| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: IE öffnet komplett andere Seiten durch TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.04.2011, 20:36
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  IE öffnet komplett andere Seiten durch Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.21189351611425766.exe
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.09438208857365815.exe
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.5399563998682995.exe
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.19771568843115184.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.3177135607912589.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.7264726497121414.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.019164675131827957.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.17757153460061625.exe
2011-04-22 12:44 . 2011-04-22 12:44 -------- d-----w- C:\files
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.04.2011, 00:07
| #17 |
 | IE öffnet komplett andere Seiten durch Trojaner All processes killed
__________________========== OTL ========== ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: User ->Temp folder emptied: 2792 bytes ->Temporary Internet Files folder emptied: 1502454 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 88396645 bytes ->Flash cache emptied: 1145 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes RecycleBin emptied: 996467304 bytes Total Files Cleaned = 1.036,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04302011_005709 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
30.04.2011, 02:43
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Sry hatte einen kleinen Blackout
__________________ Mach den Fix bitte nochmal aber mit diesem Script: Code:
ATTFilter :OTL
c:\program files (x86)\Mozilla Firefox\null0.21189351611425766.exe
c:\program files (x86)\Mozilla Firefox\null0.09438208857365815.exe
c:\program files (x86)\Mozilla Firefox\null0.5399563998682995.exe
c:\program files (x86)\Mozilla Firefox\null0.19771568843115184.exe
c:\program files (x86)\Mozilla Firefox\null0.3177135607912589.exe
c:\program files (x86)\Mozilla Firefox\null0.7264726497121414.exe
c:\program files (x86)\Mozilla Firefox\null0.019164675131827957.exe
c:\program files (x86)\Mozilla Firefox\null0.17757153460061625.exe
C:\files
:Commands
[purity]
[resethosts]
[emptytemp]
__________________ |
|
30.04.2011, 16:33
| #19 |
| | IE öffnet komplett andere Seiten durch Trojaner All processes killed ========== OTL ========== ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1516470 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 91335393 bytes ->Flash cache emptied: 1671 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 89,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04302011_172625 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
01.05.2011, 13:49
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Sry irgendwie hab ich es bei dir mti dem Script, da war schon wieder ein Fehler drin  Mach es bitte nochmal mit diesem jetzt endlich korrektem Script: Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2011, 15:03
| #21 |
| | IE öffnet komplett andere Seiten durch Trojaner All processes killed ========== FILES ========== c:\program files (x86)\Mozilla Firefox\null0.21189351611425766.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.09438208857365815.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.5399563998682995.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.19771568843115184.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.3177135607912589.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.7264726497121414.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.019164675131827957.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.17757153460061625.exe moved successfully. C:\files folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 65670 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 45021563 bytes ->Flash cache emptied: 521 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 43,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05012011_155949 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
01.05.2011, 15:26
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2011, 18:50
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Log ist unvollstöndig!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2011, 20:00
| #24 |
| | IE öffnet komplett andere Seiten durch Trojaner 2011/05/01 17:53:42.0856 4588 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/05/01 17:53:43.0011 4588 ================================================================================ 2011/05/01 17:53:43.0011 4588 SystemInfo: 2011/05/01 17:53:43.0011 4588 2011/05/01 17:53:43.0011 4588 OS Version: 6.1.7600 ServicePack: 0.0 2011/05/01 17:53:43.0011 4588 Product type: Workstation 2011/05/01 17:53:43.0011 4588 ComputerName: USER-PC 2011/05/01 17:53:43.0011 4588 UserName: User 2011/05/01 17:53:43.0011 4588 Windows directory: C:\Windows 2011/05/01 17:53:43.0011 4588 System windows directory: C:\Windows 2011/05/01 17:53:43.0011 4588 Running under WOW64 2011/05/01 17:53:43.0011 4588 Processor architecture: Intel x64 2011/05/01 17:53:43.0011 4588 Number of processors: 8 2011/05/01 17:53:43.0011 4588 Page size: 0x1000 2011/05/01 17:53:43.0011 4588 Boot type: Normal boot 2011/05/01 17:53:43.0011 4588 ================================================================================ 2011/05/01 17:53:43.0261 4588 Initialize success 2011/05/01 17:53:45.0031 4384 ================================================================================ 2011/05/01 17:53:45.0031 4384 Scan started 2011/05/01 17:53:45.0031 4384 Mode: Manual; 2011/05/01 17:53:45.0031 4384 ================================================================================ 2011/05/01 17:53:45.0831 4384 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/05/01 17:53:45.0865 4384 6077757b (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys 2011/05/01 17:53:45.0882 4384 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/05/01 17:53:45.0902 4384 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/05/01 17:53:45.0926 4384 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/01 17:53:45.0950 4384 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/01 17:53:45.0968 4384 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/01 17:53:46.0006 4384 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/05/01 17:53:46.0023 4384 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/05/01 17:53:46.0047 4384 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/05/01 17:53:46.0065 4384 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/05/01 17:53:46.0082 4384 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/01 17:53:46.0196 4384 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/01 17:53:46.0242 4384 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/05/01 17:53:46.0263 4384 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/01 17:53:46.0293 4384 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 2011/05/01 17:53:46.0311 4384 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/01 17:53:46.0330 4384 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 2011/05/01 17:53:46.0350 4384 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/05/01 17:53:46.0388 4384 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/05/01 17:53:46.0397 4384 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/01 17:53:46.0413 4384 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/01 17:53:46.0430 4384 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/05/01 17:53:46.0451 4384 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 2011/05/01 17:53:46.0477 4384 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys 2011/05/01 17:53:46.0512 4384 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/05/01 17:53:46.0540 4384 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/05/01 17:53:46.0573 4384 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/05/01 17:53:46.0610 4384 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/01 17:53:46.0642 4384 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/01 17:53:46.0658 4384 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/01 17:53:46.0671 4384 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/01 17:53:46.0693 4384 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/05/01 17:53:46.0702 4384 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/01 17:53:46.0716 4384 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/01 17:53:46.0725 4384 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/01 17:53:46.0735 4384 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/01 17:53:46.0791 4384 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/01 17:53:46.0811 4384 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/01 17:53:46.0832 4384 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/01 17:53:46.0868 4384 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/05/01 17:53:46.0891 4384 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/01 17:53:46.0901 4384 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/05/01 17:53:46.0947 4384 cmudaxp (3cd27b6666d0a6a71a7b6834dd5c97f7) C:\Windows\system32\drivers\cmudaxp.sys 2011/05/01 17:53:46.0965 4384 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/05/01 17:53:46.0986 4384 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/01 17:53:47.0003 4384 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/05/01 17:53:47.0016 4384 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/01 17:53:47.0050 4384 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 2011/05/01 17:53:47.0070 4384 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/05/01 17:53:47.0082 4384 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/05/01 17:53:47.0092 4384 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/05/01 17:53:47.0127 4384 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/05/01 17:53:47.0167 4384 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/01 17:53:47.0232 4384 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/05/01 17:53:47.0276 4384 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/01 17:53:47.0293 4384 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/05/01 17:53:47.0310 4384 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/05/01 17:53:47.0337 4384 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/05/01 17:53:47.0357 4384 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/01 17:53:47.0373 4384 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/05/01 17:53:47.0391 4384 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/05/01 17:53:47.0400 4384 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/01 17:53:47.0413 4384 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/05/01 17:53:47.0437 4384 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/05/01 17:53:47.0456 4384 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/01 17:53:47.0475 4384 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/01 17:53:47.0483 4384 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/01 17:53:47.0523 4384 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 2011/05/01 17:53:47.0543 4384 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/01 17:53:47.0571 4384 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/05/01 17:53:47.0581 4384 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/01 17:53:47.0591 4384 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/01 17:53:47.0621 4384 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/01 17:53:47.0628 4384 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/01 17:53:47.0655 4384 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/01 17:53:47.0681 4384 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/05/01 17:53:47.0717 4384 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys 2011/05/01 17:53:47.0745 4384 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys 2011/05/01 17:53:47.0768 4384 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/05/01 17:53:47.0783 4384 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/01 17:53:47.0803 4384 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/01 17:53:47.0832 4384 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 2011/05/01 17:53:47.0853 4384 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/01 17:53:47.0901 4384 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) C:\Windows\system32\drivers\RTKVHD64.sys 2011/05/01 17:53:47.0917 4384 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/05/01 17:53:47.0936 4384 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/01 17:53:47.0956 4384 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/01 17:53:47.0967 4384 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/05/01 17:53:47.0977 4384 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/05/01 17:53:48.0001 4384 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/05/01 17:53:48.0010 4384 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/05/01 17:53:48.0041 4384 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/01 17:53:48.0057 4384 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/01 17:53:48.0072 4384 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/01 17:53:48.0103 4384 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/01 17:53:48.0122 4384 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/01 17:53:48.0140 4384 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/05/01 17:53:48.0171 4384 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/01 17:53:48.0195 4384 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/01 17:53:48.0217 4384 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/01 17:53:48.0231 4384 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/01 17:53:48.0247 4384 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/01 17:53:48.0256 4384 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/05/01 17:53:48.0282 4384 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/01 17:53:48.0305 4384 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/01 17:53:48.0322 4384 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/05/01 17:53:48.0346 4384 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/01 17:53:48.0355 4384 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/01 17:53:48.0377 4384 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/01 17:53:48.0385 4384 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/05/01 17:53:48.0408 4384 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/05/01 17:53:48.0426 4384 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/01 17:53:48.0451 4384 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/05/01 17:53:48.0496 4384 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/01 17:53:48.0517 4384 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/01 17:53:48.0538 4384 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/01 17:53:48.0553 4384 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/05/01 17:53:48.0573 4384 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/05/01 17:53:48.0600 4384 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/05/01 17:53:48.0616 4384 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/01 17:53:48.0623 4384 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/05/01 17:53:48.0657 4384 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/01 17:53:48.0671 4384 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/01 17:53:48.0680 4384 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/05/01 17:53:48.0703 4384 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/05/01 17:53:48.0715 4384 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/01 17:53:48.0725 4384 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/05/01 17:53:48.0741 4384 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/01 17:53:48.0763 4384 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys 2011/05/01 17:53:48.0772 4384 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/05/01 17:53:48.0808 4384 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/01 17:53:48.0835 4384 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/05/01 17:53:48.0856 4384 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/01 17:53:48.0865 4384 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/01 17:53:48.0883 4384 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/01 17:53:48.0901 4384 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/01 17:53:48.0913 4384 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/05/01 17:53:48.0933 4384 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/01 17:53:48.0953 4384 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/01 17:53:48.0985 4384 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/01 17:53:49.0007 4384 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/05/01 17:53:49.0021 4384 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/01 17:53:49.0080 4384 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 2011/05/01 17:53:49.0111 4384 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/05/01 17:53:49.0138 4384 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 2011/05/01 17:53:49.0157 4384 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 2011/05/01 17:53:49.0173 4384 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/05/01 17:53:49.0191 4384 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/01 17:53:49.0230 4384 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/05/01 17:53:49.0238 4384 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/05/01 17:53:49.0271 4384 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/05/01 17:53:49.0280 4384 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/05/01 17:53:49.0301 4384 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/01 17:53:49.0320 4384 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/05/01 17:53:49.0348 4384 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/05/01 17:53:49.0406 4384 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/01 17:53:49.0415 4384 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/05/01 17:53:49.0431 4384 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/01 17:53:49.0465 4384 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/01 17:53:49.0498 4384 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/01 17:53:49.0522 4384 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/01 17:53:49.0537 4384 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/01 17:53:49.0562 4384 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/01 17:53:49.0573 4384 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/01 17:53:49.0586 4384 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/01 17:53:49.0596 4384 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/01 17:53:49.0612 4384 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/01 17:53:49.0622 4384 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/01 17:53:49.0635 4384 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/01 17:53:49.0651 4384 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 2011/05/01 17:53:49.0661 4384 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/01 17:53:49.0673 4384 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/01 17:53:49.0685 4384 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/05/01 17:53:49.0712 4384 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/05/01 17:53:49.0762 4384 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys 2011/05/01 17:53:49.0801 4384 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/01 17:53:49.0833 4384 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/05/01 17:53:49.0860 4384 RTL8192su (fc00c0de6dc83de1b2b01420e2195b21) C:\Windows\system32\DRIVERS\RTL8192su.sys 2011/05/01 17:53:49.0895 4384 s0017bus (032f537623a7b2fb81aaa184c30b70c3) C:\Windows\system32\DRIVERS\s0017bus.sys 2011/05/01 17:53:49.0918 4384 s0017mdfl (9964a28e569b4ff105b446ef8978fd5c) C:\Windows\system32\DRIVERS\s0017mdfl.sys 2011/05/01 17:53:49.0940 4384 s0017mdm (06347087d274c23dcfa8c4ab5c4314db) C:\Windows\system32\DRIVERS\s0017mdm.sys 2011/05/01 17:53:49.0966 4384 s0017mgmt (f0f0747b3fa50272de6b1bf575fa4700) C:\Windows\system32\DRIVERS\s0017mgmt.sys 2011/05/01 17:53:49.0990 4384 s0017nd5 (7224412cea2ff2df7d4842c1b0e71045) C:\Windows\system32\DRIVERS\s0017nd5.sys 2011/05/01 17:53:50.0000 4384 s0017obex (3feadbc7f09b8b596cbfb82f12aba87f) C:\Windows\system32\DRIVERS\s0017obex.sys 2011/05/01 17:53:50.0012 4384 s0017unic (2b63bea31d939888b2a8f3f14d89b5c1) C:\Windows\system32\DRIVERS\s0017unic.sys 2011/05/01 17:53:50.0027 4384 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/05/01 17:53:50.0047 4384 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/05/01 17:53:50.0066 4384 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/01 17:53:50.0128 4384 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/01 17:53:50.0170 4384 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/01 17:53:50.0191 4384 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/05/01 17:53:50.0200 4384 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/01 17:53:50.0236 4384 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/05/01 17:53:50.0256 4384 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/05/01 17:53:50.0265 4384 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/05/01 17:53:50.0285 4384 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/01 17:53:50.0307 4384 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/01 17:53:50.0323 4384 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/01 17:53:50.0342 4384 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/05/01 17:53:50.0371 4384 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/05/01 17:53:50.0415 4384 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 2011/05/01 17:53:50.0415 4384 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 2011/05/01 17:53:50.0417 4384 sptd - detected Locked file (1) 2011/05/01 17:53:50.0456 4384 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys 2011/05/01 17:53:50.0480 4384 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/01 17:53:50.0512 4384 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/01 17:53:50.0561 4384 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/01 17:53:50.0572 4384 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/05/01 17:53:50.0586 4384 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 2011/05/01 17:53:50.0596 4384 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/01 17:53:50.0661 4384 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/05/01 17:53:50.0693 4384 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/01 17:53:50.0721 4384 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/01 17:53:50.0738 4384 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/05/01 17:53:50.0747 4384 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/05/01 17:53:50.0763 4384 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/01 17:53:50.0772 4384 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/01 17:53:50.0807 4384 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/01 17:53:50.0822 4384 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/01 17:53:50.0836 4384 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/01 17:53:50.0856 4384 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/01 17:53:50.0886 4384 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/05/01 17:53:50.0896 4384 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/01 17:53:50.0905 4384 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/01 17:53:50.0942 4384 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys 2011/05/01 17:53:50.0968 4384 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 2011/05/01 17:53:50.0990 4384 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/01 17:53:50.0998 4384 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/05/01 17:53:51.0017 4384 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/01 17:53:51.0031 4384 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/01 17:53:51.0056 4384 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/01 17:53:51.0070 4384 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/01 17:53:51.0096 4384 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/01 17:53:51.0120 4384 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS 2011/05/01 17:53:51.0137 4384 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/01 17:53:51.0167 4384 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/05/01 17:53:51.0191 4384 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/05/01 17:53:51.0210 4384 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/01 17:53:51.0218 4384 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/05/01 17:53:51.0245 4384 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/05/01 17:53:51.0253 4384 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/05/01 17:53:51.0265 4384 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 2011/05/01 17:53:51.0278 4384 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/05/01 17:53:51.0288 4384 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/05/01 17:53:51.0300 4384 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/05/01 17:53:51.0312 4384 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/05/01 17:53:51.0328 4384 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/01 17:53:51.0341 4384 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2011/05/01 17:53:51.0368 4384 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/05/01 17:53:51.0392 4384 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/01 17:53:51.0401 4384 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/01 17:53:51.0410 4384 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/01 17:53:51.0443 4384 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/05/01 17:53:51.0456 4384 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/01 17:53:51.0483 4384 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/01 17:53:51.0493 4384 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/05/01 17:53:51.0546 4384 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/05/01 17:53:51.0556 4384 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/05/01 17:53:51.0588 4384 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/01 17:53:51.0633 4384 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/05/01 17:53:51.0652 4384 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/01 17:53:51.0785 4384 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys 2011/05/01 17:53:51.0827 4384 ================================================================================ 2011/05/01 17:53:51.0827 4384 Scan finished 2011/05/01 17:53:51.0827 4384 ================================================================================ 2011/05/01 17:53:51.0833 4812 Detected object count: 1 2011/05/01 17:53:55.0558 4812 Locked file(sptd) - User select action: Skip 2011/05/01 17:54:56.0487 4940 Deinitialize success |
|
02.05.2011, 11:04
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2011, 19:55
| #26 |
| | IE öffnet komplett andere Seiten durch Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 11-05-01.04 - User 02.05.2011 16:05:47.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.6135.4784 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\cofi.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-02 bis 2011-05-02 ))))))))))))))))))))))))))))))
.
.
2011-05-02 14:07 . 2011-05-02 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-02 13:38 . 2011-05-02 13:38 -------- d-----w- c:\users\User\AppData\Local\The Lord of the Rings Online
2011-05-01 20:07 . 2011-05-02 13:17 -------- d-----w- c:\users\User\AppData\Local\Turbine
2011-05-01 20:07 . 2011-05-02 13:53 -------- d-----w- c:\users\User\AppData\Local\ApplicationHistory
2011-05-01 20:06 . 2011-05-01 20:06 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-05-01 19:42 . 2011-05-01 19:42 -------- d-----w- c:\program files (x86)\Codemasters
2011-05-01 15:49 . 2011-05-02 14:07 -------- d-----w- c:\users\User\AppData\Local\PMB Files
2011-05-01 15:49 . 2011-05-01 15:56 -------- d-----w- c:\programdata\PMB Files
2011-04-29 10:05 . 2011-04-29 10:05 -------- d-----w- c:\program files (x86)\Tunatic
2011-04-27 16:24 . 2011-04-27 16:24 -------- d-----w- C:\_OTL
2011-04-27 10:32 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 10:32 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-24 15:59 . 2011-04-24 15:59 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-04-24 15:58 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-24 15:58 . 2011-04-24 15:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-24 15:58 . 2011-04-24 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-24 15:58 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 18:31 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 18:31 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 18:29 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 13:26 . 2011-04-12 13:26 -------- d-----w- c:\program files\SD EnterNET
2011-04-12 13:26 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-04-11 18:21 . 2011-04-11 18:21 -------- d-----w- c:\users\User\AppData\Local\Urgesoft
2011-04-10 20:29 . 2011-04-10 20:29 -------- d-----w- c:\users\User\AppData\Local\Jaksta_Technologies_Pty_L
2011-04-10 20:29 . 2011-04-10 20:29 -------- d-----w- c:\programdata\Applian
2011-04-10 20:28 . 2011-04-10 20:28 -------- d-----w- c:\windows\Applian Director
2011-04-05 18:00 . 2011-04-13 15:07 -------- d-----w- c:\program files (x86)\Metin2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:17 . 2011-04-27 10:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 10:33 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 09:56 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 09:56 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 09:56 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 09:56 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 09:56 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 20:50 . 2011-02-18 20:50 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-02-18 20:50 . 2011-02-18 20:50 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-02-18 20:50 . 2011-02-18 20:50 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-02-18 20:50 . 2011-02-18 20:50 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-02-18 20:50 . 2011-02-18 20:50 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-02-18 20:50 . 2011-02-18 20:50 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-02-18 20:50 . 2011-02-18 20:50 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-02-18 20:50 . 2011-02-18 20:50 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-02-18 20:50 . 2011-02-18 20:50 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-02-18 20:50 . 2011-02-18 20:50 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-02-18 20:50 . 2011-02-18 20:50 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-02-18 20:50 . 2010-07-07 01:54 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-02-18 20:50 . 2011-02-18 20:50 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-02-18 20:50 . 2011-02-18 20:50 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-02-18 20:50 . 2011-02-18 20:50 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-02-18 20:50 . 2011-02-18 20:50 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-02-18 20:50 . 2010-04-07 01:40 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-02-18 20:50 . 2011-02-18 20:50 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-02-18 20:50 . 2011-02-18 20:50 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-02-18 20:50 . 2011-02-18 20:50 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-02-18 20:50 . 2011-02-18 20:50 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-02-18 20:50 . 2011-02-18 20:50 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-02-18 20:50 . 2011-02-18 20:50 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-02-18 20:50 . 2010-09-23 16:39 58880 ----a-w- c:\windows\system32\coinst.dll
2011-02-18 20:50 . 2011-02-18 20:50 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-02-18 20:50 . 2011-02-18 20:50 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-02-18 20:50 . 2011-02-18 20:50 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-02-18 20:50 . 2011-02-18 20:50 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-02-18 20:50 . 2011-02-18 20:50 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-02-18 20:50 . 2011-02-18 20:50 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-02-18 20:50 . 2011-02-18 20:50 332800 ----a-w- c:\windows\system32\ATIODE.exe
2011-02-18 20:50 . 2011-02-18 20:50 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-02-18 20:50 . 2011-02-18 20:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-02-18 20:50 . 2010-04-07 01:21 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-02-18 20:50 . 2011-02-18 20:50 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-02-18 20:50 . 2011-02-18 20:50 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-02-18 20:50 . 2011-02-18 20:50 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-02-18 20:50 . 2011-02-18 20:50 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-02-18 20:50 . 2011-02-18 20:50 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-02-18 20:50 . 2011-02-18 20:50 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-02-18 20:50 . 2011-02-18 20:50 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-02-18 20:50 . 2011-02-18 20:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-02-18 20:50 . 2011-02-18 20:50 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-02-18 20:50 . 2011-02-18 20:50 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-02-18 20:50 . 2010-04-07 01:22 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-02-11 07:30 . 2011-03-18 11:37 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE269F37-198C-4267-91F0-BA9282130E30}\mpengine.dll
2011-02-04 21:12 . 2011-02-04 21:12 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-04 21:12 . 2011-02-04 21:12 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-02-04 21:12 . 2011-02-04 21:12 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-04 21:12 . 2011-02-04 21:12 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-02-02 16:11 . 2010-09-18 16:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-02-18 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-05-01 3071384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ugrllhsluukjoafhzxbuTaskMgr"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va003;X6va003;c:\users\User\AppData\Local\Temp\0039253.tmp [x]
R3 X6va005;X6va005;c:\users\User\AppData\Local\Temp\005A835.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2010-09-16 8761344]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: die-staemme.de\de71
TCP: {CBBC9FEA-46B8-41DF-909C-5566F8219919} = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwjhbt5a.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va003]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\0039253.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\005A835.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-02 16:08:55
ComboFix-quarantined-files.txt 2011-05-02 14:08
ComboFix2.txt 2011-05-02 14:01
ComboFix3.txt 2011-04-29 14:05
.
Vor Suchlauf: 11 Verzeichnis(se), 82.181.541.888 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 82.106.580.992 Bytes frei
.
- - End Of File - - 2DE234CF934A18A52C98DDF8148CE3A9
|
|
02.05.2011, 20:35
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ugrllhsluukjoafhzxbuTaskMgr"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va003]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005]
File::
c:\users\User\AppData\Local\Temp\0039253.tmp
c:\users\User\AppData\Local\Temp\005A835.tmp
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2011, 23:30
| #28 |
| | IE öffnet komplett andere Seiten durch Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 11-05-02.03 - User 03.05.2011 0:26.4.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.6135.4666 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\users\User\AppData\Local\Temp\0039253.tmp"
"c:\users\User\AppData\Local\Temp\005A835.tmp"
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-02 bis 2011-05-02 ))))))))))))))))))))))))))))))
.
.
2011-05-02 22:28 . 2011-05-02 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-02 13:38 . 2011-05-02 13:38 -------- d-----w- c:\users\User\AppData\Local\The Lord of the Rings Online
2011-05-01 20:07 . 2011-05-02 13:17 -------- d-----w- c:\users\User\AppData\Local\Turbine
2011-05-01 20:07 . 2011-05-02 18:35 -------- d-----w- c:\users\User\AppData\Local\ApplicationHistory
2011-05-01 20:06 . 2011-05-01 20:06 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-05-01 19:42 . 2011-05-01 19:42 -------- d-----w- c:\program files (x86)\Codemasters
2011-05-01 15:49 . 2011-05-02 22:28 -------- d-----w- c:\users\User\AppData\Local\PMB Files
2011-05-01 15:49 . 2011-05-01 15:56 -------- d-----w- c:\programdata\PMB Files
2011-04-29 10:05 . 2011-04-29 10:05 -------- d-----w- c:\program files (x86)\Tunatic
2011-04-27 16:24 . 2011-04-27 16:24 -------- d-----w- C:\_OTL
2011-04-27 10:32 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 10:32 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-24 15:59 . 2011-04-24 15:59 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-04-24 15:58 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-24 15:58 . 2011-04-24 15:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-24 15:58 . 2011-04-24 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-24 15:58 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 18:31 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 18:31 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 18:29 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 13:26 . 2011-04-12 13:26 -------- d-----w- c:\program files\SD EnterNET
2011-04-12 13:26 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-04-11 18:21 . 2011-04-11 18:21 -------- d-----w- c:\users\User\AppData\Local\Urgesoft
2011-04-10 20:29 . 2011-04-10 20:29 -------- d-----w- c:\users\User\AppData\Local\Jaksta_Technologies_Pty_L
2011-04-10 20:29 . 2011-04-10 20:29 -------- d-----w- c:\programdata\Applian
2011-04-10 20:28 . 2011-04-10 20:28 -------- d-----w- c:\windows\Applian Director
2011-04-05 18:00 . 2011-04-13 15:07 -------- d-----w- c:\program files (x86)\Metin2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:17 . 2011-04-27 10:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 10:33 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 09:56 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 09:56 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 09:56 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 09:56 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 09:56 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 20:50 . 2011-02-18 20:50 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-02-18 20:50 . 2011-02-18 20:50 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-02-18 20:50 . 2011-02-18 20:50 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-02-18 20:50 . 2011-02-18 20:50 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-02-18 20:50 . 2011-02-18 20:50 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-02-18 20:50 . 2011-02-18 20:50 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-02-18 20:50 . 2011-02-18 20:50 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-02-18 20:50 . 2011-02-18 20:50 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-02-18 20:50 . 2011-02-18 20:50 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-02-18 20:50 . 2011-02-18 20:50 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-02-18 20:50 . 2011-02-18 20:50 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-02-18 20:50 . 2010-07-07 01:54 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-02-18 20:50 . 2011-02-18 20:50 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-02-18 20:50 . 2011-02-18 20:50 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-02-18 20:50 . 2011-02-18 20:50 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-02-18 20:50 . 2011-02-18 20:50 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-02-18 20:50 . 2010-04-07 01:40 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-02-18 20:50 . 2011-02-18 20:50 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-02-18 20:50 . 2011-02-18 20:50 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-02-18 20:50 . 2011-02-18 20:50 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-02-18 20:50 . 2011-02-18 20:50 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-02-18 20:50 . 2011-02-18 20:50 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-02-18 20:50 . 2011-02-18 20:50 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-02-18 20:50 . 2010-09-23 16:39 58880 ----a-w- c:\windows\system32\coinst.dll
2011-02-18 20:50 . 2011-02-18 20:50 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-02-18 20:50 . 2011-02-18 20:50 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-02-18 20:50 . 2011-02-18 20:50 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-02-18 20:50 . 2011-02-18 20:50 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-02-18 20:50 . 2011-02-18 20:50 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-02-18 20:50 . 2011-02-18 20:50 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-02-18 20:50 . 2011-02-18 20:50 332800 ----a-w- c:\windows\system32\ATIODE.exe
2011-02-18 20:50 . 2011-02-18 20:50 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-02-18 20:50 . 2011-02-18 20:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-02-18 20:50 . 2010-04-07 01:21 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-02-18 20:50 . 2011-02-18 20:50 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-02-18 20:50 . 2011-02-18 20:50 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-02-18 20:50 . 2011-02-18 20:50 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-02-18 20:50 . 2011-02-18 20:50 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-02-18 20:50 . 2011-02-18 20:50 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-02-18 20:50 . 2011-02-18 20:50 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-02-18 20:50 . 2011-02-18 20:50 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-02-18 20:50 . 2011-02-18 20:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-02-18 20:50 . 2011-02-18 20:50 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-02-18 20:50 . 2011-02-18 20:50 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-02-18 20:50 . 2010-04-07 01:22 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-02-11 07:30 . 2011-03-18 11:37 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE269F37-198C-4267-91F0-BA9282130E30}\mpengine.dll
2011-02-04 21:12 . 2011-02-04 21:12 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-04 21:12 . 2011-02-04 21:12 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-02-04 21:12 . 2011-02-04 21:12 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-04 21:12 . 2011-02-04 21:12 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-02-02 16:11 . 2010-09-18 16:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-02_14.00.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:46 . 2011-05-02 15:27 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-09-18 15:32 . 2011-05-02 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-18 15:32 . 2011-05-02 13:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-18 15:32 . 2011-05-02 13:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-18 15:32 . 2011-05-02 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2011-05-02 20:00 661064 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-05-02 13:53 661064 c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2011-05-02 20:00 707446 c:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2011-05-02 13:53 707446 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-05-02 20:00 125254 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-05-02 13:53 125254 c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2011-05-02 13:53 153038 c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2011-05-02 20:00 153038 c:\windows\system32\perfc007.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-02-18 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-05-01 3071384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2010-09-16 8761344]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: die-staemme.de\de71
TCP: {CBBC9FEA-46B8-41DF-909C-5566F8219919} = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwjhbt5a.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-03 00:30:00
ComboFix-quarantined-files.txt 2011-05-02 22:29
ComboFix2.txt 2011-05-02 14:01
ComboFix3.txt 2011-04-29 14:05
.
Vor Suchlauf: 11 Verzeichnis(se), 82.086.477.824 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 82.011.013.120 Bytes frei
.
- - End Of File - - 8234897BE9AEBA35660437A58276ED49
|
|
03.05.2011, 08:31
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 21:15
| #30 |
| | IE öffnet komplett andere Seiten durch Trojaner MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Ultimate Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: ASUSTeK Computer INC. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: System manufacturer System Product Name: System Product Name Logical Drives Mask: 0x000000dc Kernel Drivers (total 157): 0x0380E000 \SystemRoot\system32\ntoskrnl.exe 0x03DEB000 \SystemRoot\system32\hal.dll 0x00BA1000 \SystemRoot\system32\kdcom.dll 0x00CDC000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00D20000 \SystemRoot\system32\PSHED.dll 0x00D34000 \SystemRoot\system32\CLFS.SYS 0x00C00000 \SystemRoot\system32\CI.dll 0x00E72000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00F16000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x010CB000 \SystemRoot\System32\Drivers\spwc.sys 0x011F1000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x01000000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x0102F000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x01086000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x01090000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00F25000 \SystemRoot\system32\DRIVERS\pci.sys 0x0109D000 \SystemRoot\System32\drivers\partmgr.sys 0x010B2000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00F58000 \SystemRoot\System32\drivers\volmgrx.sys 0x00FB4000 \SystemRoot\system32\DRIVERS\pciide.sys 0x00FBB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x00FCB000 \SystemRoot\System32\drivers\mountmgr.sys 0x012D5000 \SystemRoot\system32\drivers\iaStorV.sys 0x013F3000 \SystemRoot\system32\DRIVERS\atapi.sys 0x01200000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x0122A000 \SystemRoot\system32\drivers\amdxata.sys 0x01235000 \SystemRoot\system32\drivers\fltmgr.sys 0x01281000 \SystemRoot\system32\drivers\fileinfo.sys 0x0145C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x00E00000 \SystemRoot\System32\Drivers\msrpc.sys 0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys 0x0162D000 \SystemRoot\System32\Drivers\cng.sys 0x016A0000 \SystemRoot\System32\drivers\pcw.sys 0x016B1000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x016BB000 \SystemRoot\system32\drivers\ndis.sys 0x00D92000 \SystemRoot\system32\drivers\NETIO.SYS 0x017AD000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01801000 \SystemRoot\System32\drivers\tcpip.sys 0x01ADA000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01B24000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x01B34000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x01B80000 \SystemRoot\System32\Drivers\spldr.sys 0x01B88000 \SystemRoot\System32\drivers\rdyboost.sys 0x01BC2000 \SystemRoot\System32\Drivers\mup.sys 0x01BD4000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01A00000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01A3A000 \SystemRoot\system32\DRIVERS\disk.sys 0x01A50000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x01A80000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x01AAA000 \SystemRoot\System32\Drivers\Null.SYS 0x01AB3000 \SystemRoot\System32\Drivers\Beep.SYS 0x01ABA000 \SystemRoot\System32\drivers\vga.sys 0x017D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01AC8000 \SystemRoot\System32\drivers\watchdog.sys 0x01BDD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01BE6000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01BEF000 \SystemRoot\system32\drivers\rdprefmp.sys 0x01600000 \SystemRoot\System32\Drivers\Msfs.SYS 0x0160B000 \SystemRoot\System32\Drivers\Npfs.SYS 0x0141A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x0161C000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02E6E000 \SystemRoot\system32\drivers\afd.sys 0x02EF8000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02F3D000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02F46000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02F6C000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x02F82000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02F91000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02FAC000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02FC0000 \SystemRoot\System32\drivers\discache.sys 0x03E6E000 \SystemRoot\system32\drivers\csc.sys 0x03EF1000 \SystemRoot\System32\Drivers\dfsc.sys 0x03F0F000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03F20000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03F46000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x03F5C000 \SystemRoot\system32\DRIVERS\atikmpag.sys 0x04AEE000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x0409F000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x04193000 \SystemRoot\System32\drivers\dxgmms1.sys 0x041D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x04000000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x0400D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x04063000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x04202000 \SystemRoot\system32\drivers\cmudaxp.sys 0x04A00000 \SystemRoot\system32\drivers\portcls.sys 0x043C7000 \SystemRoot\system32\drivers\drmk.sys 0x04A3D000 \SystemRoot\system32\drivers\ks.sys 0x043E9000 \SystemRoot\system32\drivers\ksthunk.sys 0x04A80000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x03FAA000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x043EF000 \SystemRoot\system32\DRIVERS\ASACPI.sys 0x04074000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x04084000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03E00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x04AD6000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03E24000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x03E53000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02FCF000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x01438000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04AE2000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x053EA000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x03FE8000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x043F7000 \SystemRoot\system32\DRIVERS\swenum.sys 0x01295000 \SystemRoot\system32\DRIVERS\umbus.sys 0x05865000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x058BF000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x058D4000 \SystemRoot\system32\drivers\AtihdW76.sys 0x07AB0000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x07D0C000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x07D29000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x000A0000 \SystemRoot\System32\win32k.sys 0x07D2B000 \SystemRoot\System32\drivers\Dxapi.sys 0x07D37000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x07D45000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x07D5E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x07D74000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x058F4000 \SystemRoot\system32\DRIVERS\RTL8192su.sys 0x07D82000 \SystemRoot\System32\drivers\vwifibus.sys 0x07D8F000 \SystemRoot\system32\DRIVERS\monitor.sys 0x07D9D000 \SystemRoot\system32\drivers\USBSTOR.SYS 0x00400000 \SystemRoot\System32\TSDDD.dll 0x00680000 \SystemRoot\System32\cdd.dll 0x07DB8000 \SystemRoot\system32\drivers\luafv.sys 0x07DDB000 \SystemRoot\system32\drivers\WudfPf.sys 0x07A00000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x07A15000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x07A68000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x07A7B000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0567B000 \SystemRoot\system32\drivers\HTTP.sys 0x05743000 \SystemRoot\system32\DRIVERS\bowser.sys 0x05761000 \SystemRoot\System32\drivers\mpsdrv.sys 0x05779000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x057A6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x05623000 \??\C:\Windows\system32\drivers\regi.sys 0x0904D000 \SystemRoot\system32\drivers\peauth.sys 0x090F3000 \SystemRoot\System32\Drivers\secdrv.SYS 0x090FE000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x0912B000 \SystemRoot\System32\drivers\tcpipreg.sys 0x0913D000 \SystemRoot\System32\DRIVERS\srv2.sys 0x09351000 \SystemRoot\System32\DRIVERS\srv.sys 0x09200000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x0921D000 \SystemRoot\system32\DRIVERS\klif.sys 0x092B3000 \SystemRoot\system32\DRIVERS\klim6.sys 0x0AE1D000 \SystemRoot\system32\DRIVERS\kl1.sys 0x0B57C000 \SystemRoot\system32\DRIVERS\kl2.sys 0x0B59A000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x0B5A7000 \SystemRoot\system32\DRIVERS\klmouflt.sys 0x77830000 \Windows\System32\ntdll.dll 0x47900000 \Windows\System32\smss.exe 0xFFB50000 \Windows\System32\apisetschema.dll 0xFF720000 \Windows\System32\autochk.exe 0xFFB20000 \Windows\System32\sechost.dll 0xFFA80000 \Windows\System32\msvcrt.dll Processes (total 60): 0 System Idle Process 4 System 328 C:\Windows\System32\smss.exe 452 csrss.exe 524 C:\Windows\System32\wininit.exe 548 csrss.exe 580 C:\Windows\System32\winlogon.exe 636 C:\Windows\System32\services.exe 656 C:\Windows\System32\lsass.exe 664 C:\Windows\System32\lsm.exe 768 C:\Windows\System32\svchost.exe 848 C:\Windows\System32\svchost.exe 912 C:\Windows\System32\atiesrxx.exe 972 C:\Windows\System32\svchost.exe 1012 C:\Windows\System32\svchost.exe 308 C:\Windows\System32\svchost.exe 352 C:\Windows\System32\svchost.exe 1084 C:\Windows\System32\svchost.exe 1180 C:\Windows\System32\atieclxx.exe 1216 C:\Windows\System32\taskeng.exe 1248 C:\Windows\System32\spoolsv.exe 1280 C:\Windows\System32\svchost.exe 1324 C:\Windows\System32\rundll32.exe 1336 C:\Windows\System32\rundll32.exe 1440 C:\Windows\SysWOW64\rundll32.exe 1504 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE 1596 C:\Windows\System32\taskhost.exe 1752 C:\Windows\explorer.exe 1884 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 1960 C:\Windows\SysWOW64\PnkBstrA.exe 1984 C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe 2024 C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWLan.exe 2444 C:\Windows\System32\svchost.exe 2280 C:\Windows\System32\svchost.exe 728 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe 1900 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe 1908 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 2244 C:\Windows\SysWOW64\HsMgr.exe 2772 C:\Windows\system\HsMgr64.exe 2768 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe 2872 C:\Program Files\ASUS Xonar DX Audio\Customapp\AsusAudioCenter.exe 2892 C:\Program Files (x86)\Razer\Mamba\RazerTray.exe 2880 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe 2632 C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe 1876 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 704 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 3460 C:\Windows\System32\svchost.exe 3840 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3948 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 4992 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe 2852 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe 1460 C:\Program Files\Windows Sidebar\sidebar.exe 2664 C:\Windows\System32\taskhost.exe 3052 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 4076 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe 4072 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 4092 C:\Windows\System32\audiodg.exe 3128 C:\Users\User\Downloads\MBRCheck.exe 4188 C:\Windows\System32\conhost.exe 3836 C:\Windows\System32\dllhost.exe \\.\C: --> error 5 \\.\D: --> error 5 PhysicalDrive0 Model Number: <error opening> PhysicalDrive1 Model Number: <error opening> PhysicalDrive2 Model Number: <error opening> Size Device Name MBR Status -------------------------------------------- ERROR Opening: \\.\PhysicalDrive0 (5) ERROR Opening: \\.\PhysicalDrive1 (5) ERROR Opening: \\.\PhysicalDrive2 (5) Done! Anmerkung:Habe mir heute Kaspersky 2011 gekauft, und direkt installiert und komplett durchlaufen lassen...11Trojaner, seitdem scheint mir das Problem behoben..kann das aber noch nicht genau sagen. Ich nehme an dass kannst du aus dem Log hier rauslesen, ob das Problem noch vorhanden ist? Auf jeden Fall möchte ich mich recht herzlich bedanken, für die klasse Hilfe bis jetzt. |
|
| Themen zu IE öffnet komplett andere Seiten durch Trojaner |
| 100%, aktiv, anschluss, avira, beendet, datei, dateien, diverse, download, explorer, gelöscht, hijack, infizierte, infizierte dateien, internet, internet explorer, malwarebytes, microsoft, microsoft essentials, nicht mehr, nicht mehr öffnen, plug-in, prozess, rückmeldung, seite, seiten, suche, syswow64, trojane, trojaner, trojaner gefunden, öffnet |
Linear-Darstellung
