| |
| |||||||
Log-Analyse und Auswertung: Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
30.06.2011, 19:59
| #16 |
 |  Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Hallo, das ging doch schneller als gedacht, konnte auch gleich noch einen Quick Scan mit Antimalware ausführen, Ergebnis ist dieses : Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6988 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 30.06.2011 20:57:43 mbam-log-2011-06-30 (20-57-43).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 173782 Laufzeit: 5 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 73 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srenum (Rootkit.Agent) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{E8278950-A001-5784-8F3D-6FD1944EEB83} (Trojan.ZbotR.Gen) -> Value: {E8278950-A001-5784-8F3D-6FD1944EEB83} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{6C0AC0A2-E9F3-D3A9-8F3D-6FD1944EEB83} (Trojan.ZbotR.Gen) -> Value: {6C0AC0A2-E9F3-D3A9-8F3D-6FD1944EEB83} -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Windows\Temp\0.02982361313694637.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.06304959499790941.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.09543347874946073.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.10300292243575238.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.1123859815417605.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.11830981378451855.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.16701568119025378.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.19892284299261365.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.2544712715638041.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.2700757312103772.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.2818967605712479.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.3285626909836967.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.3518482552556148.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.352948370245038.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.38241413599697915.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.41592840264870024.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.4415245087438.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.47095806914749816.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.508090140629153.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache1019428240765865564.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache1413420405328620918.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache1773901548270056310.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache1845326683656910383.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache1972373427017235995.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache2036616603733637164.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache2117399220869105996.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache2186857289031873534.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache2198686028480056912.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache226435340890434754.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache2767952463414582473.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache2936127381059979390.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache7012222302967810518.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache7489981094826435220.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache7520265481452380455.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache841626957316226260.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache842511308754773140.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache8459773770949981073.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache876102640827813143.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache8952469836558831783.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache905977793916706702.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache9141738042089062894.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.6699255493257086.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache3096526791625388121.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache3102642627187352873.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache3274181603513373370.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache3356608356017638046.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache3393579051805727639.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache431222772015663167.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache4553689054590791538.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache5044754694494494437.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache5395154821186458460.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache5407441157636782015.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache5412206462808943710.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache5760427262883043701.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache6031642783049983989.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\jar_cache6408941054642479696.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.709193262980863.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.7110913109357835.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.7671819673147506.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.7673662084175875.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.78506759477088.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.7938880080060021.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.8342415222567076.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.8597828915376454.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.8629951993909257.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.9075565698654047.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.9113239021670663.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.9197759715445485.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\0.929861419626731.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Windows\Temp\w1 (Spyware.Passwords) -> Quarantined and deleted successfully. c:\Windows\Temp\0.03134971657898944.exe (Exploit.Drop.2) -> Quarantined and deleted successfully. c:\Users\obelix\AppData\Roaming\Ruiv\iwqe.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully. c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully. Hoffe das war so richtig.  Grüße No Suspicion |
|
30.06.2011, 20:09
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Jau ich wollte zur Kontrolle auch noch ein neues Log vom TDSS-Killer sehen.
__________________
__________________ |
|
30.06.2011, 20:21
| #18 |
| | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Hy Arne,
__________________der meinte nichts gefunden. Als einzigen Log gibt er mir den von vorhin mit den Dingen die durch den Neustart dann gelöscht wurden. Hier wäre der von vorhin fall überhaupt notwendig ich poste des einfach mal sicherheitshalber da ich ohnehin keinen blassen Schimmer hab  2011/06/30 21:14:59.0324 2612 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16 2011/06/30 21:14:59.0542 2612 ================================================================================ 2011/06/30 21:14:59.0542 2612 SystemInfo: 2011/06/30 21:14:59.0542 2612 2011/06/30 21:14:59.0542 2612 OS Version: 6.1.7600 ServicePack: 0.0 2011/06/30 21:14:59.0542 2612 Product type: Workstation 2011/06/30 21:14:59.0542 2612 ComputerName: OBELIX-PC 2011/06/30 21:14:59.0542 2612 UserName: obelix 2011/06/30 21:14:59.0542 2612 Windows directory: C:\Windows 2011/06/30 21:14:59.0542 2612 System windows directory: C:\Windows 2011/06/30 21:14:59.0542 2612 Processor architecture: Intel x86 2011/06/30 21:14:59.0542 2612 Number of processors: 2 2011/06/30 21:14:59.0542 2612 Page size: 0x1000 2011/06/30 21:14:59.0542 2612 Boot type: Normal boot 2011/06/30 21:14:59.0542 2612 ================================================================================ 2011/06/30 21:15:01.0960 2612 Initialize success 2011/06/30 21:15:03.0942 1008 ================================================================================ 2011/06/30 21:15:03.0942 1008 Scan started 2011/06/30 21:15:03.0942 1008 Mode: Manual; 2011/06/30 21:15:03.0942 1008 ================================================================================ 2011/06/30 21:15:06.0391 1008 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/06/30 21:15:06.0765 1008 accwldrv (7647d7887082463cc3bbb70fd4c92501) C:\Windows\system32\DRIVERS\accwldrv.sys 2011/06/30 21:15:07.0124 1008 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/06/30 21:15:07.0452 1008 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/06/30 21:15:07.0623 1008 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/06/30 21:15:07.0982 1008 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/06/30 21:15:08.0341 1008 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/06/30 21:15:08.0606 1008 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/06/30 21:15:08.0653 1008 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/06/30 21:15:08.0934 1008 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/06/30 21:15:09.0168 1008 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/06/30 21:15:09.0464 1008 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/06/30 21:15:09.0854 1008 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/06/30 21:15:10.0369 1008 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/06/30 21:15:10.0743 1008 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/06/30 21:15:11.0164 1008 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/06/30 21:15:11.0648 1008 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/06/30 21:15:12.0054 1008 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/06/30 21:15:12.0507 1008 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/06/30 21:15:13.0084 1008 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/06/30 21:15:13.0552 1008 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/06/30 21:15:14.0129 1008 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/06/30 21:15:14.0660 1008 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/06/30 21:15:15.0284 1008 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys 2011/06/30 21:15:16.0079 1008 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/06/30 21:15:16.0563 1008 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/06/30 21:15:17.0015 1008 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2011/06/30 21:15:17.0483 1008 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/06/30 21:15:17.0936 1008 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/06/30 21:15:18.0482 1008 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/06/30 21:15:18.0950 1008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/06/30 21:15:19.0231 1008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/06/30 21:15:19.0699 1008 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/06/30 21:15:20.0151 1008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/06/30 21:15:20.0978 1008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/06/30 21:15:21.0415 1008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/06/30 21:15:21.0914 1008 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/06/30 21:15:22.0491 1008 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/06/30 21:15:22.0928 1008 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/06/30 21:15:23.0255 1008 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/06/30 21:15:23.0427 1008 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/06/30 21:15:24.0082 1008 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/06/30 21:15:24.0550 1008 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/06/30 21:15:25.0221 1008 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/06/30 21:15:25.0861 1008 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/06/30 21:15:26.0297 1008 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/06/30 21:15:27.0015 1008 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/06/30 21:15:27.0530 1008 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/06/30 21:15:27.0967 1008 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/06/30 21:15:28.0450 1008 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/06/30 21:15:29.0199 1008 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/06/30 21:15:29.0729 1008 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/06/30 21:15:30.0556 1008 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/06/30 21:15:31.0773 1008 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/06/30 21:15:32.0506 1008 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/06/30 21:15:32.0865 1008 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys 2011/06/30 21:15:33.0146 1008 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/06/30 21:15:33.0505 1008 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys 2011/06/30 21:15:34.0035 1008 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys 2011/06/30 21:15:34.0378 1008 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/06/30 21:15:34.0987 1008 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/06/30 21:15:35.0470 1008 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/06/30 21:15:35.0876 1008 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/06/30 21:15:36.0110 1008 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/06/30 21:15:36.0500 1008 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/06/30 21:15:36.0968 1008 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/06/30 21:15:37.0420 1008 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/06/30 21:15:37.0779 1008 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/06/30 21:15:38.0216 1008 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys 2011/06/30 21:15:38.0621 1008 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/06/30 21:15:39.0027 1008 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/06/30 21:15:39.0370 1008 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/06/30 21:15:39.0713 1008 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/06/30 21:15:40.0103 1008 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/06/30 21:15:40.0556 1008 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/06/30 21:15:41.0024 1008 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/06/30 21:15:41.0445 1008 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/06/30 21:15:41.0773 1008 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/06/30 21:15:42.0506 1008 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/06/30 21:15:43.0255 1008 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/06/30 21:15:43.0941 1008 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/06/30 21:15:44.0612 1008 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/06/30 21:15:45.0173 1008 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/06/30 21:15:47.0108 1008 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/06/30 21:15:47.0966 1008 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/06/30 21:15:48.0496 1008 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys 2011/06/30 21:15:49.0058 1008 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/06/30 21:15:49.0417 1008 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/06/30 21:15:49.0978 1008 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/06/30 21:15:50.0399 1008 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/06/30 21:15:50.0696 1008 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/06/30 21:15:51.0507 1008 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/06/30 21:15:51.0679 1008 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/06/30 21:15:52.0474 1008 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/06/30 21:15:52.0958 1008 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/06/30 21:15:53.0613 1008 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/06/30 21:15:54.0034 1008 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/06/30 21:15:54.0502 1008 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/06/30 21:15:55.0017 1008 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/06/30 21:15:55.0735 1008 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/06/30 21:15:56.0187 1008 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/06/30 21:15:57.0029 1008 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/06/30 21:15:57.0607 1008 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/06/30 21:15:58.0199 1008 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/06/30 21:15:58.0964 1008 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys 2011/06/30 21:15:59.0510 1008 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys 2011/06/30 21:15:59.0962 1008 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys 2011/06/30 21:16:00.0617 1008 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/06/30 21:16:01.0163 1008 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/06/30 21:16:01.0678 1008 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/06/30 21:16:02.0427 1008 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/06/30 21:16:02.0536 1008 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/06/30 21:16:03.0488 1008 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/06/30 21:16:03.0753 1008 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/06/30 21:16:03.0847 1008 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/06/30 21:16:04.0096 1008 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/06/30 21:16:04.0330 1008 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/06/30 21:16:04.0533 1008 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/06/30 21:16:04.0658 1008 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/06/30 21:16:04.0736 1008 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/06/30 21:16:04.0829 1008 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/06/30 21:16:05.0001 1008 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/06/30 21:16:05.0173 1008 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/06/30 21:16:05.0422 1008 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/06/30 21:16:05.0578 1008 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/06/30 21:16:05.0781 1008 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/06/30 21:16:05.0906 1008 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/06/30 21:16:05.0999 1008 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/06/30 21:16:06.0077 1008 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/06/30 21:16:06.0171 1008 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/06/30 21:16:06.0265 1008 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/06/30 21:16:06.0358 1008 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/06/30 21:16:06.0405 1008 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/06/30 21:16:06.0530 1008 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/06/30 21:16:06.0733 1008 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/06/30 21:16:06.0842 1008 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/06/30 21:16:07.0232 1008 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/06/30 21:16:07.0606 1008 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/06/30 21:16:08.0043 1008 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/06/30 21:16:08.0433 1008 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/06/30 21:16:08.0870 1008 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/06/30 21:16:09.0291 1008 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/06/30 21:16:09.0806 1008 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/06/30 21:16:10.0414 1008 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/06/30 21:16:10.0882 1008 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/06/30 21:16:11.0600 1008 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/06/30 21:16:12.0037 1008 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/06/30 21:16:12.0458 1008 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/06/30 21:16:12.0910 1008 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/06/30 21:16:13.0503 1008 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/06/30 21:16:14.0143 1008 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/06/30 21:16:14.0595 1008 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/06/30 21:16:14.0720 1008 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/06/30 21:16:15.0110 1008 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/06/30 21:16:15.0547 1008 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/06/30 21:16:15.0921 1008 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/06/30 21:16:16.0420 1008 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/06/30 21:16:16.0841 1008 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/06/30 21:16:17.0637 1008 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/06/30 21:16:18.0011 1008 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\Windows\system32\DRIVERS\lv302af.sys 2011/06/30 21:16:18.0885 1008 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\Windows\system32\DRIVERS\LV302V32.SYS 2011/06/30 21:16:19.0369 1008 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/06/30 21:16:19.0447 1008 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/06/30 21:16:19.0665 1008 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/06/30 21:16:19.0899 1008 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/06/30 21:16:20.0195 1008 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/06/30 21:16:20.0414 1008 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/06/30 21:16:20.0632 1008 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/06/30 21:16:20.0757 1008 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/06/30 21:16:21.0007 1008 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/06/30 21:16:21.0241 1008 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/06/30 21:16:21.0334 1008 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/06/30 21:16:21.0599 1008 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/06/30 21:16:22.0192 1008 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/06/30 21:16:22.0504 1008 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/06/30 21:16:23.0159 1008 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/06/30 21:16:23.0409 1008 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/06/30 21:16:23.0534 1008 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/06/30 21:16:23.0955 1008 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/06/30 21:16:24.0423 1008 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/06/30 21:16:24.0907 1008 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/06/30 21:16:25.0312 1008 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys 2011/06/30 21:16:25.0733 1008 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys 2011/06/30 21:16:26.0123 1008 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys 2011/06/30 21:16:26.0591 1008 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys 2011/06/30 21:16:27.0044 1008 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys 2011/06/30 21:16:27.0465 1008 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys 2011/06/30 21:16:27.0902 1008 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys 2011/06/30 21:16:28.0151 1008 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/06/30 21:16:28.0479 1008 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/06/30 21:16:29.0009 1008 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/06/30 21:16:29.0509 1008 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys 2011/06/30 21:16:29.0992 1008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/06/30 21:16:30.0460 1008 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/06/30 21:16:30.0897 1008 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/06/30 21:16:31.0318 1008 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/06/30 21:16:31.0739 1008 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/06/30 21:16:32.0098 1008 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/06/30 21:16:32.0395 1008 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/06/30 21:16:32.0566 1008 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/06/30 21:16:32.0722 1008 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/06/30 21:16:32.0941 1008 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/06/30 21:16:33.0034 1008 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/06/30 21:16:33.0175 1008 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/06/30 21:16:33.0268 1008 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/06/30 21:16:33.0533 1008 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys 2011/06/30 21:16:33.0814 1008 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys 2011/06/30 21:16:34.0064 1008 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/06/30 21:16:34.0360 1008 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/06/30 21:16:34.0735 1008 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/06/30 21:16:35.0047 1008 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys 2011/06/30 21:16:36.0295 1008 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys 2011/06/30 21:16:36.0497 1008 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/06/30 21:16:36.0700 1008 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/06/30 21:16:37.0433 1008 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/06/30 21:16:37.0605 1008 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/06/30 21:16:37.0948 1008 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys 2011/06/30 21:16:38.0354 1008 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys 2011/06/30 21:16:38.0931 1008 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys 2011/06/30 21:16:39.0103 1008 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/06/30 21:16:39.0212 1008 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/06/30 21:16:39.0461 1008 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/06/30 21:16:39.0539 1008 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/06/30 21:16:40.0054 1008 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/06/30 21:16:40.0397 1008 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/06/30 21:16:40.0491 1008 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/06/30 21:16:40.0600 1008 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/06/30 21:16:40.0663 1008 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/06/30 21:16:40.0865 1008 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/06/30 21:16:41.0021 1008 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/06/30 21:16:41.0068 1008 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/06/30 21:16:41.0380 1008 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/06/30 21:16:41.0645 1008 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/06/30 21:16:41.0708 1008 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/06/30 21:16:41.0864 1008 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/06/30 21:16:42.0051 1008 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/06/30 21:16:42.0191 1008 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/06/30 21:16:42.0285 1008 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/06/30 21:16:42.0410 1008 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/06/30 21:16:42.0457 1008 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/06/30 21:16:42.0503 1008 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/06/30 21:16:42.0550 1008 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/06/30 21:16:42.0737 1008 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/06/30 21:16:42.0784 1008 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/06/30 21:16:42.0831 1008 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/06/30 21:16:42.0987 1008 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/06/30 21:16:43.0034 1008 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/06/30 21:16:43.0065 1008 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/06/30 21:16:43.0127 1008 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/06/30 21:16:43.0252 1008 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/06/30 21:16:43.0299 1008 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/06/30 21:16:43.0346 1008 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/06/30 21:16:43.0377 1008 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/06/30 21:16:43.0517 1008 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/06/30 21:16:43.0564 1008 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/06/30 21:16:43.0627 1008 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/06/30 21:16:43.0798 1008 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/06/30 21:16:43.0970 1008 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/06/30 21:16:44.0126 1008 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/30 21:16:44.0204 1008 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/30 21:16:44.0375 1008 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/06/30 21:16:44.0438 1008 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/06/30 21:16:44.0641 1008 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/06/30 21:16:44.0688 1008 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/06/30 21:16:45.0140 1008 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/06/30 21:16:45.0202 1008 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/06/30 21:16:45.0436 1008 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/06/30 21:16:45.0514 1008 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/06/30 21:16:45.0577 1008 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/06/30 21:16:45.0717 1008 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/06/30 21:16:45.0748 1008 Boot (0x1200) (ea22272bb811d725a3d6427e5b4791d2) \Device\Harddisk0\DR0\Partition0 2011/06/30 21:16:45.0795 1008 Boot (0x1200) (5a02fda7773d815a73b47aa9b26bfeac) \Device\Harddisk0\DR0\Partition1 2011/06/30 21:16:45.0795 1008 ================================================================================ 2011/06/30 21:16:45.0795 1008 Scan finished 2011/06/30 21:16:45.0795 1008 ================================================================================ 2011/06/30 21:16:45.0842 0988 Detected object count: 0 2011/06/30 21:16:45.0842 0988 Actual detected object count: 0 2011/06/30 21:17:47.0509 3252 ================================================================================ 2011/06/30 21:17:47.0509 3252 Scan started 2011/06/30 21:17:47.0509 3252 Mode: Manual; 2011/06/30 21:17:47.0509 3252 ================================================================================ 2011/06/30 21:17:48.0616 3252 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/06/30 21:17:48.0679 3252 accwldrv (7647d7887082463cc3bbb70fd4c92501) C:\Windows\system32\DRIVERS\accwldrv.sys 2011/06/30 21:17:48.0835 3252 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/06/30 21:17:48.0897 3252 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/06/30 21:17:48.0960 3252 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/06/30 21:17:49.0162 3252 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/06/30 21:17:49.0194 3252 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/06/30 21:17:49.0272 3252 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/06/30 21:17:49.0412 3252 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/06/30 21:17:49.0474 3252 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/06/30 21:17:49.0646 3252 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/06/30 21:17:49.0693 3252 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/06/30 21:17:49.0724 3252 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/06/30 21:17:49.0771 3252 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/06/30 21:17:49.0802 3252 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/06/30 21:17:49.0942 3252 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/06/30 21:17:49.0989 3252 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/06/30 21:17:50.0036 3252 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/06/30 21:17:50.0083 3252 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/06/30 21:17:50.0270 3252 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/06/30 21:17:50.0301 3252 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/06/30 21:17:50.0348 3252 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/06/30 21:17:50.0442 3252 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/06/30 21:17:50.0582 3252 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys 2011/06/30 21:17:50.0800 3252 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/06/30 21:17:50.0863 3252 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/06/30 21:17:51.0050 3252 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 2011/06/30 21:17:51.0128 3252 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/06/30 21:17:51.0175 3252 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/06/30 21:17:51.0315 3252 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/06/30 21:17:51.0378 3252 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/06/30 21:17:51.0409 3252 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/06/30 21:17:51.0471 3252 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/06/30 21:17:51.0596 3252 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/06/30 21:17:51.0658 3252 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/06/30 21:17:51.0690 3252 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/06/30 21:17:51.0721 3252 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/06/30 21:17:51.0877 3252 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/06/30 21:17:51.0939 3252 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/06/30 21:17:52.0033 3252 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/06/30 21:17:52.0142 3252 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/06/30 21:17:52.0236 3252 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/06/30 21:17:52.0267 3252 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/06/30 21:17:52.0314 3252 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/06/30 21:17:52.0454 3252 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/06/30 21:17:52.0516 3252 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/06/30 21:17:52.0579 3252 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/06/30 21:17:52.0719 3252 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/06/30 21:17:52.0828 3252 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/06/30 21:17:52.0860 3252 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/06/30 21:17:53.0016 3252 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/06/30 21:17:53.0140 3252 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/06/30 21:17:53.0218 3252 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/06/30 21:17:53.0484 3252 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/06/30 21:17:53.0780 3252 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/06/30 21:17:53.0858 3252 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys 2011/06/30 21:17:53.0905 3252 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/06/30 21:17:54.0045 3252 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys 2011/06/30 21:17:54.0123 3252 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys 2011/06/30 21:17:54.0201 3252 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/06/30 21:17:54.0310 3252 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/06/30 21:17:54.0373 3252 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/06/30 21:17:54.0435 3252 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/06/30 21:17:54.0498 3252 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/06/30 21:17:54.0607 3252 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/06/30 21:17:54.0669 3252 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/06/30 21:17:54.0732 3252 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/06/30 21:17:54.0778 3252 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/06/30 21:17:54.0934 3252 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys 2011/06/30 21:17:55.0044 3252 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/06/30 21:17:55.0200 3252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/06/30 21:17:55.0262 3252 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/06/30 21:17:55.0340 3252 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/06/30 21:17:55.0480 3252 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/06/30 21:17:55.0527 3252 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/06/30 21:17:55.0558 3252 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/06/30 21:17:55.0621 3252 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/06/30 21:17:55.0746 3252 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/06/30 21:17:55.0824 3252 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/06/30 21:17:55.0886 3252 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/06/30 21:17:55.0995 3252 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/06/30 21:17:56.0058 3252 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/06/30 21:17:56.0104 3252 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/06/30 21:17:56.0448 3252 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/06/30 21:17:56.0760 3252 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/06/30 21:17:56.0838 3252 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys 2011/06/30 21:17:56.0869 3252 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/06/30 21:17:57.0025 3252 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/06/30 21:17:57.0087 3252 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/06/30 21:17:57.0134 3252 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/06/30 21:17:57.0181 3252 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/06/30 21:17:57.0337 3252 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/06/30 21:17:57.0384 3252 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/06/30 21:17:57.0415 3252 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/06/30 21:17:57.0571 3252 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/06/30 21:17:57.0618 3252 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/06/30 21:17:57.0664 3252 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/06/30 21:17:57.0727 3252 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/06/30 21:17:57.0945 3252 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/06/30 21:17:58.0039 3252 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/06/30 21:17:58.0086 3252 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/06/30 21:17:58.0132 3252 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/06/30 21:17:58.0273 3252 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/06/30 21:17:58.0320 3252 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/06/30 21:17:58.0398 3252 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\Windows\system32\DRIVERS\lvrs.sys 2011/06/30 21:17:58.0803 3252 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys 2011/06/30 21:17:59.0124 3252 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys 2011/06/30 21:17:59.0184 3252 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/06/30 21:17:59.0274 3252 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/06/30 21:17:59.0454 3252 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/06/30 21:17:59.0494 3252 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/06/30 21:17:59.0544 3252 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/06/30 21:17:59.0714 3252 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/06/30 21:17:59.0764 3252 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/06/30 21:17:59.0794 3252 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/06/30 21:17:59.0834 3252 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/06/30 21:17:59.0970 3252 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/06/30 21:18:00.0219 3252 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/06/30 21:18:00.0344 3252 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/06/30 21:18:00.0406 3252 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/06/30 21:18:00.0438 3252 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/06/30 21:18:00.0484 3252 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/06/30 21:18:00.0625 3252 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/06/30 21:18:00.0656 3252 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/06/30 21:18:00.0703 3252 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/06/30 21:18:00.0750 3252 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/06/30 21:18:00.0874 3252 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/06/30 21:18:00.0937 3252 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/06/30 21:18:00.0999 3252 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/06/30 21:18:01.0046 3252 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/06/30 21:18:01.0202 3252 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/06/30 21:18:01.0249 3252 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/06/30 21:18:01.0296 3252 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/06/30 21:18:01.0342 3252 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/06/30 21:18:01.0514 3252 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/06/30 21:18:01.0670 3252 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/06/30 21:18:01.0795 3252 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/06/30 21:18:01.0935 3252 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/06/30 21:18:01.0966 3252 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/06/30 21:18:02.0013 3252 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/06/30 21:18:02.0060 3252 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/06/30 21:18:02.0200 3252 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/06/30 21:18:02.0294 3252 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/06/30 21:18:02.0481 3252 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/06/30 21:18:02.0544 3252 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/06/30 21:18:02.0653 3252 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/06/30 21:18:02.0793 3252 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/06/30 21:18:02.0840 3252 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/06/30 21:18:02.0887 3252 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/06/30 21:18:02.0918 3252 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/06/30 21:18:02.0980 3252 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/06/30 21:18:03.0152 3252 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/06/30 21:18:03.0183 3252 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/06/30 21:18:03.0230 3252 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/06/30 21:18:03.0277 3252 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/06/30 21:18:03.0324 3252 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/06/30 21:18:03.0464 3252 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/06/30 21:18:03.0511 3252 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/06/30 21:18:03.0573 3252 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/06/30 21:18:03.0729 3252 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) C:\Windows\system32\DRIVERS\lv302af.sys 2011/06/30 21:18:03.0901 3252 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\Windows\system32\DRIVERS\LV302V32.SYS 2011/06/30 21:18:04.0166 3252 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/06/30 21:18:04.0213 3252 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/06/30 21:18:04.0291 3252 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/06/30 21:18:04.0462 3252 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/06/30 21:18:04.0618 3252 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/06/30 21:18:04.0665 3252 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/06/30 21:18:04.0696 3252 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/06/30 21:18:04.0759 3252 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/06/30 21:18:04.0899 3252 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/06/30 21:18:04.0962 3252 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/06/30 21:18:04.0993 3252 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/06/30 21:18:05.0040 3252 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/06/30 21:18:05.0164 3252 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/06/30 21:18:05.0211 3252 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/06/30 21:18:05.0274 3252 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/06/30 21:18:05.0336 3252 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/06/30 21:18:05.0461 3252 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/06/30 21:18:05.0508 3252 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/06/30 21:18:05.0570 3252 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/06/30 21:18:05.0742 3252 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/06/30 21:18:05.0804 3252 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys 2011/06/30 21:18:05.0866 3252 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys 2011/06/30 21:18:05.0929 3252 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys 2011/06/30 21:18:06.0069 3252 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys 2011/06/30 21:18:06.0116 3252 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys 2011/06/30 21:18:06.0178 3252 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys 2011/06/30 21:18:06.0334 3252 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys 2011/06/30 21:18:06.0397 3252 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/06/30 21:18:06.0475 3252 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/06/30 21:18:06.0631 3252 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/06/30 21:18:06.0709 3252 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys 2011/06/30 21:18:06.0771 3252 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/06/30 21:18:06.0927 3252 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/06/30 21:18:06.0974 3252 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/06/30 21:18:07.0021 3252 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/06/30 21:18:07.0099 3252 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/06/30 21:18:07.0130 3252 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/06/30 21:18:07.0177 3252 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/06/30 21:18:07.0302 3252 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/06/30 21:18:07.0364 3252 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/06/30 21:18:07.0411 3252 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/06/30 21:18:07.0536 3252 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/06/30 21:18:07.0582 3252 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/06/30 21:18:07.0645 3252 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/06/30 21:18:07.0832 3252 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys 2011/06/30 21:18:07.0910 3252 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys 2011/06/30 21:18:08.0066 3252 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/06/30 21:18:08.0144 3252 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/06/30 21:18:08.0316 3252 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/06/30 21:18:08.0456 3252 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys 2011/06/30 21:18:08.0565 3252 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys 2011/06/30 21:18:08.0690 3252 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/06/30 21:18:08.0752 3252 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/06/30 21:18:08.0784 3252 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/06/30 21:18:08.0830 3252 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/06/30 21:18:08.0986 3252 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys 2011/06/30 21:18:09.0127 3252 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys 2011/06/30 21:18:09.0330 3252 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys 2011/06/30 21:18:09.0470 3252 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/06/30 21:18:09.0517 3252 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/06/30 21:18:09.0548 3252 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/06/30 21:18:09.0595 3252 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/06/30 21:18:09.0626 3252 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/06/30 21:18:09.0735 3252 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/06/30 21:18:09.0876 3252 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/06/30 21:18:09.0922 3252 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/06/30 21:18:09.0985 3252 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/06/30 21:18:10.0219 3252 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/06/30 21:18:10.0281 3252 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/06/30 21:18:10.0344 3252 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/06/30 21:18:10.0406 3252 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/06/30 21:18:10.0531 3252 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/06/30 21:18:10.0578 3252 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/06/30 21:18:10.0609 3252 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/06/30 21:18:10.0671 3252 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/06/30 21:18:10.0812 3252 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/06/30 21:18:10.0858 3252 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/06/30 21:18:10.0905 3252 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/06/30 21:18:10.0952 3252 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/06/30 21:18:11.0077 3252 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/06/30 21:18:11.0170 3252 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/06/30 21:18:11.0202 3252 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/06/30 21:18:11.0248 3252 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/06/30 21:18:11.0373 3252 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/06/30 21:18:11.0436 3252 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/06/30 21:18:11.0467 3252 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/06/30 21:18:11.0514 3252 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/06/30 21:18:11.0670 3252 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/06/30 21:18:11.0716 3252 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/06/30 21:18:11.0763 3252 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/06/30 21:18:11.0810 3252 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/06/30 21:18:11.0950 3252 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/06/30 21:18:12.0028 3252 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/06/30 21:18:12.0075 3252 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/06/30 21:18:12.0216 3252 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/06/30 21:18:12.0262 3252 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/06/30 21:18:12.0325 3252 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/06/30 21:18:12.0387 3252 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/30 21:18:12.0403 3252 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/30 21:18:12.0574 3252 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/06/30 21:18:12.0637 3252 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/06/30 21:18:12.0824 3252 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/06/30 21:18:12.0886 3252 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/06/30 21:18:13.0011 3252 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/06/30 21:18:13.0152 3252 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/06/30 21:18:13.0245 3252 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/06/30 21:18:13.0308 3252 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/06/30 21:18:13.0448 3252 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/06/30 21:18:13.0557 3252 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/06/30 21:18:13.0588 3252 Boot (0x1200) (ea22272bb811d725a3d6427e5b4791d2) \Device\Harddisk0\DR0\Partition0 2011/06/30 21:18:13.0620 3252 Boot (0x1200) (5a02fda7773d815a73b47aa9b26bfeac) \Device\Harddisk0\DR0\Partition1 2011/06/30 21:18:13.0635 3252 ================================================================================ 2011/06/30 21:18:13.0635 3252 Scan finished 2011/06/30 21:18:13.0635 3252 ================================================================================ 2011/06/30 21:18:13.0651 2332 Detected object count: 0 2011/06/30 21:18:13.0651 2332 Actual detected object count: 0 Also die Infizierten die Antimalware dann fand wurden auch via Neustart entfernt. Was ist nun noch zu tun? Bisher hab ich nichtsmehr bemerkt, war heut aber auch nicht wirklich mit was anderem am Rechner ausser den Scans ;-) Viele Grüße No suspicion |
|
30.06.2011, 20:29
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.07.2011, 18:49
| #20 |
| | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Hy Arne anbei der Combifix Logfile: :-) Combofix Logfile: Code:
ATTFilter ComboFix 11-06-30.05 - obelix 01.07.2011 19:15:19.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.1014.242 [GMT 2:00]
ausgeführt von:: c:\users\obelix\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cicuy.exe
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iriwg.exe
c:\users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\moku.exe
c:\users\obelix\AppData\Roaming\Adobe\plugs
c:\users\obelix\AppData\Roaming\Adobe\shed
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-01 bis 2011-07-01 ))))))))))))))))))))))))))))))
.
.
2011-07-01 17:25 . 2011-07-01 17:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-07-01 17:25 . 2011-07-01 17:25 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-07-01 17:25 . 2011-07-01 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 18:50 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 18:50 . 2011-06-30 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-30 18:50 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-30 18:31 . 2011-06-30 18:31 175104 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\egca.exe
2011-06-30 18:31 . 2011-06-30 18:31 175104 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ylrie.exe
2011-06-30 18:30 . 2011-06-30 18:30 175104 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\diwaw.exe
2011-06-29 19:45 . 2011-06-30 18:57 -------- d-----w- c:\users\obelix\AppData\Roaming\Ruiv
2011-06-29 19:45 . 2011-06-30 18:42 -------- d-----w- c:\users\obelix\AppData\Roaming\Urluod
2011-06-29 16:44 . 2011-06-29 16:44 -------- d-----w- C:\_OTL
2011-06-28 16:01 . 2011-06-28 16:01 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-06-28 16:01 . 2011-06-28 16:01 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-06-24 16:40 . 2011-06-24 16:40 -------- d-----w- c:\windows\system32\%LocalAppData%
2011-06-19 13:20 . 2011-06-28 15:59 -------- d-----w- c:\programdata\PC Tools
2011-06-18 07:08 . 2011-06-18 07:08 -------- d-----w- c:\users\obelix\AppData\Roaming\UAs
2011-06-17 21:31 . 2011-06-17 21:31 -------- d-----w- c:\users\obelix\AppData\Roaming\5018
2011-06-17 21:31 . 2011-06-17 21:31 112 ----a-w- c:\users\obelix\AppData\Roaming\srvblck2.tmp
2011-06-17 21:15 . 2011-06-17 21:15 -------- d-----w- c:\users\obelix\AppData\Roaming\xmldm
2011-06-17 21:15 . 2011-06-17 21:15 -------- d-----w- c:\users\obelix\AppData\Roaming\kock
2011-06-17 19:44 . 2011-06-18 21:12 -------- d-----w- c:\users\obelix\AppData\Roaming\Nuxi
2011-06-17 19:44 . 2011-06-17 19:45 -------- d-----w- c:\users\obelix\AppData\Roaming\Vykys
2011-06-17 19:44 . 2011-06-17 19:44 -------- d-----w- c:\windows\Sun
2011-06-14 17:18 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{733AB7C1-B6ED-4495-BE36-0E23B31C7E24}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"PhonostarTimer"="c:\program files\phonostar\ps_timer.exe" [2009-05-13 126976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-22 815104]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe" [2010-11-24 233936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2009-3-27 528384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
diwaw.exe [2011-6-30 175104]
egca.exe [2011-6-30 175104]
ylrie.exe [2011-6-30 175104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
.
[HKLM\~\startupfolder\C:^Users^obelix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\obelix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-11-25 21:32 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R0 uiad;uiad;c:\windows\System32\drivers\sojubb.sys [x]
R3 accwldrv;AccSys WiFi Protokoll;c:\windows\system32\DRIVERS\accwldrv.sys [2005-02-15 12032]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R4 AccWLSvc;AccSys WiFi Server;c:\program files\Common Files\AccSys\AccWLSvc.exe [2005-03-15 180224]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://www.arcor.de
mWindow Title = Arcor AG & Co. KG
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\obelix\AppData\Roaming\Mozilla\Firefox\Profiles\b422sxsw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: bug489729: bug489729@alice0775 - %profile%\extensions\bug489729@alice0775
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\users\obelix\AppData\Roaming\5018
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\users\obelix\AppData\Roaming\5018
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-4E3E0230AEBB4E96 - c:\recycle.bin\Recycle.Bin.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-SimCity 3000 Deutschland - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-07-01 19:33:26
ComboFix-quarantined-files.txt 2011-07-01 17:33
.
Vor Suchlauf: 2.760.925.184 Bytes frei
Nach Suchlauf: 2.739.073.024 Bytes frei
.
- - End Of File - - A4EE9BA2C905ADA19BF1E62BFEAEB824
soweit hat des geklappt. Grüße No suspicion |
|
01.07.2011, 18:55
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\egca.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ylrie.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\diwaw.exe
c:\users\obelix\AppData\Roaming\srvblck2.tmp
c:\windows\System32\drivers\sojubb.sys
Folder::
c:\users\obelix\AppData\Roaming\Ruiv
c:\users\obelix\AppData\Roaming\Urluod
c:\users\obelix\AppData\Roaming\xmldm
c:\users\obelix\AppData\Roaming\kock
c:\users\obelix\AppData\Roaming\Nuxi
c:\users\obelix\AppData\Roaming\Vykys
Driver::
uiad
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam |
|
01.07.2011, 19:26
| #22 |
| | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Vielen Dank für die fixen Antworten  Erledigt  Combofix Logfile: Code:
ATTFilter ComboFix 11-06-30.05 - obelix 01.07.2011 20:02:53.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.1014.255 [GMT 2:00]
ausgeführt von:: c:\users\obelix\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\obelix\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\diwaw.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\egca.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ylrie.exe"
"c:\users\obelix\AppData\Roaming\srvblck2.tmp"
"c:\windows\System32\drivers\sojubb.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\diwaw.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\egca.exe
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ylrie.exe
c:\users\obelix\AppData\Roaming\kock
c:\users\obelix\AppData\Roaming\Nuxi
c:\users\obelix\AppData\Roaming\Ruiv
c:\users\obelix\AppData\Roaming\srvblck2.tmp
c:\users\obelix\AppData\Roaming\Urluod
c:\users\obelix\AppData\Roaming\Urluod\wyxaa.tec
c:\users\obelix\AppData\Roaming\Vykys
c:\users\obelix\AppData\Roaming\xmldm
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_uiad
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-01 bis 2011-07-01 ))))))))))))))))))))))))))))))
.
.
2011-07-01 18:13 . 2011-07-01 18:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-07-01 18:13 . 2011-07-01 18:13 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-07-01 18:13 . 2011-07-01 18:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-30 18:50 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-30 18:50 . 2011-06-30 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-30 18:50 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-29 16:44 . 2011-06-29 16:44 -------- d-----w- C:\_OTL
2011-06-28 16:01 . 2011-06-28 16:01 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-06-28 16:01 . 2011-06-28 16:01 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-06-24 16:40 . 2011-06-24 16:40 -------- d-----w- c:\windows\system32\%LocalAppData%
2011-06-19 13:20 . 2011-06-28 15:59 -------- d-----w- c:\programdata\PC Tools
2011-06-18 07:08 . 2011-06-18 07:08 -------- d-----w- c:\users\obelix\AppData\Roaming\UAs
2011-06-17 21:31 . 2011-06-17 21:31 -------- d-----w- c:\users\obelix\AppData\Roaming\5018
2011-06-17 19:44 . 2011-06-17 19:44 -------- d-----w- c:\windows\Sun
2011-06-14 17:18 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{733AB7C1-B6ED-4495-BE36-0E23B31C7E24}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-01_17.26.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:55 . 2011-07-01 16:45 39104 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-07-01 18:16 39104 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-27 09:50 . 2011-07-01 18:16 11042 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4000838297-2719231456-1191095059-1001_UserData.bin
+ 2009-12-26 15:47 . 2011-07-01 18:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-26 15:47 . 2011-07-01 16:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-26 15:47 . 2011-07-01 18:17 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-26 15:47 . 2011-07-01 16:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-26 15:47 . 2011-07-01 18:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-26 15:47 . 2011-07-01 16:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-26 15:47 . 2011-07-01 18:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-26 15:47 . 2011-07-01 16:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-26 15:47 . 2011-07-01 16:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-26 15:47 . 2011-07-01 18:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-01 16:39 . 2011-07-01 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-01 16:39 . 2011-07-01 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-01 16:39 . 2011-07-01 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-01 16:39 . 2011-07-01 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-12-26 14:16 . 2011-07-01 16:39 278528 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-26 14:16 . 2011-07-01 18:14 278528 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2011-07-01 18:14 851968 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2011-07-01 16:39 851968 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-26 14:16 . 2011-07-01 16:39 2981888 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-26 14:16 . 2011-07-01 18:14 2981888 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"PhonostarTimer"="c:\program files\phonostar\ps_timer.exe" [2009-05-13 126976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-22 815104]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe" [2010-11-24 233936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2009-3-27 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
.
[HKLM\~\startupfolder\C:^Users^obelix^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\obelix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-11-25 21:32 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R3 accwldrv;AccSys WiFi Protokoll;c:\windows\system32\DRIVERS\accwldrv.sys [2005-02-15 12032]
R3 CFcatchme;CFcatchme;c:\users\obelix\AppData\Local\Temp\CFcatchme.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\DRIVERS\ndisrd.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R4 AccWLSvc;AccSys WiFi Server;c:\program files\Common Files\AccSys\AccWLSvc.exe [2005-03-15 180224]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://www.arcor.de
mWindow Title = Arcor AG & Co. KG
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\obelix\AppData\Roaming\Mozilla\Firefox\Profiles\b422sxsw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: bug489729: bug489729@alice0775 - %profile%\extensions\bug489729@alice0775
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\users\obelix\AppData\Roaming\5018
FF - Ext: JavaString Helper: {184AA5E6-741D-464a-820E-94B3ABC2F3B4} - c:\users\obelix\AppData\Roaming\5018
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-01 20:21:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-07-01 18:21
ComboFix2.txt 2011-07-01 17:33
.
Vor Suchlauf: 2.791.239.680 Bytes frei
Nach Suchlauf: 2.598.842.368 Bytes frei
.
- - End Of File - - A17DDCFF20B7712507EA4AFA74F78EFA
Grüße No suspicion |
|
01.07.2011, 19:39
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.07.2011, 20:46
| #24 |
| | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Hy Arne, GMER blieb beim ersten mal hängen ging dann aber doch aufs 2. Mal: GMER GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-01 21:34:15
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC70P
Running: zd6y4u12.exe; Driver: C:\Users\obelix\AppData\Local\Temp\pxdiapod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A52599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A76F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1184] USER32.dll!TrackPopupMenu 76E44B3B 5 Bytes JMP 60F789D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2940] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 008813F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:42:39 on 01.07.2011 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.18 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "acer" - C:\Windows\System32\eNetHook.dll [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AccSys WiFi Protokoll" (accwldrv) - "AccSys GmbH" - C:\Windows\System32\DRIVERS\accwldrv.sys "catchme" (catchme) - ? - C:\Users\obelix\AppData\Local\Temp\catchme.sys (File not found) "CFcatchme" (CFcatchme) - ? - C:\Users\obelix\AppData\Local\Temp\CFcatchme.sys (File not found) "int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys (File found, but it contains no detailed information) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys "mbr" (mbr) - ? - C:\Users\obelix\AppData\Local\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "pxdiapod" (pxdiapod) - ? - C:\Users\obelix\AppData\Local\Temp\pxdiapod.sys (Hidden registry entry, rootkit activity | File not found) "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) "WinpkFilter Service" (ndisrd) - ? - C:\Windows\System32\DRIVERS\ndisrd.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL {2BB59FC0-31E8-42DA-9D3C-E9A52953853B} "ImageResizer Shell Extension" - "VSO Software SARL" - C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\soa800.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll {472734EA-242A-422b-ADF8-83D1E48CC825} "{472734EA-242A-422b-ADF8-83D1E48CC825}" - ? - (File not found | COM-object registry key not found) "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\obelix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "PhonostarTimer" - ? - C:\Program Files\phonostar\ps_timer.exe "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe "Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe "eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe "ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe "eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "NMSAccess" (NMSAccess) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRcheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 32-bit Base Board Manufacturer: Acer BIOS Manufacturer: Acer System Manufacturer: Acer System Product Name: Aspire 5610Z Logical Drives Mask: 0x0000001c Kernel Drivers (total 195): 0x82A0F000 \SystemRoot\system32\ntkrnlpa.exe 0x82E1F000 \SystemRoot\system32\halmacpi.dll 0x80BA5000 \SystemRoot\system32\kdcom.dll 0x86A1E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x86A96000 \SystemRoot\system32\PSHED.dll 0x86AA7000 \SystemRoot\system32\BOOTVID.dll 0x86AAF000 \SystemRoot\system32\CLFS.SYS 0x86AF1000 \SystemRoot\system32\CI.dll 0x86C37000 \SystemRoot\system32\drivers\Wdf01000.sys 0x86CA8000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x86CB6000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x86CFE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x86D07000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x86D0F000 \SystemRoot\system32\DRIVERS\pci.sys 0x86D39000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x86D44000 \SystemRoot\System32\drivers\partmgr.sys 0x86D55000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x86D5D000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x86D68000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x86D78000 \SystemRoot\System32\drivers\volmgrx.sys 0x86DC3000 \SystemRoot\system32\DRIVERS\intelide.sys 0x86DCA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x86C00000 \SystemRoot\system32\DRIVERS\pcmcia.sys 0x86DD8000 \SystemRoot\System32\drivers\mountmgr.sys 0x86DEE000 \SystemRoot\system32\DRIVERS\atapi.sys 0x86B9C000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x86DF7000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x86BBF000 \SystemRoot\system32\drivers\fltmgr.sys 0x86A00000 \SystemRoot\system32\drivers\fileinfo.sys 0x86E10000 \SystemRoot\System32\Drivers\Ntfs.sys 0x86F3F000 \SystemRoot\System32\Drivers\msrpc.sys 0x86F6A000 \SystemRoot\System32\Drivers\ksecdd.sys 0x86F7D000 \SystemRoot\System32\Drivers\cng.sys 0x86FDA000 \SystemRoot\System32\drivers\pcw.sys 0x86FE8000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8702A000 \SystemRoot\system32\drivers\ndis.sys 0x870E1000 \SystemRoot\system32\drivers\NETIO.SYS 0x8711F000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x87223000 \SystemRoot\System32\drivers\tcpip.sys 0x8736C000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8739D000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x873A6000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x873E5000 \SystemRoot\System32\Drivers\spldr.sys 0x87144000 \SystemRoot\System32\drivers\rdyboost.sys 0x873ED000 \SystemRoot\System32\Drivers\mup.sys 0x87200000 \SystemRoot\System32\drivers\hwpolicy.sys 0x87171000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x87208000 \SystemRoot\system32\DRIVERS\disk.sys 0x871A3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x87000000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8701F000 \SystemRoot\System32\Drivers\Null.SYS 0x871F1000 \SystemRoot\System32\Drivers\Beep.SYS 0x86FF1000 \SystemRoot\System32\drivers\vga.sys 0x8B020000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8B041000 \SystemRoot\System32\drivers\watchdog.sys 0x8B04E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8B056000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8B05E000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8B066000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8B071000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8B07F000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8B096000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8B0A1000 \SystemRoot\system32\drivers\afd.sys 0x8B0FB000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8B12D000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x8B134000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8B153000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x8B164000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8B172000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8B185000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8B195000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8B1D6000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8B1E0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8B1EA000 \SystemRoot\System32\drivers\discache.sys 0x8C432000 \SystemRoot\system32\drivers\csc.sys 0x8C496000 \SystemRoot\System32\Drivers\dfsc.sys 0x8C4AE000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8C4BC000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8C4DD000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8C4EF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8D22A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8D727000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8C4F8000 \SystemRoot\System32\drivers\dxgmms1.sys 0x8D7DE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8D200000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8C531000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8D20B000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8C57C000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys 0x8CE12000 \SystemRoot\system32\DRIVERS\athr.sys 0x8CF22000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x8CF2C000 \SystemRoot\system32\DRIVERS\EMS7SK.sys 0x8CF3C000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x8CF55000 \SystemRoot\system32\DRIVERS\ESM7SK.sys 0x8CF68000 \SystemRoot\system32\DRIVERS\ESD7SK.sys 0x8CF73000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8CF77000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8CF8F000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8CF9C000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8CFC7000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8CFC9000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8CFD6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8CFDC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x8CFE9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x8C58D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8CE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8C5A5000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8C5C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8C5DF000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8C400000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8D21A000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x8CE0B000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8DA34000 \SystemRoot\system32\DRIVERS\ks.sys 0x8DA68000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8DA76000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8DABA000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8DAD4000 \SystemRoot\system32\drivers\HdAudio.sys 0x8DB24000 \SystemRoot\system32\drivers\portcls.sys 0x8DB53000 \SystemRoot\system32\drivers\drmk.sys 0x8DB6C000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS 0x92A11000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS 0x92B13000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS 0x92BC8000 \SystemRoot\system32\drivers\modem.sys 0x92BD5000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x92BE0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x92BF3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x92A00000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x81FA0000 \SystemRoot\System32\win32k.sys 0x8DBA9000 \SystemRoot\System32\drivers\Dxapi.sys 0x8DBB3000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8DBC0000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x8DBCB000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x8DBD4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x8DBE5000 \SystemRoot\system32\DRIVERS\monitor.sys 0x81E00000 \SystemRoot\System32\TSDDD.dll 0x81E30000 \SystemRoot\System32\cdd.dll 0x8DA00000 \SystemRoot\system32\drivers\luafv.sys 0x8C417000 \SystemRoot\system32\drivers\WudfPf.sys 0x8DA1B000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x8C22A000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x8C270000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x8C280000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x8C293000 \SystemRoot\system32\drivers\HTTP.sys 0x8C318000 \SystemRoot\system32\DRIVERS\bowser.sys 0x8C331000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x8C354000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x8C38F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x8C3CB000 \??\C:\Windows\system32\drivers\int15.sys 0x94E1F000 \SystemRoot\system32\drivers\peauth.sys 0x94EB6000 \SystemRoot\System32\Drivers\secdrv.SYS 0x94EC0000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x94EE1000 \SystemRoot\System32\drivers\tcpipreg.sys 0x94EEE000 \SystemRoot\System32\DRIVERS\srv2.sys 0x94F3D000 \SystemRoot\System32\DRIVERS\srv.sys 0x94E00000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x94E09000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x94F8E000 \??\C:\Users\obelix\AppData\Local\Temp\pxdiapod.sys 0x76EE0000 \Windows\System32\ntdll.dll 0x48260000 \Windows\System32\smss.exe 0x77120000 \Windows\System32\apisetschema.dll 0x00670000 \Windows\System32\autochk.exe 0x770F0000 \Windows\System32\sechost.dll 0x77090000 \Windows\System32\difxapi.dll 0x76E10000 \Windows\System32\user32.dll 0x77060000 \Windows\System32\imagehlp.dll 0x77040000 \Windows\System32\imm32.dll 0x76C10000 \Windows\System32\iertutil.dll 0x76BC0000 \Windows\System32\Wldap32.dll 0x76B30000 \Windows\System32\clbcatq.dll 0x77030000 \Windows\System32\psapi.dll 0x76AF0000 \Windows\System32\ws2_32.dll 0x76950000 \Windows\System32\setupapi.dll 0x768D0000 \Windows\System32\comdlg32.dll 0x76870000 \Windows\System32\shlwapi.dll 0x767D0000 \Windows\System32\usp10.dll 0x76780000 \Windows\System32\gdi32.dll 0x766D0000 \Windows\System32\msvcrt.dll 0x76570000 \Windows\System32\ole32.dll 0x764D0000 \Windows\System32\advapi32.dll 0x76420000 \Windows\System32\rpcrt4.dll 0x76350000 \Windows\System32\msctf.dll 0x77020000 \Windows\System32\nsi.dll 0x76340000 \Windows\System32\lpk.dll 0x76240000 \Windows\System32\wininet.dll 0x761B0000 \Windows\System32\oleaut32.dll 0x76070000 \Windows\System32\urlmon.dll 0x76060000 \Windows\System32\normaliz.dll 0x75F80000 \Windows\System32\kernel32.dll 0x75330000 \Windows\System32\shell32.dll 0x75310000 \Windows\System32\devobj.dll 0x752C0000 \Windows\System32\KernelBase.dll 0x75230000 \Windows\System32\comctl32.dll 0x75110000 \Windows\System32\crypt32.dll 0x750E0000 \Windows\System32\cfgmgr32.dll 0x750B0000 \Windows\System32\wintrust.dll 0x750A0000 \Windows\System32\msasn1.dll Processes (total 49): 0 System Idle Process 4 System 256 C:\Windows\System32\smss.exe 356 csrss.exe 408 C:\Windows\System32\wininit.exe 416 csrss.exe 472 C:\Windows\System32\winlogon.exe 512 C:\Windows\System32\services.exe 520 C:\Windows\System32\lsass.exe 528 C:\Windows\System32\lsm.exe 616 C:\Windows\System32\svchost.exe 692 C:\Windows\System32\svchost.exe 784 C:\Windows\System32\svchost.exe 840 C:\Windows\System32\svchost.exe 868 C:\Windows\System32\svchost.exe 1032 C:\Windows\System32\svchost.exe 1228 C:\Windows\System32\svchost.exe 1352 C:\Windows\System32\spoolsv.exe 1408 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1440 C:\Program Files\Bonjour\mDNSResponder.exe 1484 C:\Windows\System32\svchost.exe 1528 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 1636 C:\Acer\Empowering Technology\eNet\eNet Service.exe 1688 C:\Windows\System32\svchost.exe 1744 C:\Program Files\ICQ6Toolbar\ICQ Service.exe 1856 C:\Program Files\CDBurnerXP\NMSAccessU.exe 1900 C:\Windows\System32\svchost.exe 1976 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 2024 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 1820 C:\Windows\System32\taskhost.exe 2088 C:\Windows\System32\dwm.exe 2228 WmiPrvSE.exe 2268 unsecapp.exe 3552 C:\Windows\System32\SearchIndexer.exe 3068 C:\Windows\System32\svchost.exe 2628 C:\Program Files\Windows Media Player\wmpnetwk.exe 3296 C:\Windows\System32\wuauclt.exe 2988 C:\Windows\explorer.exe 2940 C:\Program Files\Mozilla Firefox\firefox.exe 1184 C:\Program Files\Mozilla Firefox\plugin-container.exe 3328 C:\Users\obelix\Desktop\zd6y4u12.exe 3548 C:\Program Files\WinRAR\WinRAR.exe 3616 C:\Users\obelix\Desktop\Downloads\OSAM\osam.exe 148 C:\Windows\System32\SearchProtocolHost.exe 4020 C:\Windows\System32\SearchFilterHost.exe 3972 C:\Windows\explorer.exe 3536 C:\Windows\System32\audiodg.exe 3216 C:\Users\obelix\Desktop\MBRCheck.exe 2424 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b550f800 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000e`dee82a00 (NTFS) PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC70P Size Device Name MBR Status -------------------------------------------- 111 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! So hoff das passt soweit, ganz schön viel Krims Krams von dem ich mal garkeine Ahnung hab  Grüße No suspicion |
|
01.07.2011, 20:54
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2011, 10:33
| #26 |
| | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Hy Arne, pu hatte eine Weile gedauert, hier die Logfiles: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6998 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.07.2011 22:01:11 mbam-log-2011-07-01 (22-01-11).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 172791 Laufzeit: 4 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=0bd560de9d489b47a18ad13430b98fe8 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-01-06 07:36:35 # local_time=2011-01-06 08:36:35 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 792233 792233 0 0 # compatibility_mode=1797 16775165 100 94 365363 69847207 0 0 # compatibility_mode=5893 16776573 100 94 169663 46770643 0 0 # compatibility_mode=8192 67108863 100 0 3732 3732 0 0 # scanned=200020 # found=41 # cleaned=0 # scan_time=10695 C:\Program Files\ICQ7.2\packages\bloom\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\evergreen\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\Facebook\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\featuredThemes\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\german\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\kolobok\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\pro7\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\purple\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\quest\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\sky\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\strawberries\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\zlango7\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\Xtraz\icq\resources\de-de\xtraz_list.dtd Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\Xtraz\zlango7\resources\de-de\xtraz_list.dtd Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\obelix\AppData\Local\MSNUser90\rasWebusb.dll.vir a variant of Win32/Sefnit.AS trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\obelix\Desktop\Downloads\ps_radio2015.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I C:\Users\obelix\Desktop\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\01032011_185130\C_Users\obelix\AppData\Roaming\53419\pdmn2.exe a variant of Win32/Sefnit.AS trojan (unable to clean) 00000000000000000000000000000000 I D:\Games\Grand Theft Auto San Andreas\trainer.exe probably a variant of Win32/Agent.LPHFBGW trojan (unable to clean) 00000000000000000000000000000000 I F:\OBELIX-PC\Backup Set 2009-12-26 183841\Backup Files 2010-10-08 193307\Backup files 4.zip probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean) 00000000000000000000000000000000 I F:\OBELIX-PC\Backup Set 2009-12-26 183841\Backup Files 2010-10-08 193307\Backup files 5.zip multiple threats (unable to clean) 00000000000000000000000000000000 I F:\OBELIX-PC\Backup Set 2010-12-31 153432\Backup Files 2010-12-31 153432\Backup files 2.zip Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I F:\OBELIX-PC\Backup Set 2010-12-31 153432\Backup Files 2010-12-31 153432\Backup files 7.zip a variant of Win32/Sefnit.AS trojan (unable to clean) 00000000000000000000000000000000 I F:\OBELIX-PC\Backup Set 2010-12-31 153432\Backup Files 2010-12-31 153432\Backup files 8.zip a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I F:\OBELIX-PC\Backup Set 2010-12-31 153432\Backup Files 2010-12-31 153432\Backup files 9.zip Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I F:\12.7\D\Games\Grand Theft Auto San Andreas\trainer.exe probably a variant of Win32/Agent.LPHFBGW trojan (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\Local\knsvmnwlt\ihjkvbftssd.exe Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\23SP8EDU\n00a102304801r0007J11000601R43329fdcW9ff727c8Xc6a2f50fY8a99c47fZ03007f350[1] Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHMFGYEV\n00a102304801r0007J11000601R43329fdcW9ff727c8Xc6a2f50fY8a99c47fZ03007f351[1] a variant of Win32/Olmarik.ABV trojan (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\Local\Mozilla\Firefox\Profiles\b422sxsw.default\Cache\FB0C336Bd01 JS/Exploit.Pdfka.OCR.Gen trojan (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\Local\Temp\iWDh.exe Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\Local\Temp\LsYd.exe a variant of Win32/Olmarik.ABV trojan (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\7bb99554-5b61081d probably a variant of Win32/Agent.DYXWUMY trojan (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-3ebd6ab9 multiple threats (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\40591084-4f631562 Java/TrojanDownloader.Agent.NBL trojan (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\640c67b5-113f8bff Java/TrojanDownloader.Agent.NBM trojan (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\70c078fa-3d9bb464 Java/TrojanDownloader.Agent.NAM trojan (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\3f5641c8-6aeff3d2 Java/TrojanDownloader.Agent.NBK trojan (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\Desktop\Downloads\ps_radio2015.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I F:\12.7\C\Users\obelix\Desktop\Downloads\registrybooster.exe Win32/RegistryBooster application (unable to clean) 00000000000000000000000000000000 I # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=0bd560de9d489b47a18ad13430b98fe8 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-02 09:21:48 # local_time=2011-07-02 11:21:48 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776574 66 94 1521151 62031821 0 0 # compatibility_mode=8192 67108863 100 0 15264910 15264910 0 0 # scanned=151589 # found=25 # cleaned=0 # scan_time=5429 C:\Program Files\ICQ7.2\packages\bloom\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\evergreen\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\Facebook\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\featuredThemes\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\german\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\kolobok\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\pro7\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\purple\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\quest\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\sky\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\strawberries\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\packages\zlango7\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\updates\manifest Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\Xtraz\icq\resources\de-de\xtraz_list.dtd Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\ICQ7.2\Xtraz\zlango7\resources\de-de\xtraz_list.dtd Win32/Adware.SpywareProtect2009 application (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11FVHVJK\imgsource[2].htm JS/Kryptik.AX trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZHXQKYO\index[1].htm JS/Kryptik.AX trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EZHXQKYO\index[2].htm JS/Kryptik.AX trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GI84QHED\show_bn[1].htm JS/Kryptik.AY trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IH161C3F\04[1].ra JS/Kryptik.AP trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JKCRHGQK\forum[1].htm JS/Kryptik.AX trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7NDI0DK\forum[1].htm JS/Kryptik.AX trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0EDCJEQ\index[1].htm JS/Kryptik.AX trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\06292011_184419\C_Recycle.Bin\Recycle.Bin.exe Win32/Spy.SpyEye.CA trojan (unable to clean) 00000000000000000000000000000000 I C:\_OTL\MovedFiles\06292011_184419\C_Windows\System32\drivers\srenum.sys Win32/Rootkit.Agent.NUW trojan (unable to clean) 00000000000000000000000000000000 I Super Spyware hab ich noch nicht, das dauert ja ewigkeiten, ist das notwendig? Hab die nächstn 2 Tage wenig Zeit. Vielen Dank für die Hilfe. Ach Bluescreen blieb bisher aus - auch die seltsamen Weiterleitungen auf dubiose Seiten ist bisher nicht mehr aufgetaucht. Wie geht's nun weiter :-) Schönes Wochenende, grüße No suspicion. |
|
03.07.2011, 13:00
| #27 | ||||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsamZitat:
 Zitat:
Zitat:
In Setups wird von ESET oft Adware gefunden, weil die sehr häufig Toolbars mit enthalten. Einfach nicht mitinstallieren, also Augen auf beim Installieren von Programmen. Von gefährlichem Tools wie Registrybooster unbedingt die Finger lassen, Registry"optimierung" bzw -bereinigung ist gefährlicher Unsinn, der kaum messbare Erfolge bringt aber große Risiken die Registry und damit Windows abzuschießen. Die Funde in C:\_OTL und C:\Qoobox kannst du ignorieren, das sind Quarantäneordner von OTL und Combofix. Da sind zwar Schädlinge dirn, die sind dort aber ungefährlich weil isoliert. Zitat:
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates! Mach auch bitte den Vollscan mit SUPERAntiSpyware und poste das Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.07.2011, 20:10
| #28 |
| | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Hy Arne, zu dem SuperSpy dingens bin ich noch nicht gekommen, anbei aber mal der Malware Scan. Die Dateien F: ist meine externe Festplatte die ich aber im moment nicht verwende, die Datei 12.7. ist ne Sicherung von letztem Jahr. Hoffe dadurch etwas Klarheit geschaffen zu haben? Falls nicht schau schreib ich au gern nochmal, danke schonmal. Viele grüße No suspicion Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: 7019 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 04.07.2011 20:55:59 mbam-log-2011-07-04 (20-55-59).txt Scan type: Full scan (C:\|) Objects scanned: 274951 Time elapsed: 36 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\_OTL\movedfiles\06292011_184419\c_recycle.bin\recycle.bin.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\06292011_184419\c_windows\System32\msrun.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\_OTL\movedfiles\06292011_184419\c_windows\System32\drivers\srenum.sys (Rootkit.Agent) -> Quarantined and deleted successfully. |
|
04.07.2011, 20:40
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Ok. MBAM hat nur noch die Schädlinge gefunden, die wir mit OTL gefixt haben. Rechner ansonsten wieder ok?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.07.2011, 18:54
| #30 |
| | Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam Hy Arne, ich hab den SuperSpyware Scan nun zum 3ten Mal laufen lassn und leider schmiert mein Rechner immer ab, der geht einfach aus. Was übrigens ab und an mal der Fall ist einfach zwischendurch seit der Rechner befallen war.  Ansonsten die falschen Weiterleitungen und das plötzliche auftreten von Fenstern oder dem Bluescreen ist komplett weg. Nur das der Rechner einfach ausgeht nervt noch - dem bin ich noch nicht auf die Schliche gekommen. (Verstaubter Lüfter ist es nicht, den hab ich schon aufgemacht)  Vielen Dank für deine Hilfe, ich wär komplett aufgeschmissen gewesen, wenn du mir nicht weitergeholfen hättest. Saubere Arbeit, dafür bin ich sehr dankbar! Viele Grüße No suspicion |
|
| Themen zu Firefox öffnet neues Fenster, Verlinkungen auf falsche Webseiten, Bluescreen, PC-langsam |
| adblock, alternate, autorun, bluescreen, bonjour, cdburnerxp, emsisoft anti-malware, error 404, excel.exe, exploit.drop.2, flash player, home, jar_cache, langsam, mbamservice.exe, microsoft office word, nodrives, nt.dll, ntdll.dll, office 2007, plug-in, rechner hängt, recycle.bin, sched.exe, searchplugins, security update, sehr langsam, software, start menu, svchost.exe, trojan.downloader, trojan.fakeav, trojan.spyeyes, verlinkungen, warnung |
Linear-Darstellung
