77BF931E 5 Bytes  JMP 007F0FB2 
.text           C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!system                                       77BF93C7 5 Bytes  JMP 007F0FC3 
.text           C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_creat                                       77BFD40F 5 Bytes  JMP 007F0033 
.text           C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_open                                        77BFF566 5 Bytes  JMP 007F0000 
.text           C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_wcreat                                      77BFFC9B 5 Bytes  JMP 007F0FDE 
.text           C:\WINDOWS\system32\svchost.exe[1224] msvcrt.dll!_wopen                                       77C00055 5 Bytes  JMP 007F0FEF 
.text           C:\WINDOWS\system32\svchost.exe[1224] WS2_32.dll!socket                                       71A14211 5 Bytes  JMP 007E0FEF 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileA                                7C801A28 5 Bytes  JMP 00B20FEF 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx                           7C801A61 5 Bytes  JMP 00B20067 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtect                             7C801AD4 5 Bytes  JMP 00B2004C 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW                             7C801AF5 5 Bytes  JMP 00B20F72 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA                             7C801D53 5 Bytes  JMP 00B20F83 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA                               7C801D7B 5 Bytes  JMP 00B20FAF 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW                            7C801E54 5 Bytes  JMP 00B20F46 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA                            7C801EF2 5 Bytes  JMP 00B20082 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW                             7C802336 5 Bytes  JMP 00B20F06 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA                             7C80236B 5 Bytes  JMP 00B2009F 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetProcAddress                             7C80AE40 5 Bytes  JMP 00B20EEB 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW                               7C80AEEB 5 Bytes  JMP 00B20F9E 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileW                                7C810800 5 Bytes  JMP 00B2000A 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreatePipe                                 7C81D83F 5 Bytes  JMP 00B20F57 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW                           7C82F0DD 5 Bytes  JMP 00B20025 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA                           7C860CDC 5 Bytes  JMP 00B20FD4 
.text           C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WinExec                                    7C86250D 5 Bytes  JMP 00B20F21 
.text           C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW                              77DA6AAF 5 Bytes  JMP 00B10FCA 
.text           C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW                            77DA776C 5 Bytes  JMP 00B10F94 
.text           C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA                              77DA7852 5 Bytes  JMP 00B10FE5 
.text           C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW                                77DA7946 5 Bytes  JMP 00B1001B 
.text           C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA                            77DAE9F4 5 Bytes  JMP 00B10051 
.text           C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA                                77DAEFC8 5 Bytes  JMP 00B10000 
.text           C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW                              77DCBA55 5 Bytes  JMP 00B10040 
.text           C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA                              77DCBCF3 5 Bytes  JMP 00B10FB9 
.text           C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wsystem                                     77BF931E 5 Bytes  JMP 00B00F9A 
.text           C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!system                                       77BF93C7 5 Bytes  JMP 00B00FAB 
.text           C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_creat                                       77BFD40F 5 Bytes  JMP 00B0001B 
.text           C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_open                                        77BFF566 5 Bytes  JMP 00B00000 
.text           C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wcreat                                      77BFFC9B 5 Bytes  JMP 00B00FC6 
.text           C:\WINDOWS\system32\svchost.exe[1280] msvcrt.dll!_wopen                                       77C00055 5 Bytes  JMP 00B00FE3 
.text           C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!socket                                       71A14211 5 Bytes  JMP 006C000A 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileA                                7C801A28 5 Bytes  JMP 00AA0FE5 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtectEx                           7C801A61 5 Bytes  JMP 00AA0F52 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtect                             7C801AD4 5 Bytes  JMP 00AA0F63 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW                             7C801AF5 5 Bytes  JMP 00AA0F7E 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExA                             7C801D53 5 Bytes  JMP 00AA0047 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA                               7C801D7B 5 Bytes  JMP 00AA0FAF 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoW                            7C801E54 5 Bytes  JMP 00AA0090 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoA                            7C801EF2 5 Bytes  JMP 00AA007F 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessW                             7C802336 5 Bytes  JMP 00AA0F01 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessA                             7C80236B 5 Bytes  JMP 00AA0F12 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetProcAddress                             7C80AE40 5 Bytes  JMP 00AA00B5 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryW                               7C80AEEB 5 Bytes  JMP 00AA0036 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileW                                7C810800 5 Bytes  JMP 00AA000A 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreatePipe                                 7C81D83F 5 Bytes  JMP 00AA0062 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeW                           7C82F0DD 5 Bytes  JMP 00AA001B 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeA                           7C860CDC 5 Bytes  JMP 00AA0FCA 
.text           C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!WinExec                                    7C86250D 5 Bytes  JMP 00AA0F2D 
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExW                              77DA6AAF 3 Bytes  JMP 00660025 
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExW + 4                          77DA6AB3 1 Byte  [88]
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExW                            77DA776C 3 Bytes  JMP 00660F97 
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExW + 4                        77DA7770 1 Byte  [88]
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExA                              77DA7852 3 Bytes  JMP 00660014 
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExA + 4                          77DA7856 1 Byte  [88]
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyW                                77DA7946 3 Bytes  JMP 00660FD4 
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyW + 4                            77DA794A 1 Byte  [88]
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExA                            77DAE9F4 3 Bytes  JMP 00660054 
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExA + 4                        77DAE9F8 1 Byte  [88]
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA                                77DAEFC8 3 Bytes  JMP 00660FE5 
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA + 4                            77DAEFCC 1 Byte  [88]
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW                              77DCBA55 2 Bytes  JMP 00660FB2 
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW + 3                          77DCBA58 2 Bytes  [89, 88]
.text           C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyA                              77DCBCF3 5 Bytes  JMP 00660FC3 
.text           C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wsystem                                     77BF931E 5 Bytes  JMP 00650FCA 
.text           C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!system                                       77BF93C7 5 Bytes  JMP 00650055 
.text           C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_creat                                       77BFD40F 5 Bytes  JMP 00650029 
.text           C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_open                                        77BFF566 5 Bytes  JMP 00650000 
.text           C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wcreat                                      77BFFC9B 5 Bytes  JMP 00650044 
.text           C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wopen                                       77C00055 5 Bytes  JMP 00650FEF 
.text           C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenW                               7718AF61 5 Bytes  JMP 00640025 
.text           C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenA                               771957AE 5 Bytes  JMP 0064000A 
.text           C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenUrlA                            77195A7A 5 Bytes  JMP 00640036 
.text           C:\WINDOWS\system32\svchost.exe[1576] WININET.dll!InternetOpenUrlW                            771A5BB2 5 Bytes  JMP 00640FD9 
.text           C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!socket                                       71A14211 5 Bytes  JMP 0063000A 
.text           c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe[1912] kernel32.dll!LoadLibraryA               7C801D7B 5 Bytes  JMP 0041C340 c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text           c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe[1912] kernel32.dll!LoadLibraryW               7C80AEEB 5 Bytes  JMP 0041C3C0 c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!CreateFileA                                        7C801A28 5 Bytes  JMP 001A0FE5 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!VirtualProtectEx                                   7C801A61 5 Bytes  JMP 001A0F30 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!VirtualProtect                                     7C801AD4 5 Bytes  JMP 001A0F4B 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!LoadLibraryExW                                     7C801AF5 5 Bytes  JMP 001A0025 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!LoadLibraryExA                                     7C801D53 5 Bytes  JMP 001A0F72 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!LoadLibraryA                                       7C801D7B 5 Bytes  JMP 001A0F9E 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!GetStartupInfoW                                    7C801E54 5 Bytes  JMP 001A0060 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!GetStartupInfoA                                    7C801EF2 5 Bytes  JMP 001A0F0E 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!CreateProcessW                                     7C802336 5 Bytes  JMP 001A0ED1 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!CreateProcessA                                     7C80236B 5 Bytes  JMP 001A0EEC 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!GetProcAddress                                     7C80AE40 5 Bytes  JMP 001A0085 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!LoadLibraryW                                       7C80AEEB 5 Bytes  JMP 001A0F83 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!CreateFileW                                        7C810800 5 Bytes  JMP 001A0000 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!CreatePipe                                         7C81D83F 5 Bytes  JMP 001A0F1F 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!CreateNamedPipeW                                   7C82F0DD 5 Bytes  JMP 001A0FAF 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!CreateNamedPipeA                                   7C860CDC 5 Bytes  JMP 001A0FCA 
.text           C:\WINDOWS\explorer.exe[1968] kernel32.dll!WinExec                                            7C86250D 5 Bytes  JMP 001A0EFD 
.text           C:\WINDOWS\explorer.exe[1968] ADVAPI32.dll!RegOpenKeyExW                                      77DA6AAF 5 Bytes  JMP 00290FC0 
.text           C:\WINDOWS\explorer.exe[1968] ADVAPI32.dll!RegCreateKeyExW                                    77DA776C 5 Bytes  JMP 00290051 
.text           C:\WINDOWS\explorer.exe[1968] ADVAPI32.dll!RegOpenKeyExA                                      77DA7852 5 Bytes  JMP 00290011 
.text           C:\WINDOWS\explorer.exe[1968] ADVAPI32.dll!RegOpenKeyW                                        77DA7946 5 Bytes  JMP 00290000 
.text           C:\WINDOWS\explorer.exe[1968] ADVAPI32.dll!RegCreateKeyExA                                    77DAE9F4 5 Bytes  JMP 00290F94 
.text           C:\WINDOWS\explorer.exe[1968] ADVAPI32.dll!RegOpenKeyA                                        77DAEFC8 5 Bytes  JMP 00290FE5 
.text           C:\WINDOWS\explorer.exe[1968] ADVAPI32.dll!RegCreateKeyW                                      77DCBA55 2 Bytes  JMP 00290FA5 
.text           C:\WINDOWS\explorer.exe[1968] ADVAPI32.dll!RegCreateKeyW + 3                                  77DCBA58 2 Bytes  [4C, 88]
.text           C:\WINDOWS\explorer.exe[1968] ADVAPI32.dll!RegCreateKeyA                                      77DCBCF3 5 Bytes  JMP 00290036 
.text           C:\WINDOWS\explorer.exe[1968] msvcrt.dll!_wsystem                                             77BF931E 5 Bytes  JMP 002A002C 
.text           C:\WINDOWS\explorer.exe[1968] msvcrt.dll!system                                               77BF93C7 5 Bytes  JMP 002A0FA1 
.text           C:\WINDOWS\explorer.exe[1968] msvcrt.dll!_creat                                               77BFD40F 5 Bytes  JMP 002A0FC6 
.text           C:\WINDOWS\explorer.exe[1968] msvcrt.dll!_open                                                77BFF566 5 Bytes  JMP 002A0FE3 
.text           C:\WINDOWS\explorer.exe[1968] msvcrt.dll!_wcreat                                              77BFFC9B 5 Bytes  JMP 002A001B 
.text           C:\WINDOWS\explorer.exe[1968] msvcrt.dll!_wopen                                               77C00055 5 Bytes  JMP 002A0000 
.text           C:\WINDOWS\explorer.exe[1968] WININET.dll!InternetOpenW                                       7718AF61 5 Bytes  JMP 002C0FEF 
.text           C:\WINDOWS\explorer.exe[1968] WININET.dll!InternetOpenA                                       771957AE 5 Bytes  JMP 002C0000 
.text           C:\WINDOWS\explorer.exe[1968] WININET.dll!InternetOpenUrlA                                    77195A7A 5 Bytes  JMP 002C001B 
.text           C:\WINDOWS\explorer.exe[1968] WININET.dll!InternetOpenUrlW                                    771A5BB2 5 Bytes  JMP 002C0038 
.text           C:\WINDOWS\explorer.exe[1968] WS2_32.dll!socket                                               71A14211 5 Bytes  JMP 017C0FEF 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             cpqarray.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                 8639D940
IAT             cpqarray.sys[SCSIPORT.SYS!ScsiPortNotification]                                               8639D950
IAT             aha154x.sys[SCSIPORT.SYS!ScsiPortNotification]                                                8639D588
IAT             aha154x.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                  8639D578
IAT             aic78xx.sys[SCSIPORT.SYS!ScsiPortNotification]                                                863D4A08
IAT             aic78xx.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                  863D49F8
IAT             dac960nt.sys[SCSIPORT.SYS!ScsiPortNotification]                                               863D4640
IAT             dac960nt.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                 863D4630
IAT             ql10wnt.sys[SCSIPORT.SYS!ScsiPortNotification]                                                8639C018
IAT             ql10wnt.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                  8639C008
IAT             amsint.sys[SCSIPORT.SYS!ScsiPortNotification]                                                 8639CD50
IAT             amsint.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                   8639CD40
IAT             i2omp.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                    863D3CC0
IAT             i2omp.sys[SCSIPORT.SYS!ScsiPortNotification]                                                  863D3CD0
IAT             ini910u.sys[SCSIPORT.SYS!ScsiPortNotification]                                                863D3908
IAT             ini910u.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                  863D38F8
IAT             ql1240.sys[SCSIPORT.SYS!ScsiPortNotification]                                                 863D3540
IAT             ql1240.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                   863D3530
IAT             aic78u2.sys[SCSIPORT.SYS!ScsiPortNotification]                                                863D3178
IAT             aic78u2.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                  863D3168
IAT             ABP480N5.SYS[SCSIPORT.SYS!ScsiPortNotification]                                               8639B1F8
IAT             ABP480N5.SYS[SCSIPORT.SYS!ScsiPortInitialize]                                                 8639B1E8
IAT             asc3350p.sys[SCSIPORT.SYS!ScsiPortNotification]                                               863D2018
IAT             asc3350p.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                 863D2008
IAT             cd20xrnt.sys[SCSIPORT.SYS!ScsiPortNotification]                                               863D2C50
IAT             cd20xrnt.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                 863D2C40
IAT             adpu160m.sys[SCSIPORT.SYS!ScsiPortNotification]                                               863D24C0
IAT             adpu160m.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                 863D24B0
IAT             dpti2o.sys[SCSIPORT.SYS!ScsiPortNotification]                                                 8639A018
IAT             dpti2o.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                   8639A008
IAT             perc2.sys[SCSIPORT.SYS!ScsiPortNotification]                                                  863D1018
IAT             perc2.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                    863D1008
IAT             hpn.sys[SCSIPORT.SYS!ScsiPortNotification]                                                    863D1D50
IAT             hpn.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                      863D1D40
IAT             cbidf2k.sys[SCSIPORT.SYS!ScsiPortNotification]                                                863D1988
IAT             cbidf2k.sys[SCSIPORT.SYS!ScsiPortInitialize]                                                  863D1978

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                        8632C030

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                        mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device          \FileSystem\Fastfat \FatCdrom                                                                 8535D9A0

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                      Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                       SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                       SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                     Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device          \Driver\Cdrom \Device\CdRom0                                                                  8616D9E0
Device          \FileSystem\Rdbss \Device\FsWrap                                                              853683C8
Device          \Driver\Cdrom \Device\CdRom2                                                                  8616D9E0
Device          \Driver\USBSTOR \Device\000000c0                                                              83C5E1C8
Device          \Driver\USBSTOR \Device\000000c1                                                              83C5E1C8
Device          \Driver\USBSTOR \Device\000000c2                                                              83C5E1C8
Device          \FileSystem\Srv \Device\LanmanServer                                                          85B43300

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                     Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                   Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device          \Driver\USBSTOR \Device\000000ac                                                              83C5E1C8
Device          \Driver\USBSTOR \Device\000000ad                                                              83C5E1C8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                             85362258
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                   85362258
Device          \FileSystem\Npfs \Device\NamedPipe                                                            853B6E90
Device          \FileSystem\Msfs \Device\Mailslot                                                             8636D298
Device          \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0                                    8616DAE8
Device          \Driver\d347prt \Device\Scsi\d347prt1                                                         8616DAE8
Device          \FileSystem\Fastfat \Fat                                                                      8535D9A0

AttachedDevice  \FileSystem\Fastfat \Fat                                                                      fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                      mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                            863442F0
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                             863442F0
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                 863442F0
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                              863442F0
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                             863442F0
Device          \FileSystem\Cdfs \Cdfs                                                                        85319A98

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh                                0x20 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0                               0x3A 0x25 0xAE 0xEE ...

---- EOF - GMER 1.0.15 ----

das mit OSAM hat nicht funktioniert, wenn ich die osam.exe ausführe zeigt mir winrar zwei Fehlermeldungen an und "osam.exe konnte nicht gefunden werden, weil ToolkitPro1211vc80U.dll nicht gefunden wurde. Was ist das?

MfG

cosinus · 28.02.2012, 11:01

Zitat:

das mit OSAM hat nicht funktioniert, wenn ich die osam.exe ausführe

Das Archiv osam.rar muss vorher in ein separates Verzeichnis entpackt werden! Und das Entpacken funktioniert mW nur mit WinRAR oder 7zip!
Genau diese Fehler hättest du nicht gehabt, wenn du dich an die Hinweise gehalten hättest.

curry36 · 28.02.2012, 14:00

ich hatte doch extra winrar runtergeladen zur Benutzung von OSAM, und winrar zeigte mir diesen Fehler an!

cosinus · 28.02.2012, 15:33

Das RAR-Archiv muss per Rechtsklick => Entpacken nach osam... entpackt werden!
Man darf die OSAM.exe nicht aus WinRAR direkt starten!

24.02.2012, 20:58	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner/Virus -zeigt sich durch Ordner auf externen Festplatte die als Verknüpfung angezeigt werden Brich es ggf ab und mach den Fix im abgesicherten Modus __________________ Logfiles bitte immer in CODE-Tags posten

25.02.2012, 00:40	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner/Virus -zeigt sich durch Ordner auf externen Festplatte die als Verknüpfung angezeigt werden Doch immer mit einem Konto mit Adminrechten alles machen! Sonst kann man nicht alles entfernen! __________________ __________________

28.02.2012, 15:33	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner/Virus -zeigt sich durch Ordner auf externen Festplatte die als Verknüpfung angezeigt werden Das RAR-Archiv muss per Rechtsklick => Entpacken nach osam... entpackt werden! Man darf die OSAM.exe nicht aus WinRAR direkt starten! __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner/Virus -zeigt sich durch Ordner auf externen Festplatte die als Verknüpfung angezeigt werden

Log-Analyse und Auswertung: Trojaner/Virus -zeigt sich durch Ordner auf externen Festplatte die als Verknüpfung angezeigt werden