| |
| |||||||
Log-Analyse und Auswertung: Probleme mit Softwareupdates und IE nach Trjaner und MalewarebytesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.03.2011, 17:30
| #1 |
 |  Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Hallo Zusammen, möchte vorwegschicken das ich mich zu den DAUs zähle. Habe die Forenregeln gelesen und bemühe mich ihnen zu entsprechen. Folgendes hat sich zugetragen: Vorgestern hatte ich plötzlich eine Trojanermeldung von Windows bekommen. Wollte zunächst im Internet recherchieren, damit ich nicht versehentlich eine Systemdatei lösche. Dabei hat sich Firefox schon merkwürdig benommen. (Öffnete andere Seiten, als die die ich bei Google angeklickt habe.) Ich bin etwas in Panik geraten. Habe einen Scan mit Malewarebytes durchgeführt und alle Funde sofort gelöscht. (wie gesagt: ich war in Panik) Seitdem habe ich ein Problem mit dem Internet. Zunächst kam ich mit IE und Firefox nicht mehr ins Netz. Thunderbird hat aber nach wie vor gesendet und empfangen. Eine Freundin half mir dann am Telefon zumindest bei Firefox. Der lief wieder nachdem ich unter Einstellungen "Die Proxy-Einstellungen für dieses Netzwerk automatisch erkennen" ausgewählt habe. Aber diverse Softwares teilen mir mit, dass sie sich nicht Zwecks Aktualisierung mit dem Server verbinden können. Wenn ich Thundebird öffne bekomme ich folgende Fehlermeldung: "Fehler: Proxy-Server verweigert die Verbindung - Beim Versuch, den von Ihnen konfigurierten Proxy-Server zu erreichen, wurde die Verbindung verweigert. Bitte überprüfen Sie Ihre Proxy-Einstellungen und versuchen Sie es nochmals." Ich kann dann aber doch Mails schreiben und empfangen. Ich hänge jetzt mal die Logfiles ran. Wäre glücklich und dankbar wenn mir jemand helfen kann. |
|
26.03.2011, 21:45
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Probleme mit Softwareupdates und IE nach Trjaner und MalewarebytesZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
27.03.2011, 10:44
| #3 |
| | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Hallo Arne,
__________________vielen Dank für die nette Begrüßung. Ich hab nach dem Befall jetzt insgesamt 4 scans durchgeführt. Die logs hänge ich an. Ich hab noch eine (vielleicht dumme Frage). Abgesehen davon, dass der Rechner wieder funktionieren soll... Kannst Du erkennen, ob ich es mit den Nachwirkungen des Angriffes zu tun habe, oder ob der ungebetene Gast noch da ist? Auf jeden Fall schon mal vielen Dank für Deine Hilfe!  Gruß Carsten |
|
27.03.2011, 20:16
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61919
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{13e372be-a235-11de-b254-0024211949fc}\Shell - "" = AutoRun
O33 - MountPoints2\{13e372be-a235-11de-b254-0024211949fc}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{13e372c0-a235-11de-b254-0024211949fc}\Shell - "" = AutoRun
O33 - MountPoints2\{13e372c0-a235-11de-b254-0024211949fc}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{672ec569-f7dd-11de-8970-001e101fb681}\Shell - "" = AutoRun
O33 - MountPoints2\{672ec569-f7dd-11de-8970-001e101fb681}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8c1d4a67-a1db-11de-9234-0024211949fc}\Shell - "" = AutoRun
O33 - MountPoints2\{8c1d4a67-a1db-11de-9234-0024211949fc}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{8c1d4a69-a1db-11de-9234-0024211949fc}\Shell - "" = AutoRun
O33 - MountPoints2\{8c1d4a69-a1db-11de-9234-0024211949fc}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{af688c80-ea56-11de-b4af-0024211949fc}\Shell - "" = AutoRun
O33 - MountPoints2\{af688c80-ea56-11de-b4af-0024211949fc}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{b9fff2b9-a1d1-11de-a737-0024211949fc}\Shell - "" = AutoRun
O33 - MountPoints2\{b9fff2b9-a1d1-11de-a737-0024211949fc}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{bcfa4106-eb40-11de-b541-001e101f21c1}\Shell - "" = AutoRun
O33 - MountPoints2\{bcfa4106-eb40-11de-b541-001e101f21c1}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{c9ace0fd-1999-11df-86c0-0024211949fc}\Shell - "" = AutoRun
O33 - MountPoints2\{c9ace0fd-1999-11df-86c0-0024211949fc}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{f75eb826-ed9e-11de-8d39-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{f75eb826-ed9e-11de-8d39-001e101f8aaa}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
[2011.03.24 17:22:25 | 000,005,740 | ---- | M] () -- C:\Users\xxxxxxx\AppData\Roaming\A6D0.0C4
[2011.03.14 15:57:06 | 000,307,200 | ---- | M] (FLV.com) -- C:\Windows\System32\TubeFinder.exe
[2010.03.20 11:14:57 | 000,005,072 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2009.06.15 20:43:32 | 000,004,987 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8CEFE51A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F35A93AD
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.03.2011, 23:38
| #5 |
| | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Okay. Hab ich. Hier ist das Logfile: All processes killed ========== OTL ========== Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 61919 removed from network.proxy.http_port Prefs.js: 4 removed from network.proxy.type Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13e372be-a235-11de-b254-0024211949fc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13e372be-a235-11de-b254-0024211949fc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13e372be-a235-11de-b254-0024211949fc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13e372be-a235-11de-b254-0024211949fc}\ not found. File I:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13e372c0-a235-11de-b254-0024211949fc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13e372c0-a235-11de-b254-0024211949fc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13e372c0-a235-11de-b254-0024211949fc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13e372c0-a235-11de-b254-0024211949fc}\ not found. File I:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672ec569-f7dd-11de-8970-001e101fb681}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672ec569-f7dd-11de-8970-001e101fb681}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672ec569-f7dd-11de-8970-001e101fb681}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{672ec569-f7dd-11de-8970-001e101fb681}\ not found. File I:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1d4a67-a1db-11de-9234-0024211949fc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c1d4a67-a1db-11de-9234-0024211949fc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1d4a67-a1db-11de-9234-0024211949fc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c1d4a67-a1db-11de-9234-0024211949fc}\ not found. File I:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1d4a69-a1db-11de-9234-0024211949fc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c1d4a69-a1db-11de-9234-0024211949fc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c1d4a69-a1db-11de-9234-0024211949fc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c1d4a69-a1db-11de-9234-0024211949fc}\ not found. File I:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af688c80-ea56-11de-b4af-0024211949fc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af688c80-ea56-11de-b4af-0024211949fc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af688c80-ea56-11de-b4af-0024211949fc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af688c80-ea56-11de-b4af-0024211949fc}\ not found. File I:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9fff2b9-a1d1-11de-a737-0024211949fc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9fff2b9-a1d1-11de-a737-0024211949fc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9fff2b9-a1d1-11de-a737-0024211949fc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9fff2b9-a1d1-11de-a737-0024211949fc}\ not found. File I:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcfa4106-eb40-11de-b541-001e101f21c1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcfa4106-eb40-11de-b541-001e101f21c1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcfa4106-eb40-11de-b541-001e101f21c1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcfa4106-eb40-11de-b541-001e101f21c1}\ not found. File I:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9ace0fd-1999-11df-86c0-0024211949fc}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9ace0fd-1999-11df-86c0-0024211949fc}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9ace0fd-1999-11df-86c0-0024211949fc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9ace0fd-1999-11df-86c0-0024211949fc}\ not found. File J:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f75eb826-ed9e-11de-8d39-001e101f8aaa}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f75eb826-ed9e-11de-8d39-001e101f8aaa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f75eb826-ed9e-11de-8d39-001e101f8aaa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f75eb826-ed9e-11de-8d39-001e101f8aaa}\ not found. File I:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found. File I:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found. File J:\AutoRun.exe not found. C:\Users\Carsten\AppData\Roaming\A6D0.0C4 moved successfully. C:\Windows\System32\TubeFinder.exe moved successfully. C:\ProgramData\bltofzsb.qlf moved successfully. C:\ProgramData\ojvzdisj.xda moved successfully. ADS C:\ProgramData\TEMP:8CEFE51A deleted successfully. ADS C:\ProgramData\TEMP:F35A93AD deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: autor ->Temp folder emptied: 32284 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Carsten ->Temp folder emptied: 3910331258 bytes ->Temporary Internet Files folder emptied: 70688287 bytes ->Java cache emptied: 47533727 bytes ->FireFox cache emptied: 77483007 bytes ->Google Chrome cache emptied: 27675037 bytes ->Flash cache emptied: 226966 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: postgres ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 483520 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 217123558 bytes RecycleBin emptied: 1120519807 bytes Total Files Cleaned = 5.219,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03282011_003207 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
28.03.2011, 09:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes |
|
28.03.2011, 10:28
| #7 |
| | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Kleine Zwischenfrage: Ich kann Combofix nicht beim runterladen umbenennen. (bzw. ich weiss nicht wie.) Bei mir geht jedenfalls nicht so ein "Speichern unter" Bildschirm auf, sondern ich kann die ComboFix.exe herunterladen oder abbrechen. Dann geht sofort der Downloadmanager auf. Also denke ich: umbenennen ist erst auf dem Desktop möglich. Ist das ein Problem? |
|
28.03.2011, 11:49
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Wieso geht kein Rechtsklick => Ziel speichern unter?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2011, 13:43
| #9 |
| | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes äh... doch das geht ...  Und hier ist der CF-Text: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-27.02 - xxxxxxx 28.03.2011 14:07:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3325.2559 [GMT 2:00]
ausgeführt von:: c:\users\xxxxxxx\Desktop\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SeARchsettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\xxxxxxx\AppData\Roaming\Desktopicon
c:\users\xxxxxxx\AppData\Roaming\Fibu
c:\users\xxxxxxx\AppData\Roaming\Fibu\fibu.ini
c:\users\xxxxxxx\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-28 bis 2011-03-28 ))))))))))))))))))))))))))))))
.
.
2011-03-28 11:11 . 2011-03-28 11:11 -------- d-----w- c:\program files\CCleaner
2011-03-27 22:32 . 2011-03-27 22:32 -------- d-----w- C:\_OTL
2011-03-25 16:14 . 2011-03-18 17:56 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-25 16:14 . 2011-03-18 17:56 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-25 16:14 . 2011-03-18 17:56 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-25 16:14 . 2011-03-18 17:56 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-25 16:14 . 2011-03-18 17:56 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-25 16:14 . 2011-03-18 17:56 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 16:14 . 2011-03-18 17:56 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-25 16:14 . 2011-03-18 17:56 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-25 08:13 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C0185D1-BF11-44E8-B4BC-687331E2DF79}\mpengine.dll
2011-03-24 16:08 . 2011-03-24 16:08 -------- d-----w- c:\users\xxxxxxx\AppData\Roaming\Malwarebytes
2011-03-24 16:07 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-24 16:07 . 2011-03-24 16:07 -------- d-----w- c:\programdata\Malwarebytes
2011-03-24 16:07 . 2011-03-24 16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-24 16:07 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-24 15:46 . 2011-03-24 15:51 -------- d-----w- c:\programdata\SecTaskMan
2011-03-24 15:46 . 2011-03-24 15:46 -------- d-----w- c:\program files\Security Task Manager
2011-03-21 13:19 . 2011-03-21 13:21 -------- d-----w- c:\users\xxxxxxx\AppData\Roaming\avidemux
2011-03-21 13:18 . 2011-03-22 10:52 -------- d-----w- c:\program files\Avidemux 2.5
2011-03-09 19:15 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:15 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:15 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 19:15 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 19:15 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 19:15 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 14:05 . 2009-04-18 18:03 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 17:11 . 2009-10-03 13:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 07:50 . 2011-02-10 06:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-10 06:34 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25 . 2011-02-10 06:34 2038784 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 14:57 . 2011-01-12 13:42 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-03-18 17:56 . 2011-03-25 16:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WizMouse"="c:\program files\WizMouse\WizMouse.exe" [2010-05-23 723248]
"Nexus"="c:\program files\Winstep\Nexus.exe" [2010-10-19 13482624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-21 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\users\autor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 ntiomin;ntiomin; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9de4d978f7944;Google Update Service (gupdate1c9de4d978f7944);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 133104]
R3 cusbohcn;cusbohcn;c:\users\xxxxxxx\AppData\Local\Temp\cusbohcn.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-05-16 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-09 135336]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-04-07 233472]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 22:01]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 22:01]
.
2011-03-28 c:\windows\Tasks\User_Feed_Synchronization-{53B2258B-4FBC-42E2-AF31-D15D66506C28}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15015&l=dis
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:61919
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
FF - ProfilePath - c:\users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-28 14:18
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\bmnet.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Winstep\WsxService.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\WUDFHost.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\conime.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-28 14:23:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-03-28 12:23
.
Vor Suchlauf: 15 Verzeichnis(se), 339.568.250.880 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 338.900.041.728 Bytes frei
.
- - End Of File - - C19607BA6B6356AC19CA0AF7A715181C
|
|
28.03.2011, 18:25
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter Driver::
ntiomin
cusbohcn
File::
c:\users\xxxxxxx\AppData\Local\Temp\cusbohcn.sys
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2011, 23:08
| #11 |
| | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Okay. Hab ich auch: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-28.01 - xxxxxxx 28.03.2011 23:45:05.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3325.2682 [GMT 2:00]
ausgeführt von:: c:\users\xxxxxxx\Desktop\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\xxxxxxx\Desktop\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\xxxxxxx\AppData\Local\Temp\cusbohcn.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CUSBOHCN
-------\Legacy_NTIOMIN
-------\Service_cusbohcn
-------\Service_ntiomin
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-28 bis 2011-03-28 ))))))))))))))))))))))))))))))
.
.
2011-03-28 21:51 . 2011-03-28 21:51 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-03-28 21:51 . 2011-03-28 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-28 11:11 . 2011-03-28 11:11 -------- d-----w- c:\program files\CCleaner
2011-03-27 22:32 . 2011-03-27 22:32 -------- d-----w- C:\_OTL
2011-03-25 16:14 . 2011-03-18 17:56 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-25 16:14 . 2011-03-18 17:56 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-25 16:14 . 2011-03-18 17:56 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-25 16:14 . 2011-03-18 17:56 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-25 16:14 . 2011-03-18 17:56 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-25 16:14 . 2011-03-18 17:56 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-25 16:14 . 2011-03-18 17:56 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-25 16:14 . 2011-03-18 17:56 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-25 08:13 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4C0185D1-BF11-44E8-B4BC-687331E2DF79}\mpengine.dll
2011-03-24 16:08 . 2011-03-24 16:08 -------- d-----w- c:\users\xxxxxxx\AppData\Roaming\Malwarebytes
2011-03-24 16:07 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-24 16:07 . 2011-03-24 16:07 -------- d-----w- c:\programdata\Malwarebytes
2011-03-24 16:07 . 2011-03-24 16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-24 16:07 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-24 15:46 . 2011-03-24 15:51 -------- d-----w- c:\programdata\SecTaskMan
2011-03-24 15:46 . 2011-03-24 15:46 -------- d-----w- c:\program files\Security Task Manager
2011-03-21 13:19 . 2011-03-21 13:21 -------- d-----w- c:\users\xxxxxxx\AppData\Roaming\avidemux
2011-03-21 13:18 . 2011-03-22 10:52 -------- d-----w- c:\program files\Avidemux 2.5
2011-03-09 19:15 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:15 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:15 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 19:15 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 19:15 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 19:15 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 14:05 . 2009-04-18 18:03 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 17:11 . 2009-10-03 13:46 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 07:50 . 2011-02-10 06:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-10 06:34 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25 . 2011-02-10 06:34 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:56 . 2011-03-25 16:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WizMouse"="c:\program files\WizMouse\WizMouse.exe" [2010-05-23 723248]
"Nexus"="c:\program files\Winstep\Nexus.exe" [2010-10-19 13482624]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-21 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\users\autor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9de4d978f7944;Google Update Service (gupdate1c9de4d978f7944);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 133104]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 102912]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-05-16 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-09 135336]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-04-07 233472]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files\Winstep\WsxService [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
*Deregistered* - BMLoad
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 22:01]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 22:01]
.
2011-03-28 c:\windows\Tasks\User_Feed_Synchronization-{53B2258B-4FBC-42E2-AF31-D15D66506C28}.job
- c:\windows\system32\msfeedssync.exe [2011-02-10 04:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=15015&l=dis
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:61919
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
FF - ProfilePath - c:\users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\zxapfs10.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-28 23:54
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winstep Xtreme Service]
"ImagePath"="c:\program files\Winstep\WsxService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(656)
c:\windows\system32\bmnet.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\conime.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Winstep\WsxService.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-28 23:59:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-03-28 21:59
ComboFix2.txt 2011-03-28 12:43
.
Vor Suchlauf: 18 Verzeichnis(se), 338.786.648.064 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 338.641.428.480 Bytes frei
.
- - End Of File - - E6E74C3C75094F841569EFB55735126C
|
|
29.03.2011, 13:18
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2011, 20:02
| #13 |
| | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Okay. Ich denke ich hab auch das hinbekommen. Hat aber nichts gefunden, wenn ich das richtig verstehe: 2011/03/29 20:59:31.0735 3164 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/29 20:59:32.0178 3164 ================================================================================ 2011/03/29 20:59:32.0178 3164 SystemInfo: 2011/03/29 20:59:32.0178 3164 2011/03/29 20:59:32.0178 3164 OS Version: 6.0.6001 ServicePack: 1.0 2011/03/29 20:59:32.0178 3164 Product type: Workstation 2011/03/29 20:59:32.0178 3164 ComputerName: CARSTEN-PC 2011/03/29 20:59:32.0179 3164 UserName: Carsten 2011/03/29 20:59:32.0179 3164 Windows directory: C:\Windows 2011/03/29 20:59:32.0179 3164 System windows directory: C:\Windows 2011/03/29 20:59:32.0179 3164 Processor architecture: Intel x86 2011/03/29 20:59:32.0179 3164 Number of processors: 2 2011/03/29 20:59:32.0179 3164 Page size: 0x1000 2011/03/29 20:59:32.0179 3164 Boot type: Normal boot 2011/03/29 20:59:32.0179 3164 ================================================================================ 2011/03/29 20:59:32.0459 3164 Initialize success 2011/03/29 20:59:43.0927 2020 ================================================================================ 2011/03/29 20:59:43.0927 2020 Scan started 2011/03/29 20:59:43.0927 2020 Mode: Manual; 2011/03/29 20:59:43.0927 2020 ================================================================================ 2011/03/29 20:59:44.0696 2020 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 2011/03/29 20:59:44.0765 2020 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 2011/03/29 20:59:44.0793 2020 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/03/29 20:59:44.0821 2020 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/03/29 20:59:44.0843 2020 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/03/29 20:59:44.0871 2020 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/03/29 20:59:44.0912 2020 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys 2011/03/29 20:59:44.0964 2020 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/03/29 20:59:44.0994 2020 ahcix86s (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys 2011/03/29 20:59:45.0043 2020 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/03/29 20:59:45.0071 2020 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/03/29 20:59:45.0102 2020 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/03/29 20:59:45.0177 2020 amdide (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys 2011/03/29 20:59:45.0198 2020 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/03/29 20:59:45.0224 2020 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/03/29 20:59:45.0297 2020 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/03/29 20:59:45.0322 2020 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/03/29 20:59:45.0375 2020 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/03/29 20:59:45.0389 2020 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 2011/03/29 20:59:45.0528 2020 atikmdag (ec6b30e644e11d7b18382601f3f95807) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/03/29 20:59:45.0652 2020 AtiPcie (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys 2011/03/29 20:59:45.0721 2020 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 2011/03/29 20:59:45.0823 2020 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/03/29 20:59:45.0890 2020 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/03/29 20:59:45.0946 2020 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/03/29 20:59:45.0984 2020 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/03/29 20:59:46.0035 2020 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/03/29 20:59:46.0087 2020 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys 2011/03/29 20:59:46.0141 2020 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/03/29 20:59:46.0257 2020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/03/29 20:59:46.0273 2020 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/03/29 20:59:46.0296 2020 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/03/29 20:59:46.0321 2020 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/03/29 20:59:46.0334 2020 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/03/29 20:59:46.0360 2020 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/03/29 20:59:46.0380 2020 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/03/29 20:59:46.0408 2020 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/03/29 20:59:46.0425 2020 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 2011/03/29 20:59:46.0450 2020 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/03/29 20:59:46.0494 2020 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 2011/03/29 20:59:46.0534 2020 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/03/29 20:59:46.0552 2020 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys 2011/03/29 20:59:46.0590 2020 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/03/29 20:59:46.0608 2020 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/03/29 20:59:46.0642 2020 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys 2011/03/29 20:59:46.0685 2020 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 2011/03/29 20:59:46.0759 2020 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/03/29 20:59:46.0815 2020 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 2011/03/29 20:59:46.0878 2020 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/03/29 20:59:46.0904 2020 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 2011/03/29 20:59:46.0961 2020 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/03/29 20:59:46.0994 2020 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/03/29 20:59:47.0063 2020 ewusbnet (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys 2011/03/29 20:59:47.0110 2020 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 2011/03/29 20:59:47.0126 2020 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 2011/03/29 20:59:47.0156 2020 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/03/29 20:59:47.0185 2020 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/03/29 20:59:47.0206 2020 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/03/29 20:59:47.0235 2020 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/03/29 20:59:47.0262 2020 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 2011/03/29 20:59:47.0314 2020 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS 2011/03/29 20:59:47.0363 2020 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/03/29 20:59:47.0399 2020 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/03/29 20:59:47.0442 2020 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys 2011/03/29 20:59:47.0519 2020 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/03/29 20:59:47.0547 2020 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/03/29 20:59:47.0573 2020 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/03/29 20:59:47.0925 2020 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/03/29 20:59:48.0291 2020 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 2011/03/29 20:59:48.0344 2020 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/03/29 20:59:48.0509 2020 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys 2011/03/29 20:59:48.0592 2020 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/03/29 20:59:48.0646 2020 hwusbfake (089085538885367e281686762a973eb5) C:\Windows\system32\DRIVERS\ewusbfake.sys 2011/03/29 20:59:48.0667 2020 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/03/29 20:59:48.0703 2020 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/03/29 20:59:48.0724 2020 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/03/29 20:59:48.0750 2020 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/03/29 20:59:48.0816 2020 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/03/29 20:59:48.0835 2020 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/03/29 20:59:48.0860 2020 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/03/29 20:59:48.0899 2020 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/03/29 20:59:48.0922 2020 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/03/29 20:59:48.0944 2020 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/03/29 20:59:48.0968 2020 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/03/29 20:59:49.0015 2020 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/03/29 20:59:49.0043 2020 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/03/29 20:59:49.0066 2020 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/03/29 20:59:49.0079 2020 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/03/29 20:59:49.0137 2020 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 2011/03/29 20:59:49.0181 2020 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 2011/03/29 20:59:49.0228 2020 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/03/29 20:59:49.0263 2020 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/03/29 20:59:49.0280 2020 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/03/29 20:59:49.0317 2020 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/03/29 20:59:49.0340 2020 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/03/29 20:59:49.0369 2020 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/03/29 20:59:49.0394 2020 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/03/29 20:59:49.0422 2020 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/03/29 20:59:49.0470 2020 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/03/29 20:59:49.0489 2020 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/03/29 20:59:49.0509 2020 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/03/29 20:59:49.0524 2020 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/03/29 20:59:49.0552 2020 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/03/29 20:59:49.0608 2020 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/03/29 20:59:49.0630 2020 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/03/29 20:59:49.0645 2020 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 2011/03/29 20:59:49.0690 2020 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/03/29 20:59:49.0715 2020 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/03/29 20:59:49.0733 2020 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/03/29 20:59:49.0770 2020 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/03/29 20:59:49.0790 2020 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/03/29 20:59:49.0860 2020 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 2011/03/29 20:59:49.0883 2020 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/03/29 20:59:49.0913 2020 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/03/29 20:59:49.0963 2020 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/03/29 20:59:49.0991 2020 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/03/29 20:59:50.0013 2020 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/03/29 20:59:50.0028 2020 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 2011/03/29 20:59:50.0055 2020 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/03/29 20:59:50.0092 2020 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/03/29 20:59:50.0110 2020 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 2011/03/29 20:59:50.0175 2020 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 2011/03/29 20:59:50.0214 2020 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 2011/03/29 20:59:50.0233 2020 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/03/29 20:59:50.0250 2020 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/03/29 20:59:50.0284 2020 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/03/29 20:59:50.0305 2020 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/03/29 20:59:50.0324 2020 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/03/29 20:59:50.0347 2020 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 2011/03/29 20:59:50.0389 2020 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/03/29 20:59:50.0415 2020 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 2011/03/29 20:59:50.0441 2020 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/03/29 20:59:50.0488 2020 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 2011/03/29 20:59:50.0521 2020 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/03/29 20:59:50.0539 2020 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/03/29 20:59:50.0589 2020 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/03/29 20:59:50.0615 2020 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/03/29 20:59:50.0650 2020 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/03/29 20:59:50.0750 2020 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/03/29 20:59:50.0806 2020 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/03/29 20:59:50.0834 2020 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 2011/03/29 20:59:50.0848 2020 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/03/29 20:59:50.0907 2020 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys 2011/03/29 20:59:50.0933 2020 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 2011/03/29 20:59:50.0970 2020 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/03/29 20:59:50.0997 2020 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/03/29 20:59:51.0055 2020 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 2011/03/29 20:59:51.0110 2020 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/03/29 20:59:51.0224 2020 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/03/29 20:59:51.0243 2020 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys 2011/03/29 20:59:51.0422 2020 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 2011/03/29 20:59:51.0476 2020 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/03/29 20:59:51.0510 2020 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/03/29 20:59:51.0529 2020 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/03/29 20:59:51.0556 2020 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/03/29 20:59:51.0590 2020 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/03/29 20:59:51.0619 2020 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/03/29 20:59:51.0633 2020 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 2011/03/29 20:59:51.0662 2020 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 2011/03/29 20:59:51.0685 2020 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/03/29 20:59:51.0717 2020 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/03/29 20:59:51.0731 2020 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/03/29 20:59:51.0769 2020 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 2011/03/29 20:59:51.0812 2020 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/03/29 20:59:51.0857 2020 RTL8169 (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/03/29 20:59:51.0894 2020 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/03/29 20:59:51.0941 2020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/03/29 20:59:51.0996 2020 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2011/03/29 20:59:52.0013 2020 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2011/03/29 20:59:52.0033 2020 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/03/29 20:59:52.0089 2020 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/03/29 20:59:52.0109 2020 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/03/29 20:59:52.0122 2020 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/03/29 20:59:52.0146 2020 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/03/29 20:59:52.0176 2020 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/03/29 20:59:52.0193 2020 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/03/29 20:59:52.0217 2020 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/03/29 20:59:52.0248 2020 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 2011/03/29 20:59:52.0299 2020 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys 2011/03/29 20:59:52.0319 2020 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/03/29 20:59:52.0363 2020 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys 2011/03/29 20:59:52.0388 2020 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys 2011/03/29 20:59:52.0417 2020 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys 2011/03/29 20:59:52.0468 2020 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys 2011/03/29 20:59:52.0517 2020 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys 2011/03/29 20:59:52.0570 2020 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys 2011/03/29 20:59:52.0634 2020 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/03/29 20:59:52.0679 2020 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/03/29 20:59:52.0720 2020 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/03/29 20:59:52.0741 2020 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/03/29 20:59:52.0757 2020 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/03/29 20:59:52.0821 2020 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys 2011/03/29 20:59:52.0873 2020 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys 2011/03/29 20:59:52.0919 2020 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys 2011/03/29 20:59:52.0938 2020 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 2011/03/29 20:59:52.0959 2020 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/03/29 20:59:52.0987 2020 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/03/29 20:59:53.0009 2020 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 2011/03/29 20:59:53.0028 2020 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 2011/03/29 20:59:53.0075 2020 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/03/29 20:59:53.0088 2020 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/03/29 20:59:53.0120 2020 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys 2011/03/29 20:59:53.0147 2020 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/03/29 20:59:53.0169 2020 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 2011/03/29 20:59:53.0204 2020 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/03/29 20:59:53.0231 2020 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/03/29 20:59:53.0254 2020 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/03/29 20:59:53.0273 2020 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/03/29 20:59:53.0301 2020 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/03/29 20:59:53.0348 2020 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/03/29 20:59:53.0366 2020 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/03/29 20:59:53.0387 2020 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys 2011/03/29 20:59:53.0416 2020 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys 2011/03/29 20:59:53.0463 2020 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys 2011/03/29 20:59:53.0491 2020 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/03/29 20:59:53.0524 2020 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/03/29 20:59:53.0550 2020 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/03/29 20:59:53.0583 2020 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/03/29 20:59:53.0600 2020 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/03/29 20:59:53.0622 2020 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/03/29 20:59:53.0648 2020 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/03/29 20:59:53.0666 2020 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/03/29 20:59:53.0706 2020 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/03/29 20:59:53.0734 2020 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 2011/03/29 20:59:53.0752 2020 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 2011/03/29 20:59:53.0783 2020 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/03/29 20:59:53.0817 2020 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/03/29 20:59:53.0830 2020 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/29 20:59:53.0859 2020 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/29 20:59:53.0899 2020 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/03/29 20:59:53.0926 2020 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/03/29 20:59:54.0021 2020 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 2011/03/29 20:59:54.0067 2020 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/03/29 20:59:54.0124 2020 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/03/29 20:59:54.0197 2020 ================================================================================ 2011/03/29 20:59:54.0197 2020 Scan finished 2011/03/29 20:59:54.0197 2020 ================================================================================ |
|
29.03.2011, 20:02
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2011, 07:57
| #15 |
| | Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes Okay. Da bin ich wieder: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-03-29 23:53:48
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\0000005c WDC_WD64 rev.05.0
Running: p4tpk6zr.exe; Driver: C:\Users\xxxxxxx\AppData\Local\Temp\fxdiafoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A04000, 0x2C7FC2, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\tdx.sys[TDI.SYS!TdiRegisterDeviceObject] [82FCBFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\smb.sys[TDI.SYS!TdiRegisterDeviceObject] [82FCBFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [82FCBFE6] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742988B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [742D98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7429B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7428FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74297A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7428EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742CB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7429BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7429074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742906B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742871B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7431D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [742B7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7428E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7428697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742869A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3572] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74292465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Process (*** hidden *** ) -2112830376
Process (*** hidden *** ) -2060567784
Process (*** hidden *** ) -2060432144
Process (*** hidden *** ) -2060240056
Process (*** hidden *** ) -2060131160
Process (*** hidden *** ) -2059931464
Process (*** hidden *** ) -2059702088
Process (*** hidden *** ) -2059613776
Process (*** hidden *** ) -2059416616
Process (*** hidden *** ) -2059359760
Process (*** hidden *** ) -2058889184
Process (*** hidden *** ) -2058412544
Process (*** hidden *** ) -2058356944
Process (*** hidden *** ) -2058354504
Process (*** hidden *** ) -2058169336
Process (*** hidden *** ) -2058147032
Process (*** hidden *** ) -2058072576
Process (*** hidden *** ) -2057997200
Process (*** hidden *** ) -2057982464
Process (*** hidden *** ) -2057840656
Process (*** hidden *** ) -2057836488
Process (*** hidden *** ) -2057775008
Process (*** hidden *** ) -2057724872
Process (*** hidden *** ) -2057478656
Process (*** hidden *** ) -2056919120
Process (*** hidden *** ) -2055678016
Process (*** hidden *** ) -2055634200
Process (*** hidden *** ) -2054783488
Process (*** hidden *** ) -2054690296
Process (*** hidden *** ) -2054627840
Process (*** hidden *** ) -2054323192
Process (*** hidden *** ) -2054129544
Process (*** hidden *** ) -2053764120
Process (*** hidden *** ) -2053652296
Process (*** hidden *** ) -2053618304
Process (*** hidden *** ) -2053608960
Process (*** hidden *** ) -2053594952
Process (*** hidden *** ) -2053587936
Process (*** hidden *** ) -2053562184
Process (*** hidden *** ) -2053507624
Process (*** hidden *** ) -2053403680
Process (*** hidden *** ) -2053351648
Process (*** hidden *** ) -2053350952
Process (*** hidden *** ) -2053266600
Process (*** hidden *** ) -2053190144
Process (*** hidden *** ) -2052998312
Process (*** hidden *** ) -2052942384
Process (*** hidden *** ) -2052902064
Process (*** hidden *** ) -2052876792
Process (*** hidden *** ) -2052834424
Process (*** hidden *** ) -2052800072
Process (*** hidden *** ) -2052735488
Process (*** hidden *** ) -2041778688
Process (*** hidden *** ) -2041438720
Process (*** hidden *** ) -2041071496
Process (*** hidden *** ) -2041069384
Process (*** hidden *** ) -2041050912
Process (*** hidden *** ) -2040301544
Process (*** hidden *** ) -2033891256
Process (*** hidden *** ) -2031767368
Process (*** hidden *** ) -2028091944
Process (*** hidden *** ) -2028087848
Process (*** hidden *** ) -2028086456
Process (*** hidden *** ) -2028023624
Process (*** hidden *** ) -2027953992
Process (*** hidden *** ) -2027921224
Process (*** hidden *** ) -2011598488
Process (*** hidden *** ) -2011553608
Process (*** hidden *** ) -2011511128
Process (*** hidden *** ) -2011338656
Process (*** hidden *** ) -2010690048
Process (*** hidden *** ) -2010680352
Process (*** hidden *** ) -2010667296
Process (*** hidden *** ) -2010510896
Process (*** hidden *** ) -2010208880
Process (*** hidden *** ) -2010125264
Process (*** hidden *** ) -2010120704
Process (*** hidden *** ) -2010095064
Process (*** hidden *** ) -2010062664
Process (*** hidden *** ) -2010028864
Process (*** hidden *** ) -2009941632
Process (*** hidden *** ) -2009900024
Process (*** hidden *** ) -2009888800
Process (*** hidden *** ) -2009800520
Process (*** hidden *** ) -2009565728
Process (*** hidden *** ) -2009334752
Process (*** hidden *** ) -2009280328
Process (*** hidden *** ) -2009178792
Process (*** hidden *** ) -2009175184
Process (*** hidden *** ) -2008990208
Process (*** hidden *** ) -2008809984
Process (*** hidden *** ) -2008656704
Process (*** hidden *** ) -2008647656
Process (*** hidden *** ) -2008636464
Process (*** hidden *** ) -2008097960
Process (*** hidden *** ) -2008094328
Process (*** hidden *** ) -2007975352
Process (*** hidden *** ) -2007966208
Process (*** hidden *** ) -2007956440
Process (*** hidden *** ) -2007925248
Process (*** hidden *** ) -2007737984
Process (*** hidden *** ) -2007669232
Process (*** hidden *** ) -2007381584
Process (*** hidden *** ) -2007140808
Process (*** hidden *** ) -2006995512
Process (*** hidden *** ) -2006904648
Process (*** hidden *** ) -2006867784
Process (*** hidden *** ) -2006717608
Process (*** hidden *** ) -2006690912
Process (*** hidden *** ) -2006678648
Process (*** hidden *** ) -2006642504
Process (*** hidden *** ) -2006414032
Process (*** hidden *** ) -2006405632
Process (*** hidden *** ) -2006336000
Process (*** hidden *** ) -2006321008
Process (*** hidden *** ) -2006319616
Process (*** hidden *** ) -2006318920
Process (*** hidden *** ) -2006316216
Process (*** hidden *** ) -2005184328
Process (*** hidden *** ) -2004906824
Process (*** hidden *** ) -2004904320
Process (*** hidden *** ) -2004888760
Process (*** hidden *** ) -2002330408
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 08:47:49 on 30.03.2011 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 4.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "giveio" (giveio) - ? - C:\Windows\System32\giveio.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {79BC0345-1015-11D2-A299-006008312725} "///FAST project settings" - ? - C:\Program Files\Pinnacle\VideoSpin\Programs\BlueShellExt.dll (File found, but it contains no detailed information) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\xxxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "ISUSPM Startup" - "InstallShield Software Corporation" - c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup "Nexus" - "Winstep Software Technologies" - C:\Program Files\Winstep\Nexus.exe autostart "WizMouse" - "Antibody Software" - "C:\Program Files\WizMouse\WizMouse.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe "Google Update Service (gupdate1c9de4d978f7944)" (gupdate1c9de4d978f7944) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "PostgreSQL Database Server 8.3" (pgsql-8.3) - "PostgreSQL Global Development Group" - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe "Winstep Xtreme Service" (Winstep Xtreme Service) - "Winstep Software Technologies" - C:\Program Files\Winstep\WsxService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "BMI over [MSAFD-Tcpip [RAW/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll "BMI over [MSAFD-Tcpip [TCP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll "BMI over [MSAFD-Tcpip [UDP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: MEDIONPC BIOS Manufacturer: American Megatrends Inc. System Manufacturer: MEDIONPC System Product Name: MS-7501 Logical Drives Mask: 0x000000fc Kernel Drivers (total 146): 0x8204A000 \SystemRoot\system32\ntkrnlpa.exe 0x82017000 \SystemRoot\system32\hal.dll 0x80400000 \SystemRoot\system32\kdcom.dll 0x80408000 \SystemRoot\system32\PSHED.dll 0x80419000 \SystemRoot\system32\BOOTVID.dll 0x80421000 \SystemRoot\system32\CLFS.SYS 0x80462000 \SystemRoot\system32\CI.dll 0x80542000 \SystemRoot\system32\drivers\Wdf01000.sys 0x805BE000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80606000 \SystemRoot\system32\drivers\acpi.sys 0x8064C000 \SystemRoot\system32\drivers\WMILIB.SYS 0x80655000 \SystemRoot\system32\drivers\msisadrv.sys 0x8065D000 \SystemRoot\system32\drivers\pci.sys 0x80684000 \SystemRoot\System32\drivers\partmgr.sys 0x80693000 \SystemRoot\system32\drivers\volmgr.sys 0x806A2000 \SystemRoot\System32\drivers\volmgrx.sys 0x806EC000 \SystemRoot\system32\drivers\pciide.sys 0x806F3000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x80701000 \SystemRoot\system32\DRIVERS\amdide.sys 0x80708000 \SystemRoot\System32\drivers\mountmgr.sys 0x80718000 \SystemRoot\system32\drivers\atapi.sys 0x80720000 \SystemRoot\system32\drivers\ataport.SYS 0x8073E000 \SystemRoot\system32\drivers\msahci.sys 0x80748000 \SystemRoot\system32\drivers\fltmgr.sys 0x8077A000 \SystemRoot\system32\drivers\fileinfo.sys 0x8078A000 \SystemRoot\System32\Drivers\ksecdd.sys 0x82606000 \SystemRoot\system32\drivers\ndis.sys 0x82711000 \SystemRoot\system32\drivers\msrpc.sys 0x8273C000 \SystemRoot\system32\drivers\NETIO.SYS 0x82C00000 \SystemRoot\System32\drivers\tcpip.sys 0x82CE9000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x82E02000 \SystemRoot\System32\Drivers\Ntfs.sys 0x82F11000 \SystemRoot\system32\drivers\volsnap.sys 0x82F4A000 \SystemRoot\System32\Drivers\spldr.sys 0x82F52000 \SystemRoot\system32\speedfan.sys 0x82F54000 \SystemRoot\System32\Drivers\mup.sys 0x82F63000 \SystemRoot\system32\giveio.sys 0x82F64000 \SystemRoot\System32\drivers\ecache.sys 0x82F8B000 \SystemRoot\system32\drivers\disk.sys 0x82F9C000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x82FBD000 \SystemRoot\system32\drivers\crcdisk.sys 0x82FC6000 \SystemRoot\system32\drivers\BMLoad.sys 0x82FCC000 \SystemRoot\system32\DRIVERS\AtiPcie.sys 0x82D04000 \SystemRoot\system32\DRIVERS\ahcix86s.sys 0x82D47000 \SystemRoot\system32\DRIVERS\storport.sys 0x82FEB000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x82FF6000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x82DCB000 \SystemRoot\system32\DRIVERS\processr.sys 0x90C01000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x91107000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x911A6000 \SystemRoot\System32\drivers\watchdog.sys 0x911B3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x911C5000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x911E6000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x82DDA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x82DE8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x911F6000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x82776000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x827B4000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x827C3000 \SystemRoot\system32\DRIVERS\serial.sys 0x827DD000 \SystemRoot\system32\DRIVERS\serenum.sys 0x827E7000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x805CB000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x9120E000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x9123C000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x91247000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x9125E000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x91269000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x9128C000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x9129B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x912AF000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x912C4000 \SystemRoot\system32\DRIVERS\termdd.sys 0x912D4000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x912DF000 \SystemRoot\system32\DRIVERS\swenum.sys 0x912E1000 \SystemRoot\system32\DRIVERS\ks.sys 0x9130B000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x91315000 \SystemRoot\system32\DRIVERS\umbus.sys 0x91322000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x91356000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x91367000 \SystemRoot\system32\drivers\HdAudio.sys 0x913A6000 \SystemRoot\system32\drivers\portcls.sys 0x913D3000 \SystemRoot\system32\drivers\drmk.sys 0x91200000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x913F8000 \SystemRoot\System32\Drivers\Null.SYS 0x805D6000 \SystemRoot\System32\Drivers\Beep.SYS 0x805DD000 \SystemRoot\System32\drivers\vga.sys 0x91401000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x91422000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x9142A000 \SystemRoot\system32\drivers\rdpencdd.sys 0x91432000 \SystemRoot\System32\Drivers\Msfs.SYS 0x9143D000 \SystemRoot\System32\Drivers\Npfs.SYS 0x9144B000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x91454000 \SystemRoot\system32\DRIVERS\tdx.sys 0x9146A000 \SystemRoot\System32\Drivers\tcpipBM.SYS 0x9146F000 \SystemRoot\system32\DRIVERS\smb.sys 0x91483000 \SystemRoot\system32\drivers\afd.sys 0x914CB000 \SystemRoot\System32\DRIVERS\netbt.sys 0x914FD000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x91506000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9151C000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9152A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9153D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x91543000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x9157F000 \SystemRoot\system32\drivers\nsiproxy.sys 0x91589000 \SystemRoot\System32\Drivers\dfsc.sys 0x915A0000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x915C6000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x915C8000 \SystemRoot\System32\Drivers\fastfat.SYS 0x805E9000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x915F0000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x915F2000 \SystemRoot\System32\Drivers\crashdmp.sys 0x82FD4000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x82D88000 \SystemRoot\System32\Drivers\dump_ahcix86s.sys 0x82FDE000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x9A409000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x9A419000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x9A420000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9AE80000 \SystemRoot\System32\win32k.sys 0x9A432000 \SystemRoot\System32\drivers\Dxapi.sys 0x9A43C000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9B0A0000 \SystemRoot\System32\TSDDD.dll 0x9B0C0000 \SystemRoot\System32\cdd.dll 0x9A44B000 \SystemRoot\system32\drivers\luafv.sys 0x9A466000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x9A47B000 \SystemRoot\system32\drivers\spsys.sys 0x9A52A000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9A53A000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9A54D000 \SystemRoot\system32\drivers\HTTP.sys 0x9A5BA000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9A5D7000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9F609000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9F61E000 \SystemRoot\system32\drivers\mrxdav.sys 0x9F63E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9F65D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9F696000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9F6AE000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9F6D6000 \SystemRoot\System32\DRIVERS\srv.sys 0xA120B000 \SystemRoot\system32\drivers\peauth.sys 0xA12E9000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA12F3000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA12FF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA1314000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA1326000 \??\C:\Windows\system32\FsUsbExDisk.SYS 0xA132F000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA1345000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x77A40000 \Windows\System32\ntdll.dll Processes (total 69): 0 System Idle Process 4 SYSTEM 448 C:\Windows\System32\smss.exe 520 csrss.exe 584 C:\Windows\System32\wininit.exe 596 csrss.exe 628 C:\Windows\System32\services.exe 640 C:\Windows\System32\lsass.exe 648 C:\Windows\System32\lsm.exe 768 C:\Windows\System32\winlogon.exe 836 C:\Windows\System32\svchost.exe 920 C:\Windows\System32\svchost.exe 972 C:\Windows\System32\svchost.exe 1044 C:\Windows\System32\atiesrxx.exe 1096 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\svchost.exe 1280 C:\Windows\System32\audiodg.exe 1308 C:\Windows\System32\svchost.exe 1328 C:\Windows\System32\SLsvc.exe 1368 C:\Windows\System32\svchost.exe 1492 C:\Windows\System32\atieclxx.exe 1516 C:\Windows\System32\svchost.exe 1780 C:\Windows\System32\spoolsv.exe 1816 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1856 C:\Windows\System32\svchost.exe 324 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 372 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 388 C:\Program Files\Bonjour\mDNSResponder.exe 480 C:\Windows\System32\FsUsbExService.Exe 580 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 816 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1704 C:\Windows\System32\taskeng.exe 2112 C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe 2124 C:\Windows\System32\IoctlSvc.exe 2144 C:\Windows\System32\svchost.exe 2168 C:\Windows\System32\svchost.exe 2188 postgres.exe 2212 C:\Windows\System32\svchost.exe 2248 C:\Program Files\Winstep\WsxService.exe 2316 C:\Windows\System32\SearchIndexer.exe 2356 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe 2452 postgres.exe 2608 postgres.exe 2616 WUDFHost.exe 2624 postgres.exe 2632 postgres.exe 2640 postgres.exe 3144 C:\Windows\System32\dwm.exe 3200 C:\Windows\System32\taskeng.exe 3284 C:\Windows\explorer.exe 3472 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3492 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 3500 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3508 C:\Program Files\Java\jre6\bin\jusched.exe 3560 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 3608 C:\Program Files\Windows Sidebar\sidebar.exe 3624 C:\Program Files\WizMouse\WizMouse.exe 3632 C:\Program Files\Winstep\Nexus.exe 3640 C:\Program Files\Windows Media Player\wmpnscfg.exe 4024 C:\Program Files\Windows Media Player\wmpnetwk.exe 3600 C:\Program Files\Windows Sidebar\sidebar.exe 1892 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 5596 C:\Windows\System32\wuauclt.exe 4184 C:\Program Files\Java\jre6\bin\jucheck.exe 4216 C:\Windows\System32\SearchProtocolHost.exe 5728 C:\Windows\System32\SearchFilterHost.exe 3044 C:\Users\xxxxxxx\Desktop\Desktop\MBRCheck.exe 4324 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000090`0aa07e00 (FAT32) PhysicalDrive0 Model Number: WDC WD6400AACS-00G8B1, Rev: 05.0 Size Device Name MBR Status -------------------------------------------- 596 GB \\.\PhysicalDrive0 RE: Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
| Themen zu Probleme mit Softwareupdates und IE nach Trjaner und Malewarebytes |
| automatisch, diverse, einstellungen, fehlermeldung, firefox, folge, gesendet, google, hallo zusammen, internet, logfiles, merkwürdig, netzwerk, nicht mehr, panik, plötzlich, problem, probleme, proxy-server, scan, seite, seiten, server, trjaner, verbindung, windows |
Linear-Darstellung
