| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.VShareRedirWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.10.2012, 15:26
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  PUP.VShareRedir Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.10.2012, 12:14
| #17 |
 | PUP.VShareRedirCode:
ATTFilter 13:12:20.0078 3056 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
13:12:20.0875 3056 ============================================================
13:12:20.0875 3056 Current date / time: 2012/10/21 13:12:20.0875
13:12:20.0875 3056 SystemInfo:
13:12:20.0875 3056
13:12:20.0875 3056 OS Version: 5.1.2600 ServicePack: 3.0
13:12:20.0875 3056 Product type: Workstation
13:12:20.0875 3056 ComputerName: PC1
13:12:20.0875 3056 UserName: Steffen
13:12:20.0875 3056 Windows directory: C:\WINDOWS
13:12:20.0875 3056 System windows directory: C:\WINDOWS
13:12:20.0875 3056 Processor architecture: Intel x86
13:12:20.0875 3056 Number of processors: 2
13:12:20.0875 3056 Page size: 0x1000
13:12:20.0875 3056 Boot type: Normal boot
13:12:20.0875 3056 ============================================================
13:12:21.0765 3056 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:12:21.0765 3056 ============================================================
13:12:21.0765 3056 \Device\Harddisk0\DR0:
13:12:21.0781 3056 MBR partitions:
13:12:21.0781 3056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F
13:12:21.0781 3056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC7FF57E, BlocksNum 0x18C2E143
13:12:21.0781 3056 ============================================================
13:12:21.0796 3056 C: <-> \Device\Harddisk0\DR0\Partition1
13:12:21.0843 3056 Z: <-> \Device\Harddisk0\DR0\Partition2
13:12:21.0843 3056 ============================================================
13:12:21.0843 3056 Initialize success
13:12:21.0843 3056 ============================================================
13:13:13.0390 2524 ============================================================
13:13:13.0390 2524 Scan started
13:13:13.0390 2524 Mode: Manual; SigCheck; TDLFS;
13:13:13.0390 2524 ============================================================
13:13:13.0953 2524 ================ Scan system memory ========================
13:13:13.0953 2524 System memory - ok
13:13:13.0953 2524 ================ Scan services =============================
13:13:14.0031 2524 Abiosdsk - ok
13:13:14.0031 2524 abp480n5 - ok
13:13:14.0046 2524 [ 27F954120BABB8A00F8745D8F5BC9B82 ] acedrv11 C:\WINDOWS\system32\drivers\acedrv11.sys
13:13:14.0156 2524 acedrv11 - ok
13:13:14.0171 2524 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:13:14.0796 2524 ACPI - ok
13:13:14.0812 2524 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:13:14.0875 2524 ACPIEC - ok
13:13:14.0890 2524 adpu160m - ok
13:13:14.0906 2524 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:13:14.0984 2524 aec - ok
13:13:15.0015 2524 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:13:15.0046 2524 AFD - ok
13:13:15.0046 2524 Aha154x - ok
13:13:15.0062 2524 aic78u2 - ok
13:13:15.0062 2524 aic78xx - ok
13:13:15.0078 2524 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:13:15.0156 2524 Alerter - ok
13:13:15.0187 2524 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
13:13:15.0250 2524 ALG - ok
13:13:15.0250 2524 AliIde - ok
13:13:15.0250 2524 amsint - ok
13:13:15.0406 2524 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
13:13:15.0406 2524 AntiVirSchedulerService - ok
13:13:15.0437 2524 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:13:15.0453 2524 AntiVirService - ok
13:13:15.0453 2524 asc - ok
13:13:15.0453 2524 asc3350p - ok
13:13:15.0453 2524 asc3550 - ok
13:13:15.0515 2524 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:13:15.0546 2524 aspnet_state - ok
13:13:15.0562 2524 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:13:15.0625 2524 AsyncMac - ok
13:13:15.0656 2524 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:13:15.0718 2524 atapi - ok
13:13:15.0718 2524 Atdisk - ok
13:13:15.0750 2524 [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
13:13:15.0750 2524 atksgt ( UnsignedFile.Multi.Generic ) - warning
13:13:15.0750 2524 atksgt - detected UnsignedFile.Multi.Generic (1)
13:13:15.0765 2524 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:13:15.0828 2524 Atmarpc - ok
13:13:15.0859 2524 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:13:15.0937 2524 AudioSrv - ok
13:13:15.0953 2524 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:13:16.0015 2524 audstub - ok
13:13:16.0015 2524 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:13:16.0031 2524 avgntflt - ok
13:13:16.0046 2524 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:13:16.0046 2524 avipbb - ok
13:13:16.0062 2524 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
13:13:16.0062 2524 avkmgr - ok
13:13:16.0093 2524 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:13:16.0156 2524 Beep - ok
13:13:16.0171 2524 [ BE5D50529799B9BAB6BE879EC768B6CF ] BIOS C:\WINDOWS\system32\drivers\BIOS.sys
13:13:16.0171 2524 BIOS ( UnsignedFile.Multi.Generic ) - warning
13:13:16.0171 2524 BIOS - detected UnsignedFile.Multi.Generic (1)
13:13:16.0203 2524 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
13:13:16.0296 2524 BITS - ok
13:13:16.0328 2524 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
13:13:16.0359 2524 Browser - ok
13:13:16.0359 2524 [ 9383FFA2AAD55F6CA4831ADDD0EDF230 ] BS_I2cIo C:\WINDOWS\system32\drivers\BS_I2cIo.sys
13:13:16.0375 2524 BS_I2cIo ( UnsignedFile.Multi.Generic ) - warning
13:13:16.0375 2524 BS_I2cIo - detected UnsignedFile.Multi.Generic (1)
13:13:16.0406 2524 [ 04E1C782CF14B7282EBC633B0FD3ED16 ] Cardex C:\WINDOWS\system32\drivers\TBPANEL.SYS
13:13:16.0406 2524 Cardex - ok
13:13:16.0421 2524 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:13:16.0500 2524 cbidf2k - ok
13:13:16.0515 2524 cd20xrnt - ok
13:13:16.0531 2524 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:13:16.0593 2524 Cdaudio - ok
13:13:16.0625 2524 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:13:16.0703 2524 Cdfs - ok
13:13:16.0718 2524 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:13:16.0781 2524 Cdrom - ok
13:13:16.0781 2524 [ 970DDDEBAA177AD1F738A24C8D9C0735 ] Ch2kPS2 C:\WINDOWS\system32\DRIVERS\Ch2kPS2.sys
13:13:16.0828 2524 Ch2kPS2 - ok
13:13:16.0828 2524 Changer - ok
13:13:16.0859 2524 [ BB116887D46A2B106846F02E226071BB ] Cherry Device Interface C:\Programme\Cherry\CDI\cdi.exe
13:13:16.0875 2524 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - warning
13:13:16.0875 2524 Cherry Device Interface - detected UnsignedFile.Multi.Generic (1)
13:13:16.0890 2524 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:13:16.0953 2524 CiSvc - ok
13:13:16.0984 2524 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:13:17.0062 2524 ClipSrv - ok
13:13:17.0093 2524 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:13:17.0140 2524 clr_optimization_v2.0.50727_32 - ok
13:13:17.0140 2524 CmdIde - ok
13:13:17.0156 2524 COMSysApp - ok
13:13:17.0156 2524 Cpqarray - ok
13:13:17.0171 2524 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:13:17.0250 2524 CryptSvc - ok
13:13:17.0250 2524 dac2w2k - ok
13:13:17.0250 2524 dac960nt - ok
13:13:17.0281 2524 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:13:17.0343 2524 DcomLaunch - ok
13:13:17.0375 2524 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:13:17.0453 2524 Dhcp - ok
13:13:17.0468 2524 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:13:17.0546 2524 Disk - ok
13:13:17.0546 2524 dmadmin - ok
13:13:17.0562 2524 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:13:17.0656 2524 dmboot - ok
13:13:17.0671 2524 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:13:17.0750 2524 dmio - ok
13:13:17.0765 2524 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:13:17.0828 2524 dmload - ok
13:13:17.0859 2524 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:13:17.0921 2524 dmserver - ok
13:13:17.0937 2524 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:13:18.0015 2524 DMusic - ok
13:13:18.0031 2524 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:13:18.0109 2524 Dnscache - ok
13:13:18.0140 2524 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:13:18.0218 2524 Dot3svc - ok
13:13:18.0218 2524 dpti2o - ok
13:13:18.0234 2524 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:13:18.0312 2524 drmkaud - ok
13:13:18.0328 2524 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:13:18.0390 2524 EapHost - ok
13:13:18.0406 2524 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:13:18.0484 2524 ERSvc - ok
13:13:18.0500 2524 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
13:13:18.0515 2524 Eventlog - ok
13:13:18.0546 2524 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
13:13:18.0578 2524 EventSystem - ok
13:13:18.0609 2524 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:13:18.0718 2524 Fastfat - ok
13:13:18.0734 2524 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:13:18.0765 2524 FastUserSwitchingCompatibility - ok
13:13:18.0781 2524 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:13:18.0843 2524 Fdc - ok
13:13:18.0859 2524 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:13:18.0921 2524 Fips - ok
13:13:18.0921 2524 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:13:19.0000 2524 Flpydisk - ok
13:13:19.0015 2524 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:13:19.0078 2524 FltMgr - ok
13:13:19.0140 2524 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:13:19.0140 2524 FontCache3.0.0.0 - ok
13:13:19.0156 2524 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:13:19.0218 2524 Fs_Rec - ok
13:13:19.0234 2524 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:13:19.0296 2524 Ftdisk - ok
13:13:19.0328 2524 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
13:13:19.0343 2524 giveio ( UnsignedFile.Multi.Generic ) - warning
13:13:19.0343 2524 giveio - detected UnsignedFile.Multi.Generic (1)
13:13:19.0359 2524 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:13:19.0421 2524 Gpc - ok
13:13:19.0468 2524 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
13:13:19.0484 2524 gupdate - ok
13:13:19.0484 2524 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
13:13:19.0500 2524 gupdatem - ok
13:13:19.0515 2524 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
13:13:19.0515 2524 hamachi - ok
13:13:19.0593 2524 [ DA1B48FDE74125128D0D846A3701D344 ] Hamachi2Svc C:\Programme\LogMeIn Hamachi\hamachi-2.exe
13:13:19.0640 2524 Hamachi2Svc - ok
13:13:19.0656 2524 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:13:19.0734 2524 HDAudBus - ok
13:13:19.0765 2524 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:13:19.0828 2524 helpsvc - ok
13:13:19.0859 2524 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:13:19.0921 2524 HidUsb - ok
13:13:19.0968 2524 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:13:20.0031 2524 hkmsvc - ok
13:13:20.0031 2524 hpn - ok
13:13:20.0062 2524 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:13:20.0109 2524 HTTP - ok
13:13:20.0125 2524 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:13:20.0187 2524 HTTPFilter - ok
13:13:20.0203 2524 i2omgmt - ok
13:13:20.0203 2524 i2omp - ok
13:13:20.0218 2524 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:13:20.0281 2524 i8042prt - ok
13:13:20.0343 2524 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:13:20.0390 2524 idsvc - ok
13:13:20.0406 2524 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:13:20.0468 2524 Imapi - ok
13:13:20.0500 2524 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
13:13:20.0578 2524 ImapiService - ok
13:13:20.0578 2524 ini910u - ok
13:13:20.0671 2524 [ C464CF7A58C011A70188602B55C64E99 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:13:20.0828 2524 IntcAzAudAddService - ok
13:13:20.0828 2524 IntelIde - ok
13:13:20.0843 2524 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:13:20.0921 2524 intelppm - ok
13:13:20.0937 2524 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:13:21.0000 2524 Ip6Fw - ok
13:13:21.0015 2524 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:13:21.0078 2524 IpFilterDriver - ok
13:13:21.0109 2524 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:13:21.0171 2524 IpInIp - ok
13:13:21.0187 2524 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:13:21.0250 2524 IpNat - ok
13:13:21.0265 2524 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:13:21.0328 2524 IPSec - ok
13:13:21.0343 2524 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:13:21.0421 2524 IRENUM - ok
13:13:21.0437 2524 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:13:21.0500 2524 isapnp - ok
13:13:21.0578 2524 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
13:13:21.0593 2524 JavaQuickStarterService - ok
13:13:21.0609 2524 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:13:21.0687 2524 Kbdclass - ok
13:13:21.0718 2524 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:13:21.0796 2524 kmixer - ok
13:13:21.0812 2524 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:13:21.0843 2524 KSecDD - ok
13:13:21.0859 2524 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:13:21.0890 2524 lanmanserver - ok
13:13:21.0906 2524 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:13:21.0921 2524 lanmanworkstation - ok
13:13:21.0921 2524 lbrtfdc - ok
13:13:21.0968 2524 [ C215E09622118383B236DD56C2065183 ] LightScribeService C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
13:13:21.0968 2524 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:13:21.0968 2524 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:13:21.0984 2524 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
13:13:22.0000 2524 lirsgt ( UnsignedFile.Multi.Generic ) - warning
13:13:22.0000 2524 lirsgt - detected UnsignedFile.Multi.Generic (1)
13:13:22.0015 2524 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:13:22.0078 2524 LmHosts - ok
13:13:22.0109 2524 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
13:13:22.0109 2524 MDM - ok
13:13:22.0125 2524 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:13:22.0203 2524 Messenger - ok
13:13:22.0250 2524 Microsoft SharePoint Workspace Audit Service - ok
13:13:22.0265 2524 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:13:22.0328 2524 mnmdd - ok
13:13:22.0359 2524 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:13:22.0421 2524 mnmsrvc - ok
13:13:22.0437 2524 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:13:22.0515 2524 Modem - ok
13:13:22.0531 2524 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:13:22.0593 2524 Mouclass - ok
13:13:22.0625 2524 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:13:22.0703 2524 mouhid - ok
13:13:22.0703 2524 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:13:22.0765 2524 MountMgr - ok
13:13:22.0812 2524 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
13:13:22.0828 2524 MozillaMaintenance - ok
13:13:22.0828 2524 mraid35x - ok
13:13:22.0843 2524 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:13:22.0921 2524 MRxDAV - ok
13:13:22.0953 2524 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:13:22.0984 2524 MRxSmb - ok
13:13:23.0015 2524 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:13:23.0078 2524 MSDTC - ok
13:13:23.0078 2524 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:13:23.0156 2524 Msfs - ok
13:13:23.0156 2524 MSIServer - ok
13:13:23.0171 2524 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:13:23.0234 2524 MSKSSRV - ok
13:13:23.0234 2524 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:13:23.0296 2524 MSPCLOCK - ok
13:13:23.0312 2524 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:13:23.0390 2524 MSPQM - ok
13:13:23.0406 2524 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:13:23.0468 2524 mssmbios - ok
13:13:23.0500 2524 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:13:23.0515 2524 Mup - ok
13:13:23.0546 2524 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
13:13:23.0625 2524 napagent - ok
13:13:23.0625 2524 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:13:23.0703 2524 NDIS - ok
13:13:23.0718 2524 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:13:23.0734 2524 NdisTapi - ok
13:13:23.0750 2524 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:13:23.0812 2524 Ndisuio - ok
13:13:23.0828 2524 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:13:23.0906 2524 NdisWan - ok
13:13:23.0921 2524 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:13:23.0953 2524 NDProxy - ok
13:13:23.0968 2524 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:13:24.0031 2524 NetBIOS - ok
13:13:24.0031 2524 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:13:24.0109 2524 NetBT - ok
13:13:24.0125 2524 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
13:13:24.0203 2524 NetDDE - ok
13:13:24.0203 2524 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:13:24.0265 2524 NetDDEdsdm - ok
13:13:24.0281 2524 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:13:24.0343 2524 Netlogon - ok
13:13:24.0343 2524 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
13:13:24.0421 2524 Netman - ok
13:13:24.0437 2524 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:13:24.0453 2524 NetTcpPortSharing - ok
13:13:24.0515 2524 [ 0A4B790EB15F813A66D1A48AB2C96471 ] NitroReaderDriverReadSpool2 C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
13:13:24.0515 2524 NitroReaderDriverReadSpool2 - ok
13:13:24.0546 2524 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
13:13:24.0578 2524 Nla - ok
13:13:24.0640 2524 [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
13:13:24.0671 2524 NMIndexingService - ok
13:13:24.0687 2524 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:13:24.0750 2524 Npfs - ok
13:13:24.0781 2524 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:13:24.0875 2524 Ntfs - ok
13:13:24.0875 2524 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:13:24.0937 2524 NtLmSsp - ok
13:13:24.0968 2524 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:13:25.0062 2524 NtmsSvc - ok
13:13:25.0078 2524 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:13:25.0140 2524 Null - ok
13:13:25.0265 2524 [ 83780F3A86D2804912F22F6E37CD2254 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:13:25.0437 2524 nv - ok
13:13:25.0453 2524 [ 42321AC5448078131903B272E6C49024 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
13:13:25.0484 2524 NVSvc - ok
13:13:25.0500 2524 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:13:25.0578 2524 NwlnkFlt - ok
13:13:25.0578 2524 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:13:25.0656 2524 NwlnkFwd - ok
13:13:25.0703 2524 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
13:13:25.0703 2524 ose - ok
13:13:25.0812 2524 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:13:25.0953 2524 osppsvc - ok
13:13:25.0984 2524 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:13:26.0046 2524 Parport - ok
13:13:26.0046 2524 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:13:26.0125 2524 PartMgr - ok
13:13:26.0140 2524 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:13:26.0218 2524 ParVdm - ok
13:13:26.0234 2524 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:13:26.0312 2524 PCI - ok
13:13:26.0312 2524 PCIDump - ok
13:13:26.0328 2524 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:13:26.0390 2524 PCIIde - ok
13:13:26.0406 2524 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:13:26.0468 2524 Pcmcia - ok
13:13:26.0468 2524 PDCOMP - ok
13:13:26.0484 2524 PDFRAME - ok
13:13:26.0484 2524 PDRELI - ok
13:13:26.0484 2524 PDRFRAME - ok
13:13:26.0484 2524 perc2 - ok
13:13:26.0484 2524 perc2hib - ok
13:13:26.0500 2524 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
13:13:26.0531 2524 PlugPlay - ok
13:13:26.0546 2524 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:13:26.0593 2524 PolicyAgent - ok
13:13:26.0640 2524 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:13:26.0703 2524 PptpMiniport - ok
13:13:26.0703 2524 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:13:26.0765 2524 ProtectedStorage - ok
13:13:26.0765 2524 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:13:26.0843 2524 PSched - ok
13:13:26.0859 2524 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:13:26.0937 2524 Ptilink - ok
13:13:26.0953 2524 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:13:26.0968 2524 PxHelp20 - ok
13:13:26.0968 2524 ql1080 - ok
13:13:26.0968 2524 Ql10wnt - ok
13:13:26.0968 2524 ql12160 - ok
13:13:26.0984 2524 ql1240 - ok
13:13:26.0984 2524 ql1280 - ok
13:13:27.0000 2524 [ 0087F01D35A65B32393CC8BBA46EE4A6 ] QV2KUX C:\WINDOWS\system32\DRIVERS\qv2kux.sys
13:13:27.0062 2524 QV2KUX - ok
13:13:27.0093 2524 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:13:27.0281 2524 RasAcd - ok
13:13:27.0296 2524 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:13:27.0375 2524 RasAuto - ok
13:13:27.0375 2524 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:13:27.0437 2524 Rasl2tp - ok
13:13:27.0468 2524 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:13:27.0531 2524 RasMan - ok
13:13:27.0546 2524 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:13:27.0609 2524 RasPppoe - ok
13:13:27.0609 2524 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:13:27.0687 2524 Raspti - ok
13:13:27.0703 2524 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:13:27.0781 2524 Rdbss - ok
13:13:27.0781 2524 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:13:27.0843 2524 RDPCDD - ok
13:13:27.0875 2524 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:13:27.0906 2524 RDPWD - ok
13:13:27.0906 2524 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:13:27.0984 2524 RDSessMgr - ok
13:13:28.0000 2524 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:13:28.0062 2524 redbook - ok
13:13:28.0078 2524 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:13:28.0156 2524 RemoteAccess - ok
13:13:28.0171 2524 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
13:13:28.0234 2524 RpcLocator - ok
13:13:28.0250 2524 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:13:28.0296 2524 RpcSs - ok
13:13:28.0312 2524 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:13:28.0390 2524 RSVP - ok
13:13:28.0421 2524 [ 1E11171C0B9989E1BDAA59E96B2E81C4 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
13:13:28.0468 2524 RTL8023xp - ok
13:13:28.0484 2524 [ 4294FDF954125CE9E39E68F826415C29 ] s3legacy C:\WINDOWS\system32\DRIVERS\s3legacy.sys
13:13:28.0562 2524 s3legacy - ok
13:13:28.0578 2524 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
13:13:28.0625 2524 SamSs - ok
13:13:28.0671 2524 [ 69AF63ABC08B418E613BD1241FEB49E9 ] SbieDrv C:\Programme\Sandboxie\SbieDrv.sys
13:13:28.0671 2524 SbieDrv ( UnsignedFile.Multi.Generic ) - warning
13:13:28.0671 2524 SbieDrv - detected UnsignedFile.Multi.Generic (1)
13:13:28.0687 2524 [ D701C5A242C31D018375459E1373FE22 ] SbieSvc C:\Programme\Sandboxie\SbieSvc.exe
13:13:28.0703 2524 SbieSvc ( UnsignedFile.Multi.Generic ) - warning
13:13:28.0703 2524 SbieSvc - detected UnsignedFile.Multi.Generic (1)
13:13:28.0718 2524 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:13:28.0796 2524 SCardSvr - ok
13:13:28.0812 2524 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:13:28.0890 2524 Schedule - ok
13:13:28.0921 2524 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:13:28.0984 2524 Secdrv - ok
13:13:29.0000 2524 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
13:13:29.0078 2524 seclogon - ok
13:13:29.0093 2524 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
13:13:29.0156 2524 SENS - ok
13:13:29.0187 2524 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:13:29.0250 2524 serenum - ok
13:13:29.0265 2524 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:13:29.0328 2524 Serial - ok
13:13:29.0343 2524 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:13:29.0406 2524 Sfloppy - ok
13:13:29.0421 2524 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:13:29.0500 2524 SharedAccess - ok
13:13:29.0515 2524 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:13:29.0531 2524 ShellHWDetection - ok
13:13:29.0531 2524 Simbad - ok
13:13:29.0625 2524 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Dokumente und Einstellungen\Steffen\Desktop\Updater\Updater.exe
13:13:29.0640 2524 SkypeUpdate - ok
13:13:29.0640 2524 Sparrow - ok
13:13:29.0656 2524 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
13:13:29.0671 2524 speedfan - ok
13:13:29.0703 2524 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:13:29.0765 2524 splitter - ok
13:13:29.0796 2524 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:13:29.0828 2524 Spooler - ok
13:13:29.0843 2524 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
13:13:29.0859 2524 sptd - ok
13:13:29.0875 2524 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:13:29.0937 2524 sr - ok
13:13:29.0968 2524 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
13:13:30.0031 2524 srservice - ok
13:13:30.0046 2524 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:13:30.0093 2524 Srv - ok
13:13:30.0109 2524 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:13:30.0187 2524 SSDPSRV - ok
13:13:30.0218 2524 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:13:30.0218 2524 ssmdrv - ok
13:13:30.0218 2524 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:13:30.0296 2524 stisvc - ok
13:13:30.0312 2524 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:13:30.0375 2524 swenum - ok
13:13:30.0390 2524 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:13:30.0468 2524 swmidi - ok
13:13:30.0468 2524 SwPrv - ok
13:13:30.0468 2524 symc810 - ok
13:13:30.0468 2524 symc8xx - ok
13:13:30.0468 2524 sym_hi - ok
13:13:30.0484 2524 sym_u3 - ok
13:13:30.0484 2524 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:13:30.0562 2524 sysaudio - ok
13:13:30.0562 2524 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:13:30.0625 2524 SysmonLog - ok
13:13:30.0656 2524 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:13:30.0718 2524 TapiSrv - ok
13:13:30.0718 2524 [ 04E1C782CF14B7282EBC633B0FD3ED16 ] TBPanel C:\WINDOWS\system32\drivers\TBPanel.sys
13:13:30.0734 2524 TBPanel - ok
13:13:30.0750 2524 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:13:30.0781 2524 Tcpip - ok
13:13:30.0796 2524 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:13:30.0859 2524 TDPIPE - ok
13:13:30.0875 2524 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:13:30.0937 2524 TDTCP - ok
13:13:30.0953 2524 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:13:31.0031 2524 TermDD - ok
13:13:31.0062 2524 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
13:13:31.0140 2524 TermService - ok
13:13:31.0156 2524 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
13:13:31.0171 2524 Themes - ok
13:13:31.0171 2524 TosIde - ok
13:13:31.0187 2524 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:13:31.0250 2524 TrkWks - ok
13:13:31.0265 2524 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:13:31.0328 2524 Udfs - ok
13:13:31.0328 2524 ultra - ok
13:13:31.0359 2524 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
13:13:31.0390 2524 UMWdf - ok
13:13:31.0406 2524 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:13:31.0500 2524 Update - ok
13:13:31.0515 2524 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:13:31.0593 2524 upnphost - ok
13:13:31.0640 2524 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
13:13:31.0703 2524 UPS - ok
13:13:31.0718 2524 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
13:13:31.0781 2524 usbaudio - ok
13:13:31.0796 2524 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:13:31.0859 2524 usbccgp - ok
13:13:31.0875 2524 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:13:31.0937 2524 usbehci - ok
13:13:31.0953 2524 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:13:32.0031 2524 usbhub - ok
13:13:32.0046 2524 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:13:32.0109 2524 usbprint - ok
13:13:32.0109 2524 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:13:32.0171 2524 usbscan - ok
13:13:32.0187 2524 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:13:32.0250 2524 USBSTOR - ok
13:13:32.0250 2524 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:13:32.0312 2524 usbuhci - ok
13:13:32.0328 2524 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:13:32.0406 2524 VgaSave - ok
13:13:32.0406 2524 ViaIde - ok
13:13:32.0421 2524 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:13:32.0484 2524 VolSnap - ok
13:13:32.0500 2524 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
13:13:32.0562 2524 VSS - ok
13:13:32.0578 2524 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
13:13:32.0656 2524 W32Time - ok
13:13:32.0656 2524 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:13:32.0718 2524 Wanarp - ok
13:13:32.0718 2524 WDICA - ok
13:13:32.0734 2524 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:13:32.0796 2524 wdmaud - ok
13:13:32.0812 2524 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:13:32.0890 2524 WebClient - ok
13:13:32.0953 2524 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:13:33.0015 2524 winmgmt - ok
13:13:33.0046 2524 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
13:13:33.0062 2524 WmdmPmSN - ok
13:13:33.0078 2524 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:13:33.0140 2524 WmiApSrv - ok
13:13:33.0156 2524 [ C1B3D9D75C3FB735F5FA3A5806ADED57 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
13:13:33.0156 2524 WpdUsb - ok
13:13:33.0187 2524 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:13:33.0250 2524 wscsvc - ok
13:13:33.0265 2524 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:13:33.0328 2524 wuauserv - ok
13:13:33.0359 2524 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:13:33.0437 2524 WZCSVC - ok
13:13:33.0453 2524 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:13:33.0531 2524 xmlprov - ok
13:13:33.0531 2524 ================ Scan global ===============================
13:13:33.0546 2524 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
13:13:33.0578 2524 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:13:33.0593 2524 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
13:13:33.0593 2524 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
13:13:33.0593 2524 [Global] - ok
13:13:33.0593 2524 ================ Scan MBR ==================================
13:13:33.0609 2524 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
13:13:33.0828 2524 \Device\Harddisk0\DR0 - ok
13:13:33.0828 2524 ================ Scan VBR ==================================
13:13:33.0828 2524 [ B5181DB679D3301D734522E1BA17BC9F ] \Device\Harddisk0\DR0\Partition1
13:13:33.0828 2524 \Device\Harddisk0\DR0\Partition1 - ok
13:13:33.0843 2524 [ 136B8A0C0BF5727CAC170225E79AA8E7 ] \Device\Harddisk0\DR0\Partition2
13:13:33.0859 2524 \Device\Harddisk0\DR0\Partition2 - ok
13:13:33.0859 2524 ============================================================
13:13:33.0859 2524 Scan finished
13:13:33.0859 2524 ============================================================
13:13:33.0984 0168 Detected object count: 9
13:13:33.0984 0168 Actual detected object count: 9
13:13:49.0015 0168 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:49.0015 0168 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:13:49.0031 0168 BIOS ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:49.0031 0168 BIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:13:49.0031 0168 BS_I2cIo ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:49.0031 0168 BS_I2cIo ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:13:49.0031 0168 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:49.0031 0168 Cherry Device Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:13:49.0031 0168 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:49.0031 0168 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:13:49.0031 0168 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:49.0031 0168 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:13:49.0031 0168 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:49.0031 0168 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:13:49.0031 0168 SbieDrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:49.0031 0168 SbieDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:13:49.0031 0168 SbieSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:13:49.0031 0168 SbieSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.10.2012, 12:46
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.VShareRedir Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
21.10.2012, 13:51
| #19 |
| | PUP.VShareRedirCode:
ATTFilter ComboFix 12-10-21.01 - Steffen 21.10.2012 14:28:17.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2046.1363 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Steffen\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Steffen\Anwendungsdaten\siw_sdk.dll
c:\dokumente und einstellungen\Steffen\WINDOWS
c:\programme\Clickster\ClICkster.exe
c:\windows\IsUn0407.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
Z:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NVSVC
-------\Legacy_PASSWORD
-------\Service_NVSvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-21 bis 2012-10-21 ))))))))))))))))))))))))))))))
.
.
2012-10-19 13:31 . 2012-10-19 13:31 -------- d-----w- C:\_OTL
2012-10-15 16:43 . 2012-10-15 16:43 -------- d-----w- c:\programme\ESET
2012-10-12 13:35 . 2012-10-12 13:35 -------- d-----w- c:\dokumente und einstellungen\Steffen\Anwendungsdaten\Malwarebytes
2012-10-12 13:34 . 2012-10-12 13:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-10-12 13:34 . 2012-10-12 13:34 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-10-12 13:34 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 12:58 . 2012-09-22 12:58 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-22 12:58 . 2010-07-02 22:15 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-22 12:58 . 2009-01-13 18:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 20:28 . 2004-08-04 12:00 672768 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:28 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 20:28 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:26 . 2004-08-04 12:00 371200 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:26 . 2008-10-30 21:04 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2008-10-30 21:04 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-30 20:35 . 2012-07-30 20:35 1409 ----a-w- c:\windows\QTFont.for
2012-10-13 12:16 . 2012-10-13 12:16 261600 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"GAINWARD"="c:\programme\EXPERTool\TBPanel.exe" [2008-07-10 2177576]
"SandboxieControl"="c:\programme\Sandboxie\SbieCtrl.exe" [2009-12-01 389120]
"Steam"="z:\spiele\empire\steam.exe" [2012-08-04 1353080]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"CherryKeyMan"="c:\programme\Cherry\KeyMan\KeyMan.exe" [2007-11-28 237620]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"BCSSync"="c:\programme\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LogMeIn Hamachi Ui"="c:\programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Steffen\Startmenü\Programme\Autostart\
StarOffice 8.lnk - c:\programme\Sun\StarOffice 8\program\quickstart.exe [2008-1-21 122880]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\TeamViewer3\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"z:\\Spiele\\Battlefront 2\\GameData\\BattlefrontII.exe"=
"c:\\Programme\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"z:\\Spiele\\Anno 1602\\ANNO1602\\1602.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"z:\\Spiele\\Stronghold\\Stronghold.exe"=
"c:\\Programme\\Call Graph\\CallGraph.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Programme\\ICQ7.5\\ICQ.exe"=
"z:\\Spiele\\EMpire\\SteamApps\\common\\empire total war\\Empire.exe"=
"z:\\Spiele\\Assassins Creed\\AssassinsCreed_Dx9.exe"=
"z:\\Spiele\\Assassins Creed\\AssassinsCreed_Dx10.exe"=
"z:\\Spiele\\Assassins Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Programme\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programme\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Dokumente und Einstellungen\\Steffen\\Desktop\\Phone\\Skype.exe"=
"z:\\Spiele\\EMpire\\SteamApps\\common\\total war shogun 2\\Shogun2.exe"=
"z:\\Spiele\\EMpire\\SteamApps\\common\\total war shogun 2\\data\\encyclopedia\\how_to_play.html"=
"z:\\Spiele\\EMpire\\SteamApps\\common\\total war shogun 2\\benchmarks\\benchmark_current_settings.bat"=
"z:\\Spiele\\EMpire\\SteamApps\\common\\total war shogun 2\\benchmarks\\benchmark_specify_properties.bat"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58282:TCP"= 58282:TCP:Em4
"12345:UDP"= 12345:UDP:Em4
"54321:UDP"= 54321:UDP:Em4
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"58931:TCP"= 58931:TCP:Pando Media Booster
"58931:UDP"= 58931:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6907:TCP"= 6907:TCP:League of Legends Launcher
"6907:UDP"= 6907:UDP:League of Legends Launcher
"6969:TCP"= 6969:TCP:League of Legends Launcher
"6969:UDP"= 6969:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"6937:TCP"= 6937:TCP:League of Legends Launcher
"6937:UDP"= 6937:UDP:League of Legends Launcher
"6896:TCP"= 6896:TCP:League of Legends Launcher
"6896:UDP"= 6896:UDP:League of Legends Launcher
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"6947:TCP"= 6947:TCP:League of Legends Launcher
"6947:UDP"= 6947:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"58797:TCP"= 58797:TCP:Pando Media Booster
"58797:UDP"= 58797:UDP:Pando Media Booster
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [01.01.2007 23:39 36000]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [29.10.2008 22:06 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [29.10.2008 23:31 8192]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30.07.2008 07:51 277736]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [01.01.2007 23:39 86224]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\programme\LogMeIn Hamachi\hamachi-2.exe [29.08.2012 12:03 1385896]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [20.12.2011 11:28 196904]
R3 Ch2kPS2;Cherry PS/2 Tastatur Treiber (CDI);c:\windows\system32\drivers\Ch2kPS2.sys [24.01.2008 10:41 130560]
R3 Cherry Device Interface;Cherry Device Interface;c:\programme\Cherry\CDI\cdi.exe [04.12.2007 13:03 585774]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [01.04.2010 00:06 135664]
S2 SkypeUpdate;Skype Updater;c:\dokumente und einstellungen\Steffen\Desktop\Updater\Updater.exe [07.06.2012 19:12 160944]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [01.04.2010 00:06 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programme\Microsoft Office\Office14\GROOVE.EXE [12.06.2011 11:15 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [25.04.2012 18:47 115168]
S3 osppsvc;Office Software Protection Platform;c:\programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 21:37 4640000]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [29.10.2008 21:49 65664]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- c:\programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-03-31 22:06]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-03-31 22:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://dt-updates.com/activate?query=VRgPIJB%2fH0qFMbR03XC69w%2bJz9sYmQmjN5N3c58svn93rjd0cC88VCk2kRaioc9KjgOxZoSiUyCjnKgYv7QAutPTP4VjP9Qul7q%2furUCNGGjYVsktbCTd5ETgFl2O1IQq9BLWXca6cSybCO%2fFMi9kvvZVnod3UW0E6aF9pKJWuq0bBTerxroeQ0Pihklg%2fb60k%2fXf9HDlIrSaN79NE4Y7Y%2bf2R7KSR2RCvYfYHJwo5N%2fhagcDQhJygdlY92Tq6BOzYm2%2buzzLZlnA0d2YauysBHfCm6pVQ7K1ZXZflN3L%2fw%3d
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Steffen\Anwendungsdaten\Mozilla\Firefox\Profiles\1pwc4e03.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.de/
FF - ExtSQL: 2012-09-22 14:58; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-10-13 17:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-EPSON Stylus CX3600 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
HKLM-Run-EPSON Stylus CX3600 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
AddRemove-Covert Operations - c:\windows\IsUn0407.exe
AddRemove-Reise nach Nordland - c:\windows\IsUn0407.exe
AddRemove-RiseofNationsExpansion 1.0 - z:\spiele\Rise of Nations\UNINSTLX.EXE
AddRemove-Sacred_is1 - z:\spiele\Sacred\unins000.exe
AddRemove-vShare.tv plugin - c:\programme\vShare.tv plugin\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-21 14:39
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX3600 Series = c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /M "Stylus CX3600" /EF "HKCU"????????????????????????????????????????p???W?9~0?6~????*?6~??6~??????8~"?????????????????Y???6~????????????????????T???????????W?9~??6~??????6~??6~??Y???????????6~???????????????????????????????|??????????Y???????????????8~s?6~??6~-?7~"??????????? ???????????2???'I??0???????????4????Y7~"???????????????P???????????????T????Y7~????P????????S??????????????X?8~????P???????j?8~P???????8???????????`??
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1563985344-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c1,6b,58,41,43,56,a8,8f,86,e2,1e,63,25,fd,58,a5,ed,fe,d7,8b,9c,da,5c,
a6,7d,65,91,4f,74,5e,fb,d9,37,38,33,c0,0e,b4,02,67,31,29,b2,02,eb,8d,a5,68,\
"??"=hex:69,a3,33,3c,a5,c9,72,a7,2d,1d,f8,d7,9a,21,46,16
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3576)
c:\progra~1\GEMEIN~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1031\GrooveIntlResource.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programme\Sandboxie\SbieSvc.exe
c:\windows\system32\wdfmgr.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
c:\programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
c:\programme\Sun\StarOffice 8\program\soffice.exe
c:\programme\Sun\StarOffice 8\program\soffice.BIN
c:\programme\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-21 14:44:27 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-21 12:44
.
Vor Suchlauf: 12 Verzeichnis(se), 57.590.394.880 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 57.737.875.456 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 82CBA4B509AE5F6F288CE2C1B9AD4C18
|
|
21.10.2012, 16:14
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.VShareRedir Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2012, 00:01
| #21 |
| | PUP.VShareRedirCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-25 00:49:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 SAMSUNG_HD322HJ rev.1AC01112
Running: dhfc6g1b.exe; Driver: C:\DOKUME~1\Steffen\LOKALE~1\Temp\pgtdapow.sys
---- System - GMER 1.0.15 ----
SSDT BA7711CE ZwCreateKey
SSDT BA7711C4 ZwCreateThread
SSDT BA7711D3 ZwDeleteKey
SSDT BA7711DD ZwDeleteValueKey
SSDT BA7711E2 ZwLoadKey
SSDT BA7711B0 ZwOpenProcess
SSDT BA7711B5 ZwOpenThread
SSDT BA7711EC ZwReplaceKey
SSDT BA7711E7 ZwRestoreKey
SSDT BA7711D8 ZwSetValueKey
INT 0x63 ? 8A65BCB8
INT 0x63 ? 8A65BCB8
INT 0x63 ? 8A65BCB8
INT 0x63 ? 8A65BCB8
INT 0x63 ? 8A40AF00
INT 0x63 ? 8A40AF00
INT 0x63 ? 8A65BCB8
INT 0x73 ? 8A65BCB8
INT 0x84 ? 8A40AF00
INT 0xA4 ? 8A40AF00
INT 0xB1 ? 8A445CB8
INT 0xB1 ? 8A445CB8
INT 0xB4 ? 8A40AF00
Code 89755BAC ZwRequestPort
Code 89755C4C ZwRequestWaitReplyPort
Code 89755B0C ZwTraceEvent
Code 89755BAB NtRequestPort
Code 89755C4B NtRequestWaitReplyPort
Code 89755B0B NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!NtTraceEvent 805351AE 5 Bytes JMP 89755B10
PAGE ntkrnlpa.exe!NtRequestPort 805A2A52 5 Bytes JMP 89755BB0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2D7E 5 Bytes JMP 89755C50
.sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F83B2E]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F65360, 0x32E00D, 0xE8000020]
.text USBPORT.SYS!DllUnload B8F458AC 5 Bytes JMP 8A40A410
.text a6ey5oc4.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B8E7E900 48 Bytes [6F, C6, 98, 52, 85, F4, 03, ...]
? C:\WINDOWS\System32\Drivers\a6ey5oc4.SYS suspicious PE modification
.text avbqhs6f.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B8DD9EA0 48 Bytes [8F, AF, 03, 9F, F3, B0, C0, ...]
? C:\WINDOWS\System32\Drivers\avbqhs6f.SYS suspicious PE modification
.text win32k.sys!EngAcquireSemaphore + 20F0 BF8082F4 5 Bytes JMP 897554D0
.text win32k.sys!EngFreeUserMem + 5BD7 BF80EE80 5 Bytes JMP 89755430
.text win32k.sys!EngSetLastError + 79AA BF8240ED 5 Bytes JMP 89755610
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP 897559D0
.text win32k.sys!XLATEOBJ_iXlate + 2EDD BF85DC50 5 Bytes JMP 89755570
.text win32k.sys!EngCreatePalette + 8A BF85F5F2 5 Bytes JMP 89755890
.text win32k.sys!EngCopyBits + 4DF9 BF89D7BD 5 Bytes JMP 897556B0
.text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP 89755750
.text win32k.sys!EngDeleteSemaphore + 3B35 BF8EBDCE 5 Bytes JMP 89755930
.text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP 89755A70
.text win32k.sys!EngCreateClip + 2605 BF914ECA 5 Bytes JMP 897557F0
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xA5642600, 0x25B0C, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA55E3300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA478300, 0x1B7E, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E8F232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E8E914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E8E856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E8F0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EA2EB0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A65A1E8
Device \FileSystem\Udfs \UdfsCdRom 8A09D430
Device \FileSystem\Udfs \UdfsDisk 8A09D430
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Ch2kPS2.sys (Cherry PS2 driver for Win2k/Cherry GmbH)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Ch2kPS2.sys (Cherry PS2 driver for Win2k/Cherry GmbH)
Device \Driver\usbuhci \Device\USBPDO-0 8A4091E8
Device \Driver\usbuhci \Device\USBPDO-1 8A4091E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B609E8BE-0B04-454C-96A5-365B594E0528} 89F80430
Device \Driver\usbuhci \Device\USBPDO-2 8A4091E8
Device \Driver\usbehci \Device\USBPDO-3 8A4A31E8
Device \Driver\usbuhci \Device\USBPDO-4 8A4091E8
Device \Driver\usbuhci \Device\USBPDO-5 8A4091E8
Device \Driver\usbuhci \Device\USBPDO-6 8A4091E8
Device \Driver\usbehci \Device\USBPDO-7 8A4A31E8
Device \Driver\Cdrom \Device\CdRom0 8A4711E8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-12 [B9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7 [B9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B9E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A4711E8
Device \Driver\Cdrom \Device\CdRom2 8A4711E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0762DB52-1742-43FC-BBB6-E784D191B0C4} 89F80430
Device \Driver\NetBT \Device\NetBt_Wins_Export 89F80430
Device \Driver\PCI_PNP5730 \Device\0000004a sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\PCI_PNP5730 \Device\0000004a sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\PCI_PNP5730 \Device\0000004b sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\PCI_PNP5730 \Device\0000004b sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device \Driver\NetBT \Device\NetbiosSmb 89F80430
Device \Driver\usbuhci \Device\USBFDO-0 8A4091E8
Device \Driver\usbuhci \Device\USBFDO-1 8A4091E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A065430
Device \Driver\usbuhci \Device\USBFDO-2 8A4091E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A065430
Device \Driver\usbehci \Device\USBFDO-3 8A4A31E8
Device \Driver\usbuhci \Device\USBFDO-4 8A4091E8
Device \Driver\usbuhci \Device\USBFDO-5 8A4091E8
Device \Driver\usbuhci \Device\USBFDO-6 8A4091E8
Device \Driver\usbehci \Device\USBFDO-7 8A4A31E8
Device \Driver\a6ey5oc4 \Device\Scsi\a6ey5oc41Port7Path0Target0Lun0 8A3611E8
Device \Driver\avbqhs6f \Device\Scsi\avbqhs6f1 8A43E430
Device \Driver\avbqhs6f \Device\Scsi\avbqhs6f1Port6Path0Target0Lun0 8A43E430
Device \Driver\a6ey5oc4 \Device\Scsi\a6ey5oc41 8A3611E8
Device \FileSystem\Cdfs \Cdfs 8A045430
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x45 0xB1 0x61 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0x3D 0xF5 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0xBA 0xBC 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0xCE 0xF0 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0x77 0x55 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDE 0x90 0x18 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0xCE 0xF0 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0x77 0x55 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDE 0x90 0x18 0x41 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0xCE 0xF0 0xA6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0x77 0x55 0xF1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDE 0x90 0x18 0x41 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0xCE 0xF0 0xA6 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0x77 0x55 0xF1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDE 0x90 0x18 0x41 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0x6D 0x62 0x0B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x16 0x3D 0xF5 0x8B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE8 0xBA 0xBC 0x1B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5F 0xCE 0xF0 0xA6 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDD 0x77 0x55 0xF1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDE 0x90 0x18 0x41 ...
---- EOF - GMER 1.0.15 ----
|
|
25.10.2012, 10:33
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.VShareRedir Ok, ich seh ja wenn es da ist 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2012, 20:04
| #23 |
| | PUP.VShareRedir Naja hat nicht ganz geklappt...jetzt aber gleich beide ausstehende Logs: OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:45:11 on 27.10.2012 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 16.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS\system32\QuickTime.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Avira AntiVir Personal – Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys "aoce3mos" (aoce3mos) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\aoce3mos.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "av4l9n0y" (av4l9n0y) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\av4l9n0y.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "BIOS" (BIOS) - "BIOSTAR Group" - C:\WINDOWS\system32\drivers\BIOS.sys "BS_I2cIo" (BS_I2cIo) - "BIOSTAR Group" - C:\WINDOWS\system32\drivers\BS_I2cIo.sys "Cardex" (Cardex) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\TBPANEL.SYS "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "giveio" (giveio) - ? - C:\WINDOWS\System32\giveio.sys (File found, but it contains no detailed information) "Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "SbieDrv" (SbieDrv) - "tzuk" - C:\Programme\Sandboxie\SbieDrv.sys "speedfan" (speedfan) - "Almico Software" - C:\WINDOWS\System32\speedfan.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\TBPanel.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-27 19:54:54
-----------------------------
19:54:54.171 OS Version: Windows 5.1.2600 Service Pack 3
19:54:54.171 Number of processors: 2 586 0x1706
19:54:54.171 ComputerName: PC1 UserName:
19:54:54.671 Initialize success
20:04:08.703 AVAST engine defs: 12102700
20:33:36.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
20:33:36.875 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01112 Size: 305245MB BusType: 3
20:33:36.875 Disk 0 MBR read successfully
20:33:36.875 Disk 0 MBR scan
20:33:37.000 Disk 0 Windows XP default MBR code
20:33:37.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102398 MB offset 63
20:33:37.031 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 202844 MB offset 209712510
20:33:37.046 Disk 0 scanning sectors +625137345
20:33:37.109 Disk 0 scanning C:\WINDOWS\system32\drivers
20:33:48.218 Service scanning
20:34:00.500 Modules scanning
20:34:04.562 Disk 0 trace - called modules:
20:34:04.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
20:34:04.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5ebab8]
20:34:04.578 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8a61bf18]
20:34:04.578 5 ACPI.sys[b9e63620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8a619940]
20:34:05.046 AVAST engine scan C:\WINDOWS
20:34:11.937 AVAST engine scan C:\WINDOWS\system32
20:37:17.156 AVAST engine scan C:\WINDOWS\system32\drivers
20:37:31.203 AVAST engine scan C:\Dokumente und Einstellungen\Steffen
20:51:18.468 AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:54:58.312 Scan finished successfully
20:55:27.796 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Steffen\Desktop\MBR.dat"
20:55:27.796 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Steffen\Desktop\aswMBR.txt"
|
|
27.10.2012, 20:26
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.VShareRedir Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu PUP.VShareRedir |
| administrator, anti-malware, autostart, bildschirmschoner, browser, code, desktop, explorer, helper, klicke, laden, logfile, malwarebytes, maus, meldung, microsoft, neustart, plötzlich, probleme, programme, quarantäne, service pack 3, software, speicher, starten |
Linear-Darstellung
