| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.04.2011, 21:25
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. Dann erstmal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.04.2011, 21:40
| #17 |
 | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. ok habe ich gemacht. die bilder sahen zwar anders aus, und das txt heisst anders, aber denke das hier sollte es sein..
__________________2011/04/04 22:34:58.0789 2544 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/04 22:34:59.0195 2544 ================================================================================ 2011/04/04 22:34:59.0195 2544 SystemInfo: 2011/04/04 22:34:59.0195 2544 2011/04/04 22:34:59.0195 2544 OS Version: 6.0.6001 ServicePack: 1.0 2011/04/04 22:34:59.0195 2544 Product type: Workstation 2011/04/04 22:34:59.0195 2544 ComputerName: SEBASRECHNER 2011/04/04 22:34:59.0195 2544 UserName: Seba 2011/04/04 22:34:59.0195 2544 Windows directory: C:\Windows 2011/04/04 22:34:59.0195 2544 System windows directory: C:\Windows 2011/04/04 22:34:59.0195 2544 Processor architecture: Intel x86 2011/04/04 22:34:59.0195 2544 Number of processors: 1 2011/04/04 22:34:59.0195 2544 Page size: 0x1000 2011/04/04 22:34:59.0195 2544 Boot type: Normal boot 2011/04/04 22:34:59.0195 2544 ================================================================================ 2011/04/04 22:35:03.0141 2544 Initialize success 2011/04/04 22:35:13.0656 4012 ================================================================================ 2011/04/04 22:35:13.0656 4012 Scan started 2011/04/04 22:35:13.0656 4012 Mode: Manual; 2011/04/04 22:35:13.0656 4012 ================================================================================ 2011/04/04 22:35:14.0061 4012 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 2011/04/04 22:35:14.0124 4012 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/04/04 22:35:14.0171 4012 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/04/04 22:35:14.0233 4012 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/04/04 22:35:14.0264 4012 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/04/04 22:35:14.0358 4012 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys 2011/04/04 22:35:14.0405 4012 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/04/04 22:35:14.0467 4012 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/04 22:35:14.0514 4012 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/04/04 22:35:14.0561 4012 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/04/04 22:35:14.0592 4012 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/04/04 22:35:14.0623 4012 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/04/04 22:35:14.0654 4012 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/04/04 22:35:14.0763 4012 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/04/04 22:35:14.0810 4012 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/04/04 22:35:14.0857 4012 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/04 22:35:14.0888 4012 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 2011/04/04 22:35:15.0029 4012 BCM43XX (e22abcaa7b6ff580feb0d49545dc4263) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/04/04 22:35:15.0091 4012 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/04 22:35:15.0153 4012 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/04/04 22:35:15.0216 4012 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/04 22:35:15.0278 4012 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/04 22:35:15.0309 4012 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/04 22:35:15.0372 4012 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/04 22:35:15.0403 4012 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/04 22:35:15.0450 4012 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/04 22:35:15.0481 4012 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/04 22:35:15.0528 4012 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/04 22:35:15.0637 4012 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/04 22:35:15.0668 4012 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/04 22:35:15.0731 4012 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/04/04 22:35:15.0777 4012 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 2011/04/04 22:35:15.0887 4012 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/04 22:35:15.0918 4012 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/04/04 22:35:15.0949 4012 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/04 22:35:15.0996 4012 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/04/04 22:35:16.0043 4012 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/04/04 22:35:16.0105 4012 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys 2011/04/04 22:35:16.0183 4012 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 2011/04/04 22:35:16.0245 4012 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 2011/04/04 22:35:16.0370 4012 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys 2011/04/04 22:35:16.0417 4012 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/04 22:35:16.0464 4012 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/04 22:35:16.0542 4012 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/04 22:35:16.0604 4012 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 2011/04/04 22:35:16.0667 4012 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/04/04 22:35:16.0729 4012 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/04/04 22:35:16.0807 4012 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 2011/04/04 22:35:16.0869 4012 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 2011/04/04 22:35:16.0932 4012 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/04 22:35:16.0979 4012 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/04 22:35:17.0025 4012 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/04 22:35:17.0072 4012 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/04 22:35:17.0103 4012 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 2011/04/04 22:35:17.0150 4012 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/04 22:35:17.0197 4012 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/04 22:35:17.0291 4012 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/04/04 22:35:17.0415 4012 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/04 22:35:17.0462 4012 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/04 22:35:17.0509 4012 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/04 22:35:17.0556 4012 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/04 22:35:17.0618 4012 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/04 22:35:17.0681 4012 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/04/04 22:35:17.0790 4012 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys 2011/04/04 22:35:17.0852 4012 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/04/04 22:35:17.0930 4012 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/04 22:35:17.0993 4012 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/04/04 22:35:18.0273 4012 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/04/04 22:35:18.0523 4012 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/04 22:35:18.0648 4012 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/04 22:35:18.0757 4012 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/04 22:35:18.0819 4012 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/04 22:35:18.0882 4012 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/04 22:35:18.0960 4012 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/04 22:35:19.0007 4012 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/04 22:35:19.0053 4012 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/04 22:35:19.0085 4012 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/04/04 22:35:19.0147 4012 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/04 22:35:19.0194 4012 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/04 22:35:19.0256 4012 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/04 22:35:19.0334 4012 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/04 22:35:19.0615 4012 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/04 22:35:19.0740 4012 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/04 22:35:19.0802 4012 L1C (e7ec4dc9192166e7adb76c9fe3f10709) C:\Windows\system32\DRIVERS\L1C60x86.sys 2011/04/04 22:35:19.0880 4012 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/04 22:35:19.0943 4012 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/04 22:35:20.0021 4012 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/04 22:35:20.0083 4012 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/04 22:35:20.0130 4012 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/04 22:35:20.0177 4012 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/04/04 22:35:20.0255 4012 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/04/04 22:35:20.0317 4012 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/04 22:35:20.0364 4012 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/04 22:35:20.0395 4012 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/04 22:35:20.0442 4012 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/04 22:35:20.0473 4012 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/04 22:35:20.0520 4012 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/04/04 22:35:20.0567 4012 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/04 22:35:20.0613 4012 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/04 22:35:20.0691 4012 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 2011/04/04 22:35:20.0785 4012 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/04 22:35:20.0816 4012 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/04 22:35:20.0863 4012 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/04 22:35:20.0910 4012 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/04/04 22:35:20.0957 4012 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/04/04 22:35:21.0050 4012 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/04 22:35:21.0128 4012 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/04 22:35:21.0206 4012 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/04 22:35:21.0237 4012 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/04 22:35:21.0284 4012 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/04 22:35:21.0425 4012 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 2011/04/04 22:35:21.0471 4012 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/04 22:35:21.0503 4012 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/04 22:35:21.0549 4012 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 2011/04/04 22:35:21.0612 4012 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/04 22:35:21.0690 4012 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 2011/04/04 22:35:21.0752 4012 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/04 22:35:21.0783 4012 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/04 22:35:21.0830 4012 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/04 22:35:21.0861 4012 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/04 22:35:21.0986 4012 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/04 22:35:22.0033 4012 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/04 22:35:22.0127 4012 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/04 22:35:22.0189 4012 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 2011/04/04 22:35:22.0236 4012 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/04 22:35:22.0298 4012 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 2011/04/04 22:35:22.0392 4012 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys 2011/04/04 22:35:22.0439 4012 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/04 22:35:22.0485 4012 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/04 22:35:22.0532 4012 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/04/04 22:35:22.0579 4012 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/04/04 22:35:22.0641 4012 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/04/04 22:35:22.0751 4012 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/04/04 22:35:22.0829 4012 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/04 22:35:22.0860 4012 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 2011/04/04 22:35:22.0922 4012 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/04 22:35:22.0953 4012 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 2011/04/04 22:35:23.0000 4012 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/04/04 22:35:23.0047 4012 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/04 22:35:23.0125 4012 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/04 22:35:23.0250 4012 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/04 22:35:23.0281 4012 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/04/04 22:35:23.0375 4012 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/04 22:35:23.0437 4012 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/04/04 22:35:23.0624 4012 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/04 22:35:23.0671 4012 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/04 22:35:23.0718 4012 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/04 22:35:23.0765 4012 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/04 22:35:23.0827 4012 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/04 22:35:23.0858 4012 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/04 22:35:23.0905 4012 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/04 22:35:23.0952 4012 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/04 22:35:23.0999 4012 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/04/04 22:35:24.0030 4012 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/04 22:35:24.0092 4012 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 2011/04/04 22:35:24.0186 4012 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys 2011/04/04 22:35:24.0311 4012 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/04 22:35:24.0420 4012 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS 2011/04/04 22:35:24.0810 4012 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys 2011/04/04 22:35:25.0434 4012 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys 2011/04/04 22:35:25.0512 4012 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys 2011/04/04 22:35:25.0559 4012 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys 2011/04/04 22:35:25.0637 4012 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys 2011/04/04 22:35:25.0683 4012 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys 2011/04/04 22:35:25.0746 4012 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys 2011/04/04 22:35:25.0808 4012 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/04 22:35:25.0871 4012 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/04 22:35:25.0917 4012 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/04 22:35:25.0949 4012 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/04 22:35:26.0027 4012 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/04 22:35:26.0307 4012 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/04/04 22:35:26.0370 4012 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/04 22:35:26.0432 4012 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/04 22:35:26.0463 4012 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/04 22:35:26.0541 4012 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/04/04 22:35:26.0588 4012 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/04/04 22:35:26.0635 4012 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/04/04 22:35:26.0713 4012 SLEE_16_DRIVER (4723512c035a3a880db4657705466240) C:\Windows\system32\drivers\Sleen16.sys 2011/04/04 22:35:26.0760 4012 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 2011/04/04 22:35:26.0853 4012 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/04 22:35:26.0931 4012 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/04/04 22:35:26.0931 4012 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/04 22:35:26.0963 4012 sptd - detected Locked file (1) 2011/04/04 22:35:27.0009 4012 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys 2011/04/04 22:35:27.0087 4012 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/04 22:35:27.0119 4012 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/04 22:35:27.0197 4012 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/04 22:35:27.0275 4012 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/04 22:35:27.0321 4012 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/04 22:35:27.0368 4012 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/04 22:35:27.0431 4012 SynTP (32c0296ae115906679d94957f501e8db) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/04 22:35:27.0524 4012 tap0901 (34f1bcb847a924a161422f106a79b9ff) C:\Windows\system32\DRIVERS\tap0901.sys 2011/04/04 22:35:27.0618 4012 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys 2011/04/04 22:35:27.0711 4012 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\Windows\system32\DRIVERS\tapvpn.sys 2011/04/04 22:35:27.0821 4012 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys 2011/04/04 22:35:27.0883 4012 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/04 22:35:27.0945 4012 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/04 22:35:27.0992 4012 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/04 22:35:28.0039 4012 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/04 22:35:28.0086 4012 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/04 22:35:28.0117 4012 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/04 22:35:28.0211 4012 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/04 22:35:28.0257 4012 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/04 22:35:28.0320 4012 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/04 22:35:28.0367 4012 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/04/04 22:35:28.0413 4012 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys 2011/04/04 22:35:28.0460 4012 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/04 22:35:28.0554 4012 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/04 22:35:28.0616 4012 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/04/04 22:35:28.0835 4012 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/04 22:35:28.0991 4012 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/04 22:35:29.0037 4012 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/04 22:35:29.0318 4012 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys 2011/04/04 22:35:29.0381 4012 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/04 22:35:29.0427 4012 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/04 22:35:29.0474 4012 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/04 22:35:29.0521 4012 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/04 22:35:29.0568 4012 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/04 22:35:29.0630 4012 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/04 22:35:29.0693 4012 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/04 22:35:29.0739 4012 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/04 22:35:29.0802 4012 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/04 22:35:29.0880 4012 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/04 22:35:29.0927 4012 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/04 22:35:29.0973 4012 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/04/04 22:35:30.0036 4012 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/04/04 22:35:30.0083 4012 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/04/04 22:35:30.0129 4012 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/04 22:35:30.0176 4012 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 2011/04/04 22:35:30.0254 4012 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 2011/04/04 22:35:30.0301 4012 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/04/04 22:35:30.0363 4012 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/04 22:35:30.0426 4012 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/04 22:35:30.0441 4012 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/04 22:35:30.0504 4012 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/04/04 22:35:30.0566 4012 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/04 22:35:30.0707 4012 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/04 22:35:30.0909 4012 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/04 22:35:30.0987 4012 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/04 22:35:31.0065 4012 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/04 22:35:31.0253 4012 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/04/04 22:35:31.0268 4012 ================================================================================ 2011/04/04 22:35:31.0268 4012 Scan finished 2011/04/04 22:35:31.0268 4012 ================================================================================ 2011/04/04 22:35:31.0284 3912 Detected object count: 2 2011/04/04 22:36:32.0078 3912 Locked file(sptd) - User select action: Skip 2011/04/04 22:36:32.0172 3912 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/04/04 22:36:32.0172 3912 \HardDisk0 - ok 2011/04/04 22:36:32.0172 3912 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/04/04 22:36:39.0535 1872 Deinitialize success |
|
04.04.2011, 21:46
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. Rootkit TDL4 wurde erkannt und entfernt.
__________________Starte Windows neu und probier cofi nochmal.
__________________ |
|
04.04.2011, 22:09
| #19 |
| | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. juchu, es hat funktioniert mit diesem programm: hier die datei: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-04.01 - Seba 04.04.2011 22:58:40.9.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.49.1033.18.1977.1281 [GMT 2:00]
ausgeführt von:: c:\users\Seba\Desktop\cofi.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-04 bis 2011-04-04 ))))))))))))))))))))))))))))))
.
.
2011-04-04 21:05 . 2011-04-04 21:05 -------- d-----w- c:\users\Seba\AppData\Local\temp
2011-04-04 21:05 . 2011-04-04 21:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-04 20:09 . 2011-04-04 20:09 -------- d-----w- c:\windows\system32\EventProviders
2011-04-03 18:54 . 2011-04-03 18:54 -------- d-----w- c:\program files\CCleaner
2011-04-03 18:05 . 2011-04-03 18:05 -------- d-----w- C:\_OTL
2011-04-03 10:00 . 2011-04-03 10:00 -------- d-----w- c:\program files\ESET
2011-04-03 09:18 . 2011-04-03 09:18 -------- d-----w- c:\users\Seba\AppData\Roaming\Malwarebytes
2011-04-03 09:17 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-03 09:17 . 2011-04-03 09:17 -------- d-----w- c:\programdata\Malwarebytes
2011-04-03 09:17 . 2011-04-03 09:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 09:17 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 19:51 . 2011-04-02 19:51 -------- d-----w- c:\users\Seba\AppData\Local\Opera
2011-04-02 19:51 . 2011-04-02 19:51 -------- d-----w- c:\program files\Opera
2011-04-02 18:56 . 2011-04-02 19:03 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-04-02 18:47 . 2011-04-02 18:47 -------- d-----w- c:\users\Seba\AppData\Local\PackageAware
2011-03-27 10:45 . 2011-03-27 10:45 -------- d-----w- c:\program files\Common Files\Java
2011-03-27 10:44 . 2011-02-02 19:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-27 10:44 . 2011-02-02 19:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-27 10:42 . 2011-03-18 17:56 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-27 10:42 . 2011-03-18 17:56 713592 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2011-03-27 10:18 . 2011-03-27 10:19 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-26 20:46 . 2011-04-01 13:25 -------- d-----w- c:\users\Seba\AppData\Roaming\Helptab
2011-03-22 15:37 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84B07048-682C-4C6D-937D-DD9033A4ECA7}\mpengine.dll
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 10:28 . 2011-03-12 10:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 11:41 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 11:41 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 11:41 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 11:41 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 11:41 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 11:41 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2009-10-02 21:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 07:50 . 2011-02-09 00:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-09 00:09 292352 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-03-18 17:56 . 2011-03-27 10:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-13 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 49664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-11 6724128]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-02-06 686624]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-11-04 57344]
"SAFEOEM HotKeys"="c:\program files\Steganos Safe OEM\SteganosHotKeyService.exe" [2008-12-11 26112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-07-31 1626112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\users\Seba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-495979994-2319577649-2858353153-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9fa70899bd93e;Google Update Service (gupdate1c9fa70899bd93e);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 133104]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-26 691696]
S1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver];c:\windows\system32\drivers\Sleen16.sys [2008-10-01 13:24 79104]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-02-06 653856]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srv1360
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 17:22]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 17:22]
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-01 17:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0409&m=e525
IE: Free YouTube to Mp3 Converter - c:\users\Seba\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\y0wrg1vm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-srv1360
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-04 23:05
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\users\Seba\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-495979994-2319577649-2858353153-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ef,ec,e2,01,9a,9a,01,05,bc,bb,8e,c3,46,11,63,fe,0a,9c,34,80,e9,8a,2a,
0b,25,b5,ed,de,75,44,78,b1,5c,36,c1,24,95,fd,e3,2c,82,94,94,5a,d8,38,8e,9d,\
"??"=hex:5d,d2,5a,3f,87,74,4c,1b,1c,7f,17,3a,81,4b,ff,dd
.
[HKEY_USERS\S-1-5-21-495979994-2319577649-2858353153-1000\Software\SecuROM\License information*]
"datasecu"=hex:7d,f2,d1,13,56,b6,c8,27,b8,65,ff,68,00,a2,05,4f,d4,aa,eb,a6,6d,
73,b2,10,13,2d,59,fc,a3,48,b4,c1,c6,31,a7,9b,e7,22,99,e6,35,fa,f3,00,9a,8b,\
"rkeysecu"=hex:34,df,1a,64,86,4c,ed,e1,6b,cd,1a,88,33,82,16,84
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3624)
c:\program files\eMachines\eMachines Power Management\SysHook.dll
.
Zeit der Fertigstellung: 2011-04-04 23:07:59
ComboFix-quarantined-files.txt 2011-04-04 21:07
.
Vor Suchlauf: 23.550.263.296 bytes free
Nach Suchlauf: 23.383.121.920 bytes free
.
- - End Of File - - AD4362DFA98A3A4F675925999779AC95
|
|
05.04.2011, 09:28
| #20 |
| | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. ich habe uebrigens inzwischen das gefuehl, dass alles wieder in ordnung ist. zumindest kann ich wieder "normal" im internet surfen, und endlich weiter fuer meine hausarbeiten etc recherchieren... dafuer schon mal ein grosses dankeschoen! ich habe aber auch gelesen, (wahrscheinlich sogar hier), dass wenn die symptome aufhoeren, es noch nicht heisst dass das problem beseitigt ist... |
|
05.04.2011, 11:36
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. Führ nochmal zur Kontrolle den TDSS-Killer aus und poste das neue Log
__________________ --> Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. |
|
05.04.2011, 12:14
| #22 |
| | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. done: 2011/04/05 13:12:36.0683 2712 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/05 13:12:37.0057 2712 ================================================================================ 2011/04/05 13:12:37.0057 2712 SystemInfo: 2011/04/05 13:12:37.0057 2712 2011/04/05 13:12:37.0057 2712 OS Version: 6.0.6001 ServicePack: 1.0 2011/04/05 13:12:37.0057 2712 Product type: Workstation 2011/04/05 13:12:37.0057 2712 ComputerName: SEBASRECHNER 2011/04/05 13:12:37.0057 2712 UserName: Seba 2011/04/05 13:12:37.0057 2712 Windows directory: C:\Windows 2011/04/05 13:12:37.0057 2712 System windows directory: C:\Windows 2011/04/05 13:12:37.0057 2712 Processor architecture: Intel x86 2011/04/05 13:12:37.0057 2712 Number of processors: 1 2011/04/05 13:12:37.0057 2712 Page size: 0x1000 2011/04/05 13:12:37.0057 2712 Boot type: Normal boot 2011/04/05 13:12:37.0057 2712 ================================================================================ 2011/04/05 13:12:42.0299 2712 Initialize success 2011/04/05 13:12:44.0998 4080 ================================================================================ 2011/04/05 13:12:44.0998 4080 Scan started 2011/04/05 13:12:44.0998 4080 Mode: Manual; 2011/04/05 13:12:44.0998 4080 ================================================================================ 2011/04/05 13:12:46.0449 4080 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 2011/04/05 13:12:46.0511 4080 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/04/05 13:12:46.0573 4080 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/04/05 13:12:46.0636 4080 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/04/05 13:12:46.0745 4080 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/04/05 13:12:46.0854 4080 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys 2011/04/05 13:12:46.0917 4080 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/04/05 13:12:46.0995 4080 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/05 13:12:47.0041 4080 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/04/05 13:12:47.0057 4080 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/04/05 13:12:47.0088 4080 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/04/05 13:12:47.0119 4080 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/04/05 13:12:47.0151 4080 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/04/05 13:12:47.0260 4080 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/04/05 13:12:47.0291 4080 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/04/05 13:12:47.0338 4080 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/05 13:12:47.0416 4080 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 2011/04/05 13:12:47.0587 4080 BCM43XX (e22abcaa7b6ff580feb0d49545dc4263) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/04/05 13:12:47.0837 4080 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/05 13:12:47.0962 4080 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/04/05 13:12:48.0570 4080 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/05 13:12:48.0929 4080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/05 13:12:49.0023 4080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/05 13:12:49.0069 4080 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/05 13:12:49.0101 4080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/05 13:12:49.0132 4080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/05 13:12:49.0163 4080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/05 13:12:49.0179 4080 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/05 13:12:49.0335 4080 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/05 13:12:49.0366 4080 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/05 13:12:49.0413 4080 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/04/05 13:12:49.0584 4080 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 2011/04/05 13:12:49.0709 4080 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/05 13:12:49.0756 4080 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/04/05 13:12:49.0803 4080 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/05 13:12:49.0943 4080 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/04/05 13:12:49.0974 4080 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/04/05 13:12:50.0068 4080 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys 2011/04/05 13:12:50.0193 4080 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 2011/04/05 13:12:50.0239 4080 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 2011/04/05 13:12:50.0364 4080 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys 2011/04/05 13:12:50.0442 4080 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/05 13:12:50.0567 4080 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/05 13:12:50.0629 4080 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/05 13:12:50.0723 4080 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 2011/04/05 13:12:50.0801 4080 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/04/05 13:12:50.0879 4080 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/04/05 13:12:50.0957 4080 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 2011/04/05 13:12:51.0019 4080 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 2011/04/05 13:12:51.0097 4080 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/05 13:12:51.0160 4080 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/05 13:12:51.0207 4080 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/05 13:12:51.0253 4080 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/05 13:12:51.0300 4080 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 2011/04/05 13:12:51.0363 4080 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/05 13:12:51.0409 4080 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/05 13:12:51.0597 4080 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/04/05 13:12:51.0799 4080 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/05 13:12:51.0924 4080 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/05 13:12:52.0049 4080 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/05 13:12:52.0096 4080 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/05 13:12:52.0189 4080 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/05 13:12:52.0236 4080 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/04/05 13:12:52.0330 4080 HTTP (33b02459e86d0a2b86a6b9fe19139390) C:\Windows\system32\drivers\HTTP.sys 2011/04/05 13:12:52.0377 4080 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/04/05 13:12:52.0501 4080 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/05 13:12:52.0548 4080 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/04/05 13:12:53.0016 4080 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/04/05 13:12:53.0484 4080 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/05 13:12:54.0093 4080 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/05 13:12:54.0327 4080 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/05 13:12:54.0405 4080 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/05 13:12:54.0483 4080 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/05 13:12:54.0576 4080 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/05 13:12:54.0639 4080 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/05 13:12:54.0701 4080 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/05 13:12:54.0748 4080 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/04/05 13:12:54.0795 4080 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/05 13:12:54.0997 4080 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/05 13:12:55.0450 4080 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/05 13:12:55.0621 4080 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/05 13:12:55.0684 4080 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/05 13:12:55.0762 4080 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/05 13:12:55.0871 4080 L1C (e7ec4dc9192166e7adb76c9fe3f10709) C:\Windows\system32\DRIVERS\L1C60x86.sys 2011/04/05 13:12:55.0965 4080 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/05 13:12:56.0074 4080 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/05 13:12:56.0136 4080 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/05 13:12:56.0230 4080 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/05 13:12:56.0292 4080 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/05 13:12:56.0339 4080 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/04/05 13:12:56.0386 4080 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/04/05 13:12:56.0464 4080 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/05 13:12:56.0526 4080 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/05 13:12:56.0682 4080 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/05 13:12:56.0838 4080 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/05 13:12:57.0010 4080 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/05 13:12:57.0103 4080 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/04/05 13:12:57.0166 4080 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/05 13:12:57.0259 4080 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/05 13:12:57.0291 4080 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 2011/04/05 13:12:57.0353 4080 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/05 13:12:57.0400 4080 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/05 13:12:57.0447 4080 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/05 13:12:57.0525 4080 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/04/05 13:12:57.0571 4080 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/04/05 13:12:57.0681 4080 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/05 13:12:57.0774 4080 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/05 13:12:57.0868 4080 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/05 13:12:57.0915 4080 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/05 13:12:57.0977 4080 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/05 13:12:58.0024 4080 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 2011/04/05 13:12:58.0102 4080 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/05 13:12:58.0149 4080 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/05 13:12:58.0195 4080 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 2011/04/05 13:12:58.0289 4080 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/05 13:12:58.0367 4080 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 2011/04/05 13:12:58.0882 4080 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/05 13:12:58.0975 4080 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/05 13:12:59.0085 4080 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/05 13:12:59.0116 4080 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/05 13:12:59.0163 4080 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/05 13:12:59.0209 4080 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/05 13:12:59.0303 4080 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/05 13:12:59.0365 4080 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 2011/04/05 13:12:59.0459 4080 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/05 13:12:59.0818 4080 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 2011/04/05 13:12:59.0943 4080 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys 2011/04/05 13:13:00.0005 4080 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/05 13:13:00.0052 4080 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/05 13:13:00.0130 4080 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/04/05 13:13:00.0177 4080 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/04/05 13:13:00.0239 4080 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/04/05 13:13:00.0473 4080 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/04/05 13:13:00.0582 4080 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/05 13:13:00.0629 4080 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 2011/04/05 13:13:00.0723 4080 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/05 13:13:00.0832 4080 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 2011/04/05 13:13:00.0894 4080 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/04/05 13:13:01.0003 4080 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/05 13:13:01.0081 4080 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/05 13:13:01.0222 4080 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/05 13:13:01.0253 4080 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/04/05 13:13:01.0331 4080 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/05 13:13:01.0409 4080 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/04/05 13:13:01.0549 4080 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/05 13:13:01.0612 4080 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/05 13:13:01.0643 4080 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/05 13:13:01.0690 4080 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/05 13:13:01.0737 4080 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/05 13:13:01.0783 4080 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/05 13:13:01.0861 4080 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/05 13:13:01.0908 4080 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/05 13:13:01.0971 4080 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/04/05 13:13:02.0049 4080 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/05 13:13:02.0158 4080 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 2011/04/05 13:13:02.0251 4080 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys 2011/04/05 13:13:02.0345 4080 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/05 13:13:02.0485 4080 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS 2011/04/05 13:13:02.0579 4080 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys 2011/04/05 13:13:02.0641 4080 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys 2011/04/05 13:13:02.0751 4080 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys 2011/04/05 13:13:02.0875 4080 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys 2011/04/05 13:13:02.0985 4080 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys 2011/04/05 13:13:03.0094 4080 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys 2011/04/05 13:13:03.0156 4080 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys 2011/04/05 13:13:03.0219 4080 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/05 13:13:03.0312 4080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/05 13:13:03.0390 4080 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/05 13:13:03.0468 4080 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/05 13:13:03.0593 4080 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/05 13:13:03.0655 4080 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/04/05 13:13:03.0702 4080 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/05 13:13:03.0749 4080 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/05 13:13:03.0889 4080 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/05 13:13:03.0952 4080 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/04/05 13:13:04.0030 4080 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/04/05 13:13:04.0092 4080 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/04/05 13:13:04.0170 4080 SLEE_16_DRIVER (4723512c035a3a880db4657705466240) C:\Windows\system32\drivers\Sleen16.sys 2011/04/05 13:13:04.0279 4080 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 2011/04/05 13:13:04.0342 4080 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/05 13:13:04.0467 4080 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/04/05 13:13:04.0467 4080 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/05 13:13:04.0482 4080 sptd - detected Locked file (1) 2011/04/05 13:13:04.0529 4080 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys 2011/04/05 13:13:04.0560 4080 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/05 13:13:04.0591 4080 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/05 13:13:04.0669 4080 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/05 13:13:04.0841 4080 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/05 13:13:04.0888 4080 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/05 13:13:05.0013 4080 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/05 13:13:05.0340 4080 SynTP (32c0296ae115906679d94957f501e8db) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/05 13:13:05.0683 4080 tap0901 (34f1bcb847a924a161422f106a79b9ff) C:\Windows\system32\DRIVERS\tap0901.sys 2011/04/05 13:13:05.0824 4080 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys 2011/04/05 13:13:05.0933 4080 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\Windows\system32\DRIVERS\tapvpn.sys 2011/04/05 13:13:06.0058 4080 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys 2011/04/05 13:13:06.0136 4080 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/05 13:13:06.0307 4080 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/05 13:13:06.0354 4080 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/05 13:13:06.0448 4080 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/05 13:13:06.0541 4080 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/05 13:13:06.0604 4080 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/05 13:13:06.0697 4080 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/05 13:13:06.0791 4080 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/05 13:13:06.0869 4080 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/05 13:13:06.0931 4080 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/04/05 13:13:07.0041 4080 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys 2011/04/05 13:13:07.0181 4080 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/05 13:13:07.0259 4080 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/05 13:13:07.0306 4080 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/04/05 13:13:07.0353 4080 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/05 13:13:07.0477 4080 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/05 13:13:07.0571 4080 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/05 13:13:07.0649 4080 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys 2011/04/05 13:13:07.0696 4080 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/05 13:13:07.0883 4080 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/05 13:13:07.0992 4080 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/05 13:13:08.0023 4080 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/05 13:13:08.0086 4080 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/05 13:13:08.0179 4080 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/05 13:13:08.0320 4080 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/05 13:13:08.0367 4080 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/05 13:13:08.0429 4080 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/05 13:13:08.0523 4080 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/05 13:13:08.0569 4080 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/05 13:13:08.0632 4080 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/04/05 13:13:09.0006 4080 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/04/05 13:13:09.0209 4080 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/04/05 13:13:09.0318 4080 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/05 13:13:09.0381 4080 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 2011/04/05 13:13:09.0537 4080 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 2011/04/05 13:13:09.0615 4080 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/04/05 13:13:09.0724 4080 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/05 13:13:09.0817 4080 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/05 13:13:09.0833 4080 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/05 13:13:09.0942 4080 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/04/05 13:13:10.0114 4080 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/05 13:13:10.0285 4080 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/05 13:13:10.0426 4080 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/05 13:13:10.0504 4080 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/05 13:13:10.0675 4080 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/05 13:13:10.0831 4080 ================================================================================ 2011/04/05 13:13:10.0831 4080 Scan finished 2011/04/05 13:13:10.0831 4080 ================================================================================ 2011/04/05 13:13:10.0863 1000 Detected object count: 1 2011/04/05 13:13:15.0636 1000 Locked file(sptd) - User select action: Skip |
|
05.04.2011, 13:30
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2011, 16:24
| #24 |
| | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. sooo, ich glaube ich hab alles und hoffe alles ist korrekt ausgefuehrt: GMER: {\rtf1\ansi\ansicpg1252\deff0\deflang1031{\fonttbl{\f0\fswiss\fcharset0 Arial;}} {\*\generator Msftedit 5.41.21.2508;}\viewkind4\uc1\pard\f0\fs20GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net\par
Rootkit scan 2011-04-05 16:58:27\par
Windows 6.0.6001 Service Pack 1 Harddisk0\\DR0 -> \\Device\\Ide\\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11\par
Running: wyz1oynm.exe; Driver: C:\\Users\\Seba\\AppData\\Local\\Temp\\ffdoqpoc.sys\par
\par
\par
---- System - GMER 1.0.15 ----\par
\par
INT 0x52 ? 85BD4BF8\par
INT 0x72 ? 85BD4BF8\par
INT 0x82 ? 85BD4BF8\par
INT 0x92 ? 84D5ABF8\par
INT 0x92 ? 84D5ABF8\par
INT 0x92 ? 84D5ABF8\par
INT 0x92 ? 84D5ABF8\par
INT 0x92 ? 85BD4BF8\par
INT 0x92 ? 84D5ABF8\par
\par
---- Kernel code sections - GMER 1.0.15 ----\par
\par
? System32\\Drivers\\spht.sys The system cannot find the path specified. !\par
PAGE ataport.SYS!DllUnload 82686B2E 5 Bytes JMP 84D5A1D8 \par
.text USBPORT.SYS!DllUnload 87D4946F 5 Bytes JMP 85BD41D8 \par
.text am0k5n3z.SYS 8C1A6000 22 Bytes [26, C2, 3C, 82, 10, C1, 3C, ...]\par
.text am0k5n3z.SYS 8C1A6017 83 Bytes [00, 32, 07, 79, 80, 3D, 05, ...]\par
.text am0k5n3z.SYS 8C1A606B 61 Bytes [82, 50, FC, 05, 82, 58, F9, ...]\par
.text am0k5n3z.SYS 8C1A60A9 35 Bytes [F0, 05, 82, 60, E7, 05, 82, ...]\par
.text am0k5n3z.SYS 8C1A60CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] \{ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX\}\par
.text ... \par
? C:\\Windows\\system32\\Drivers\\PROCEXP113.SYS The system cannot find the file specified. !\par
? C:\\Users\\Seba\\AppData\\Local\\Temp\\catchme.sys The system cannot find the file specified. !\par
\par
---- Kernel IAT/EAT - GMER 1.0.15 ----\par
\par
IAT \\SystemRoot\\system32\\drivers\\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806946D6] \\SystemRoot\\System32\\Drivers\\spht.sys\par
IAT \\SystemRoot\\system32\\drivers\\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80694042] \\SystemRoot\\System32\\Drivers\\spht.sys\par
IAT \\SystemRoot\\system32\\drivers\\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80694800] \\SystemRoot\\System32\\Drivers\\spht.sys\par
IAT \\SystemRoot\\system32\\drivers\\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806940C0] \\SystemRoot\\System32\\Drivers\\spht.sys\par
IAT \\SystemRoot\\system32\\drivers\\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069413E] \\SystemRoot\\System32\\Drivers\\spht.sys\par
IAT \\SystemRoot\\system32\\DRIVERS\\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A3B90] \\SystemRoot\\System32\\Drivers\\spht.sys\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortNotification] CC358B04\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortWritePortUchar] 838C1CCF\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \\Program Files\\DAEMON Tools Lite\\Engine.dll (Helper library/DT Soft Ltd)\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8C1CA0\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortStallExecution] 54771129\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortRequestCallback] [8B55CC00] \\SystemRoot\\system32\\DRIVERS\\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation)\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortInitialize] B18D0502\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8\par
IAT \\SystemRoot\\System32\\Drivers\\am0k5n3z.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D\par
\par
---- Devices - GMER 1.0.15 ----\par
\par
Device \\FileSystem\\Ntfs \\Ntfs 84D601F8\par
\par
AttachedDevice \\Driver\\kbdclass \\Device\\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)\par
AttachedDevice \\Driver\\kbdclass \\Device\\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)\par
\par
Device \\Driver\\volmgr \\Device\\VolMgrControl 84D5C1F8\par
Device \\Driver\\usbuhci \\Device\\USBPDO-0 85BE21F8\par
Device \\Driver\\usbehci \\Device\\USBPDO-1 85BF61F8\par
Device \\Driver\\PCI_PNP7813 \\Device\\00000052 spht.sys\par
Device \\Driver\\usbuhci \\Device\\USBPDO-2 85BE21F8\par
Device \\Driver\\usbuhci \\Device\\USBPDO-3 85BE21F8\par
Device \\Driver\\usbuhci \\Device\\USBPDO-4 85BE21F8\par
Device \\Driver\\sptd \\Device\\3602477843 spht.sys\par
Device \\Driver\\usbuhci \\Device\\USBPDO-5 85BE21F8\par
Device \\Driver\\usbehci \\Device\\USBPDO-6 85BF61F8\par
Device \\Driver\\volmgr \\Device\\HarddiskVolume1 84D5C1F8\par
Device \\Driver\\netbt \\Device\\NetBT_Tcpip_\{55CED7BB-9F79-4238-B407-6C57EA4E2374\} 864C11F8\par
Device \\Driver\\volmgr \\Device\\HarddiskVolume2 84D5C1F8\par
Device \\Driver\\cdrom \\Device\\CdRom0 85D111F8\par
Device \\Driver\\atapi \\Device\\Ide\\IdeDeviceP0T0L0-0 84D5E1F8\par
Device \\Driver\\atapi \\Device\\Ide\\IdePort0 84D5E1F8\par
Device \\Driver\\atapi \\Device\\Ide\\IdePort1 84D5E1F8\par
Device \\Driver\\atapi \\Device\\Ide\\IdePort2 84D5E1F8\par
Device \\Driver\\atapi \\Device\\Ide\\IdePort3 84D5E1F8\par
Device \\Driver\\atapi \\Device\\Ide\\IdeDeviceP1T0L0-1 84D5E1F8\par
Device \\Driver\\msahci \\Device\\Ide\\PciIde0Channel0 84D5F1F8\par
Device \\Driver\\msahci \\Device\\Ide\\PciIde0Channel1 84D5F1F8\par
Device \\Driver\\msahci \\Device\\Ide\\PciIde0Channel4 84D5F1F8\par
Device \\Driver\\msahci \\Device\\Ide\\PciIde0Channel5 84D5F1F8\par
Device \\Driver\\cdrom \\Device\\CdRom1 85D111F8\par
Device \\Driver\\netbt \\Device\\NetBt_Wins_Export 864C11F8\par
Device \\Driver\\Smb \\Device\\NetbiosSmb 864391F8\par
Device \\Driver\\netbt \\Device\\NetBT_Tcpip_\{7C625BCC-AAF1-484C-9357-3BEDC1A9CAA5\} 864C11F8\par
Device \\Driver\\iScsiPrt \\Device\\RaidPort0 85C021F8\par
Device \\Driver\\netbt \\Device\\NetBT_Tcpip_\{0FF901D6-BA1A-42DD-84CE-18E935EE5DAE\} 864C11F8\par
Device \\Driver\\usbuhci \\Device\\USBFDO-0 85BE21F8\par
Device \\Driver\\usbehci \\Device\\USBFDO-1 85BF61F8\par
Device \\Driver\\usbuhci \\Device\\USBFDO-2 85BE21F8\par
Device \\Driver\\usbuhci \\Device\\USBFDO-3 85BE21F8\par
Device \\Driver\\usbuhci \\Device\\USBFDO-4 85BE21F8\par
Device \\Driver\\usbuhci \\Device\\USBFDO-5 85BE21F8\par
Device \\Driver\\usbehci \\Device\\USBFDO-6 85BF61F8\par
Device \\Driver\\am0k5n3z \\Device\\Scsi\\am0k5n3z1 85BEF500\par
Device \\Driver\\am0k5n3z \\Device\\Scsi\\am0k5n3z1Port5Path0Target0Lun0 85BEF500\par
Device \\FileSystem\\cdfs \\Cdfs 86F2A1F8\par
\par
---- Registry - GMER 1.0.15 ----\par
\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@s1 771343423\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@s2 285507792\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg@h0 1\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\\Program Files\\DAEMON Tools Lite\\\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x99 0x4E 0x0E 0x0E ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC\\00000001 \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC\\00000001@a0 0x20 0x01 0x00 0x00 ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC\\00000001@hdf12 0x17 0xB2 0x14 0xAF ...\par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC\\00000001\\gdq0 \par
Reg HKLM\\SYSTEM\\CurrentControlSet\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC\\00000001\\gdq0@hdf12 0x51 0x85 0x51 0xF2 ...\par
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) \par
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\\Program Files\\DAEMON Tools Lite\\\par
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...\par
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0\par
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x99 0x4E 0x0E 0x0E ...\par
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC\\00000001 (not active ControlSet) \par
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC\\00000001@a0 0x20 0x01 0x00 0x00 ...\par
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC\\00000001@hdf12 0x17 0xB2 0x14 0xAF ...\par
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC\\00000001\\gdq0 (not active ControlSet) \par
Reg HKLM\\SYSTEM\\ControlSet002\\Services\\sptd\\Cfg\\14919EA49A8F3B4AA3CF1058D9A64CEC\\00000001\\gdq0@hdf12 0x51 0x85 0x51 0xF2 ...\par
\par
---- EOF - GMER 1.0.15 ----\par
} OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:14:58 on 05.04.2011 OS: Windows Vista Home Basic Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 4.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aaxwfksh" (aaxwfksh) - "Microsoft Corporation" - C:\Windows\system32\drivers\aaxwfksh.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "catchme" (catchme) - ? - C:\Users\Seba\AppData\Local\Temp\catchme.sys (File not found) "Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "regi" (regi) - "InterVideo" - C:\Windows\System32\drivers\regi.sys "Sony Ericsson Device 0017 driver (WDM)" (s0017bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0017bus.sys "Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)" (s0017nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0017nd5.sys "Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)" (s0017unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0017unic.sys "Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)" (s0017mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0017mgmt.sys "Sony Ericsson Device 0017 USB WMC Modem Driver" (s0017mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0017mdm.sys "Sony Ericsson Device 0017 USB WMC Modem Filter" (s0017mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0017mdfl.sys "Sony Ericsson Device 0017 USB WMC OBEX Interface" (s0017obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0017obex.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "Steganos Live Encryption Engine 16 [Driver]" (SLEE_16_DRIVER) - "Softwareentwicklung Remus - ArchiCrypt " - C:\Windows\system32\drivers\Sleen16.sys "TAP VPN Adapter" (tapvpn) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tapvpn.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {FAE0A3E0-3010-41BA-9DDC-A631394F047F} "SteganosShellExtension" - ? - C:\Program Files\Steganos Safe OEM\ShellExtension.dll (File found, but it contains no detailed information) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} "Flash Casino Helper Control" - "Microgaming.co.uk" - C:\Windows\Downloaded Program Files\iefax.dll / https://plugins.valueactive.eu/flashax/iefax.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "WinZip Quick Pick.lnk" - "WinZip Computing, S.L." - C:\Program Files\WinZip\WZQKPICK.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acer ePower Management" - "Acer Incorporated" - C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe "PLFSetI" - ? - C:\Windows\PLFSetI.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SAFEOEM HotKeys" - ? - "C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe" "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "WarReg_PopUp" - "eMachines" - C:\Program Files\eMachines\WR_PopUp\WarReg_PopUp.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "EPSON Stylus DX4400 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBCAE.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9fa70899bd93e)" (gupdate1c9fa70899bd93e) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Und MBER CHECK: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Basic Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: eMachines BIOS Manufacturer: eMachines System Manufacturer: eMachines System Product Name: eMachines E525 Logical Drives Mask: 0x0000004c Kernel Drivers (total 142): 0x82009000 \SystemRoot\system32\ntkrnlpa.exe 0x823C2000 \SystemRoot\system32\hal.dll 0x80404000 \SystemRoot\system32\kdcom.dll 0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8046C000 \SystemRoot\system32\PSHED.dll 0x8047D000 \SystemRoot\system32\BOOTVID.dll 0x80485000 \SystemRoot\system32\CLFS.SYS 0x804C6000 \SystemRoot\system32\CI.dll 0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80696000 \SystemRoot\System32\Drivers\spws.sys 0x80789000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x80792000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x807B8000 \SystemRoot\system32\drivers\acpi.sys 0x80600000 \SystemRoot\system32\drivers\msisadrv.sys 0x805A6000 \SystemRoot\system32\drivers\pci.sys 0x805CD000 \SystemRoot\System32\drivers\partmgr.sys 0x80608000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x805DC000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x805E6000 \SystemRoot\system32\drivers\volmgr.sys 0x8260C000 \SystemRoot\System32\drivers\volmgrx.sys 0x82656000 \SystemRoot\System32\drivers\mountmgr.sys 0x82666000 \SystemRoot\System32\Drivers\UBHelper.sys 0x8266E000 \SystemRoot\system32\drivers\atapi.sys 0x82676000 \SystemRoot\system32\drivers\ataport.SYS 0x82694000 \SystemRoot\system32\drivers\msahci.sys 0x8269E000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x826AC000 \SystemRoot\system32\drivers\fltmgr.sys 0x826DE000 \SystemRoot\system32\drivers\fileinfo.sys 0x826EE000 \SystemRoot\System32\Drivers\ksecdd.sys 0x87A04000 \SystemRoot\system32\drivers\ndis.sys 0x87B0F000 \SystemRoot\system32\drivers\msrpc.sys 0x87B3A000 \SystemRoot\system32\drivers\NETIO.SYS 0x87C0A000 \SystemRoot\System32\drivers\tcpip.sys 0x87CF3000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x87E0B000 \SystemRoot\System32\Drivers\Ntfs.sys 0x87F1A000 \SystemRoot\system32\drivers\volsnap.sys 0x87F53000 \SystemRoot\System32\Drivers\spldr.sys 0x87F5B000 \SystemRoot\System32\Drivers\mup.sys 0x87F6A000 \SystemRoot\System32\drivers\ecache.sys 0x87F91000 \SystemRoot\system32\drivers\disk.sys 0x87FA2000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x87FC3000 \SystemRoot\system32\drivers\crcdisk.sys 0x87FEE000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x87D0E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8B60F000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8BF2C000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8BFCB000 \SystemRoot\System32\drivers\watchdog.sys 0x8BFD8000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x87D1D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8BFE3000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x87D5B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8B208000 \SystemRoot\system32\DRIVERS\bcmwl6.sys 0x8B30A000 \SystemRoot\system32\DRIVERS\L1C60x86.sys 0x8B31A000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8B31E000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8B331000 \SystemRoot\system32\DRIVERS\DKbFltr.sys 0x8B33B000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8B346000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8B377000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8B379000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8B384000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8B39C000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys 0x8B3A4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8B3AA000 \SystemRoot\System32\Drivers\aaxwfksh.SYS 0x8B3E3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x87D6D000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x87D9B000 \SystemRoot\system32\DRIVERS\storport.sys 0x8B3EC000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x87DDC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8BFF2000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x87B74000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8B600000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x87B97000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x87BAB000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x87DF3000 \SystemRoot\system32\DRIVERS\tapvpn.sys 0x87BC0000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8B3F7000 \SystemRoot\system32\DRIVERS\swenum.sys 0x87BD0000 \SystemRoot\system32\DRIVERS\ks.sys 0x87C00000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8275F000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8276C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x827A0000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8C409000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8C640000 \SystemRoot\system32\drivers\portcls.sys 0x8C66D000 \SystemRoot\system32\drivers\drmk.sys 0x8C692000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8C69B000 \SystemRoot\System32\Drivers\Null.SYS 0x8C6A2000 \SystemRoot\System32\Drivers\Beep.SYS 0x8C6A9000 \SystemRoot\System32\drivers\vga.sys 0x8C6B5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8C6D6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8C6DE000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8C6E6000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8C6F1000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8C6FF000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8C708000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8C71E000 \SystemRoot\system32\DRIVERS\smb.sys 0x8C732000 \SystemRoot\system32\drivers\afd.sys 0x8C77A000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8C7AC000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8C7C2000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8C7D0000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8C7E3000 \??\C:\Windows\system32\drivers\Sleen16.sys 0x827B1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8C7F5000 \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys 0x827ED000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8C800000 \SystemRoot\System32\Drivers\dfsc.sys 0x8C817000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8C824000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8C82F000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x8C839000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8C850000 \SystemRoot\System32\Drivers\usbvideo.sys 0x93A70000 \SystemRoot\System32\win32k.sys 0x8C871000 \SystemRoot\System32\drivers\Dxapi.sys 0x8C87B000 \SystemRoot\system32\DRIVERS\monitor.sys 0x93C90000 \SystemRoot\System32\TSDDD.dll 0x93CB0000 \SystemRoot\System32\cdd.dll 0x8C88A000 \SystemRoot\system32\drivers\luafv.sys 0x8C8A5000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8C8B5000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8C8DF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8C8E9000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8C8FC000 \SystemRoot\system32\drivers\spsys.sys 0xA7607000 \SystemRoot\system32\drivers\HTTP.sys 0xA7674000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA7691000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA76AA000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA76BF000 \SystemRoot\system32\drivers\mrxdav.sys 0xA76DF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA76FE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA7737000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA774F000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA7777000 \SystemRoot\System32\DRIVERS\srv.sys 0xAC202000 \SystemRoot\system32\drivers\peauth.sys 0xAC2E0000 \SystemRoot\system32\drivers\regi.sys 0xAC2E2000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAC2EC000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAC2F8000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x77910000 \Windows\System32\ntdll.dll 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll Processes (total 62): 0 System Idle Process 4 System 456 C:\Windows\System32\smss.exe 528 csrss.exe 572 C:\Windows\System32\wininit.exe 580 csrss.exe 628 C:\Windows\System32\winlogon.exe 656 C:\Windows\System32\services.exe 676 C:\Windows\System32\lsass.exe 684 C:\Windows\System32\lsm.exe 836 C:\Windows\System32\svchost.exe 904 C:\Windows\System32\svchost.exe 936 C:\Windows\System32\svchost.exe 1020 C:\Windows\System32\svchost.exe 1096 C:\Windows\System32\svchost.exe 1108 C:\Windows\System32\svchost.exe 1188 C:\Windows\System32\audiodg.exe 1216 C:\Windows\System32\SLsvc.exe 1240 C:\Windows\System32\svchost.exe 1416 C:\Windows\System32\svchost.exe 1588 C:\Windows\System32\wlanext.exe 1700 C:\Windows\System32\dwm.exe 1760 C:\Windows\System32\spoolsv.exe 1780 C:\Windows\explorer.exe 1808 C:\Windows\System32\taskeng.exe 1816 C:\Windows\System32\svchost.exe 1896 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 1904 C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe 1912 C:\Windows\PLFSetI.exe 1920 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 1932 C:\Program Files\Launch Manager\LManager.exe 1956 C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe 1964 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1988 C:\Program Files\iTunes\iTunesHelper.exe 1996 C:\Windows\System32\igfxtray.exe 2004 C:\Windows\System32\hkcmd.exe 2020 C:\Windows\System32\igfxpers.exe 216 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 284 C:\Program Files\Windows Media Player\wmpnscfg.exe 1976 C:\Windows\System32\igfxsrvc.exe 2200 C:\Windows\System32\taskeng.exe 2292 C:\Windows\System32\igfxext.exe 2348 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe 2540 C:\Users\Seba\AppData\Local\temp\RtkBtMnt.exe 2624 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2648 C:\Program Files\Bonjour\mDNSResponder.exe 2684 C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe 2744 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 2816 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 2872 C:\Windows\System32\svchost.exe 2920 C:\Windows\System32\svchost.exe 2960 C:\Windows\System32\svchost.exe 3056 C:\Windows\System32\SearchIndexer.exe 3488 C:\Program Files\iPod\bin\iPodService.exe 4044 C:\Program Files\Mozilla Firefox\firefox.exe 3936 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 1276 C:\Windows\System32\wuauclt.exe 1888 C:\Program Files\WinZip\WZQKPICK.EXE 2196 C:\Windows\System32\conime.exe 3912 <unknown> 1092 <unknown> 2500 C:\Users\Seba\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80500000 (NTFS) PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
05.04.2011, 18:07
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2011, 18:24
| #26 |
| | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. mach ich sofort... und dann kann ich auch wieder antivir installieren? oder hast du da nen besseren tip? vielen dank uebrigens nochmal, du bist mein held des jahres! wirklich! |
|
05.04.2011, 18:47
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. Warte mit AntiVir bitte ab bis die Kontrollscans durch sind und ich dir Bescheid gebe.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2011, 23:05
| #28 |
| | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. oh man, das hat ja ewigkeiten gedauert mit dem scannen... aber hier die logs: bei dem superantispyware, hat das programm was in die quarantaene geschoben, das hab ich dann schon geloescht. also, das was unten auch in dem log steht. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6280 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 05.04.2011 20:38:13 mbam-log-2011-04-05 (20-38-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 326553 Laufzeit: 1 Stunde(n), 13 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und der von superantispyware: UPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 04/05/2011 at 11:54 PM Application Version : 4.50.1002 Core Rules Database Version : 6756 Trace Rules Database Version: 4568 Scan type : Complete Scan Total Scan Time : 03:12:52 Memory items scanned : 606 Memory threats detected : 0 Registry items scanned : 7888 Registry threats detected : 0 File items scanned : 179697 File threats detected : 4 Adware.Tracking Cookie C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Cookies\seba@atdmt[2].txt C:\Users\Seba\AppData\Roaming\Microsoft\Windows\Cookies\seba@yadro[2].txt www.adservercentral.info [ C:\Users\Seba\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\P7N8UV88 ] ds.serving-sys.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7AZCEQ9T ] |
|
06.04.2011, 09:02
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit? AntiVir oder ein andere Virenscanner wie zB Microsoft Security Essentials (MSE) kannst nun installieren. Aber bitte nur ein Virenscanner, nicht AntiVir und MSE gleichzeitig!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2011, 14:23
| #30 |
| | Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. Laptop laeuft wieder einwandfrei. hab antivir inzwischen wieder installiert. hat nichts gefunden. Ein RIESENGROSSES Dankeschoen noch mal.. was haette ich bloss ohne deine hilfe gemacht... |
|
| Themen zu Redirect von google und extrem langsames laden von Inet Seiten, bzw gar kein laden. |
| alternate, audiodg.exe, autorun, avgntflt.sys, avira, bho, bonjour, converter, emachines, festplatte, firefox, google, hijack, hijackthis, home, infizierte dateien, jar_cache, langsam, langsames laden, launch, location, logfile, mozilla, mp3, nt.dll, oldtimer, otl.exe, otl.txt, plug-in, popup, realtek, registry, scan, sched.exe, searchplugins, sptd.sys, start menu, svchost.exe, tr/spy., trojan.agent.u, trojaner, trojaner board, usb, verweise, virus gefunden, vista, warnung |
Linear-Darstellung
