| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Chrome geht nicht und ausgehende Aktionen erkanntWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
26.06.2011, 08:01
| #1 |
| |  Google Chrome geht nicht und ausgehende Aktionen erkannt Hallo, Schritt 1: ich drehe hier noch am Rad. Seit kurzem geht Google Chrome nicht mehr richtig bzw. nur noch sporadisch. Ich dachte zuerst, das hat was mit "facemoods" zu tun, was sich wohl meine Freundin eingefangen hat, aber daran liegt es wohl nicht. Habe daraufhin HijackThis durchlaufen lassen und auch die stufen facemoods für gefährlich ein. Habe die Dateien gefixed aber das Problem bestand weiterhin. Schritt 2: Dann habe ich Avast! runtergeladen und das System überprüfen lassen - Ergebnis: Absolut nichts gefunden. ABER es kommt immer wieder eine Meldung von wegen URL:Mal : Datei windows/explorer.exe zu Facebook.com Habe davor schon Facebook gesperrt, weil meine Freundin sich darauf immer irgendwas einfängt und ich bin mir sicher, dass es auch diesmal an Facebook liegt. Aber diesmal komme ich nicht weiter. Schritt 3:Da Avast! nichts gefunden hat, habe ich Malwarebytes heruntergeladen, aktualisiert und einen vollständigen Scan gemacht. Hier wurden auch infizierte Dateien gefunden, aber wohl ehr harmlosere Sachen. Bis auf die WilliamHill Poker-Datei und Bingofun-Datei habe ich alles löschen lassen. Problem besteht aber noch weiterhin, wie nicht anders zu erwarten. Seit ich MWB installiert habe, bekomme ich auch nahezu jede Minute ein InfoPopup, dass ein Zugang zu einer gefährlichen Seite gestoppt wurde. Datei: taskhost.exe LogFile s.u. Schritt 4: Als nächstes und letztes habe ich OLT geladen und einen Quick Scan durchgeführt. Virenprogramme waren noch im Hintergrund am Laufen. Wusste nicht, wie ich Alvast! schließen soll. Auch hier Log s.u. LogFile MalwareBytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6950
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
26.06.2011 05:44:55
mbam-log-2011-06-26 (05-44-55).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 274194
Laufzeit: 1 Stunde(n), 55 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\William Hill Poker (PUP.Casino) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{089D51F0-49F9-B216-0ECE-983C6B0A3A3C} (Trojan.ZbotR.Gen) -> Value: {089D51F0-49F9-B216-0ECE-983C6B0A3A3C} -> Delete on reboot.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Poker\william hill poker\_setuppoker_f066d_en.exe (PUP.Casino) -> Not selected for removal.
c:\Recycle.Bin\recycle.bin.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\testaccount\downloads\bingofunsetup.exe (PUP.AdGame) -> Not selected for removal.
c:\Users\testaccount\AppData\Roaming\Qyog\itvy.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.
LogFile OLT Code:
ATTFilter OTL logfile created on: 6/26/2011 5:53:29 AM - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\TestAccount\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.43 Mb Total Physical Memory | 349.13 Mb Available Physical Memory | 34.42% Memory free 1.99 Gb Paging File | 0.60 Gb Available in Paging File | 30.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 66.97 Gb Total Space | 32.28 Gb Free Space | 48.20% Space Free | Partition Type: NTFS Drive D: | 66.98 Gb Total Space | 50.95 Gb Free Space | 76.07% Space Free | Partition Type: NTFS Computer Name: TESTACCOUNT-PC | User Name: TestAccount | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/06/26 05:49:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\TestAccount\Desktop\OTL.exe PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011/02/15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2010/06/24 22:32:44 | 001,155,256 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee\msc\mcupdmgr.exe PRC - [2010/06/24 22:32:44 | 000,746,352 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~1\mcafee.com\agent\McUpdate.exe PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2010/05/31 20:32:58 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe PRC - [2010/01/19 11:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/09/08 01:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/09/07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/08/13 22:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe PRC - [2009/08/11 17:09:52 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe PRC - [2009/08/11 17:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/01/23 03:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ========== Modules (SafeList) ========== MOD - [2011/06/26 05:49:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\TestAccount\Desktop\OTL.exe MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009/01/23 03:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saHook.dll ========== Win32 Services (SafeList) ========== SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2010/05/31 20:32:58 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2009/08/13 22:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/06/15 11:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc) SRV - [2009/01/23 03:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) ========== Driver Services (SafeList) ========== DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/05/10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011/05/10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/05/10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/05/10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/05/10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/05/10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010/07/18 15:17:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2010/05/31 20:32:58 | 000,160,720 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2010/05/31 20:32:58 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/21 20:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/08/19 08:29:26 | 000,117,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hspamdm.sys -- (hspamdm) DRV - [2009/08/19 08:29:26 | 000,096,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hspaserd.sys -- (hspaserd) SAMSUNG HSPA Modem Diagnostic Serial Port (WDM) DRV - [2009/08/19 08:29:26 | 000,089,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hspabus.sys -- (hspabus) SAMSUNG HSPA USB Composite Device driver (WDM) DRV - [2009/08/19 08:29:26 | 000,012,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hspamdfl.sys -- (hspamdfl) DRV - [2009/08/10 20:43:34 | 000,237,696 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/06/15 11:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2006/09/24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\windows\system32\speedfan.sys -- (speedfan) DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7 FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/06/24 22:15:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/14 03:10:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/14 03:10:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/26 00:18:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 20:48:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 20:48:38 | 000,000,000 | ---D | M] [2010/07/07 15:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TestAccount\AppData\Roaming\mozilla\Extensions [2011/06/26 00:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TestAccount\AppData\Roaming\mozilla\Firefox\Profiles\iucr74nb.default\extensions [2011/04/07 01:51:57 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\TestAccount\AppData\Roaming\mozilla\Firefox\Profiles\iucr74nb.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2011/05/24 22:27:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\TestAccount\AppData\Roaming\mozilla\Firefox\Profiles\iucr74nb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/06/23 20:12:12 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\TestAccount\AppData\Roaming\mozilla\Firefox\Profiles\iucr74nb.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2011/05/24 22:27:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\TestAccount\AppData\Roaming\mozilla\Firefox\Profiles\iucr74nb.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/12/13 03:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/07/10 20:55:02 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/07/28 23:32:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/12/13 03:44:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/06/26 00:18:27 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2011/03/14 03:10:05 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011/03/14 03:10:06 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011/06/24 22:15:38 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll [2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/04/13 02:01:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/04/13 02:01:50 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/06/04 05:52:29 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011/04/13 02:01:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/04/13 02:01:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/04/13 02:01:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100726195230.dll (McAfee, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKCU..\Run: [{089D51F0-49F9-B216-0ECE-983C6B0A3A3C}] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6b24539b-926f-11df-8b36-0c6076bed795}\Shell - "" = AutoRun O33 - MountPoints2\{6b24539b-926f-11df-8b36-0c6076bed795}\Shell\AutoRun\command - "" = E:\install.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - Service SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.) SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet: mfehidk - C:\windows\system32\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet: mfehidk.sys - C:\windows\system32\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.ZMBV - C:\windows\System32\zmbv.dll () ========== Files/Folders - Created Within 30 Days ========== [2011/06/26 05:51:18 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\TestAccount\Desktop\OTL.exe [2011/06/26 03:38:45 | 000,000,000 | ---D | C] -- C:\Users\TestAccount\AppData\Roaming\Malwarebytes [2011/06/26 03:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/06/26 03:38:22 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/06/26 03:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/06/26 03:38:15 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/06/26 01:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011/06/26 00:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011/06/26 00:20:07 | 000,307,928 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2011/06/26 00:20:07 | 000,019,544 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2011/06/26 00:20:01 | 000,025,432 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys [2011/06/26 00:20:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2011/06/26 00:19:59 | 000,441,176 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2011/06/26 00:19:56 | 000,053,592 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2011/06/26 00:17:56 | 000,040,112 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2011/06/26 00:17:47 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2011/06/26 00:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011/06/26 00:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011/06/23 20:07:55 | 000,000,000 | ---D | C] -- C:\Users\TestAccount\AppData\Roaming\Template [2011/06/17 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\TestAccount\AppData\Roaming\Siysa [2011/06/17 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\TestAccount\AppData\Roaming\Qyog [2011/06/12 08:46:18 | 000,000,000 | ---D | C] -- C:\Users\TestAccount\AppData\Roaming\vlc [2011/06/12 06:19:20 | 000,000,000 | ---D | C] -- C:\Users\TestAccount\Documents\Firstload [2011/06/04 05:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\facemoods.com [2011/06/04 05:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2011/06/02 22:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011/06/02 22:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google ========== Files - Modified Within 30 Days ========== [2011/06/26 06:08:02 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/26 05:49:50 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\dherdjr.sys [2011/06/26 05:49:41 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\TestAccount\Desktop\OTL.exe [2011/06/26 00:20:09 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/06/26 00:19:56 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2011/06/25 22:13:19 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/25 12:28:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/06/24 13:04:06 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/06/24 13:04:06 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/06/23 20:48:58 | 000,001,903 | ---- | M] () -- C:\Users\TestAccount\Desktop\Mozilla Firefox.lnk [2011/06/23 20:07:48 | 000,000,000 | ---- | M] () -- C:\Users\TestAccount\AppData\Roaming\wklnhst.dat [2011/06/23 19:41:36 | 000,684,954 | ---- | M] () -- C:\windows\System32\perfh00C.dat [2011/06/23 19:41:36 | 000,680,010 | ---- | M] () -- C:\windows\System32\perfh010.dat [2011/06/23 19:41:36 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/06/23 19:41:36 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/06/23 19:41:36 | 000,127,070 | ---- | M] () -- C:\windows\System32\perfc00C.dat [2011/06/23 19:41:36 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/06/23 19:41:36 | 000,124,006 | ---- | M] () -- C:\windows\System32\perfc010.dat [2011/06/23 19:41:36 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/06/23 19:35:34 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys [2011/06/12 06:18:26 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2011/06/26 05:49:50 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\dherdjr.sys [2011/06/26 00:20:09 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/06/23 20:48:58 | 000,001,903 | ---- | C] () -- C:\Users\TestAccount\Desktop\Mozilla Firefox.lnk [2011/06/23 20:07:48 | 000,000,000 | ---- | C] () -- C:\Users\TestAccount\AppData\Roaming\wklnhst.dat [2011/06/12 06:18:26 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2011/06/02 22:03:35 | 000,001,106 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/02 22:03:31 | 000,001,102 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/10 22:38:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/07/07 19:08:48 | 000,000,026 | ---- | C] () -- C:\windows\NeoSetup.INI [2010/04/09 22:08:26 | 000,094,208 | ---- | C] () -- C:\windows\System32\zmbv.dll [2010/02/09 20:28:49 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2010/02/09 19:52:03 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/11/10 20:19:53 | 000,680,010 | ---- | C] () -- C:\windows\System32\perfh010.dat [2009/11/10 20:19:53 | 000,335,478 | ---- | C] () -- C:\windows\System32\perfi010.dat [2009/11/10 20:19:53 | 000,124,006 | ---- | C] () -- C:\windows\System32\perfc010.dat [2009/11/10 20:19:53 | 000,037,534 | ---- | C] () -- C:\windows\System32\perfd010.dat [2009/11/10 20:10:03 | 000,643,866 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/11/10 20:10:03 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/11/10 20:10:03 | 000,126,394 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/11/10 20:10:03 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/11/10 19:59:19 | 000,684,954 | ---- | C] () -- C:\windows\System32\perfh00C.dat [2009/11/10 19:59:19 | 000,344,522 | ---- | C] () -- C:\windows\System32\perfi00C.dat [2009/11/10 19:59:19 | 000,127,070 | ---- | C] () -- C:\windows\System32\perfc00C.dat [2009/11/10 19:59:19 | 000,038,160 | ---- | C] () -- C:\windows\System32\perfd00C.dat [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 06:33:53 | 000,371,000 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,607,190 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,103,568 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\windows\System32\giveio.sys ========== LOP Check ========== [2010/07/07 15:27:09 | 000,000,000 | -HSD | M] -- C:\Users\TestAccount\AppData\Roaming\.# [2011/04/30 03:04:09 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\.minecraft [2011/03/17 18:29:26 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Bump Technologies, Inc [2011/03/24 04:04:24 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\calibre [2010/07/18 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\DAEMON Tools Lite [2011/05/26 15:24:11 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\elsterformular [2010/07/07 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\GameConsole [2010/11/21 00:50:06 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Gogii [2011/03/02 20:32:23 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\IrfanView [2010/07/10 18:31:15 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Magic Academy 2 [2011/03/02 02:37:39 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2011/06/26 05:44:52 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Qyog [2011/06/25 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Siysa [2011/06/23 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Template [2009/07/14 06:53:46 | 000,031,118 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/07/07 15:27:09 | 000,000,000 | -HSD | M] -- C:\Users\TestAccount\AppData\Roaming\.# [2011/04/30 03:04:09 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\.minecraft [2011/03/02 02:14:31 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Adobe [2011/03/17 18:29:26 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Bump Technologies, Inc [2011/03/24 04:04:24 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\calibre [2010/07/18 15:46:39 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\DAEMON Tools Lite [2011/06/12 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\DivX [2011/05/26 15:24:11 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\elsterformular [2010/07/07 15:26:39 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\GameConsole [2010/11/21 00:50:06 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Gogii [2010/02/09 20:15:39 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Google [2010/02/09 20:33:33 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Identities [2011/03/02 20:32:23 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\IrfanView [2010/07/07 15:32:06 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Macromedia [2010/07/10 18:31:15 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Magic Academy 2 [2011/06/26 03:38:45 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Malwarebytes [2011/03/02 02:37:39 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1 [2011/06/23 20:07:47 | 000,000,000 | --SD | M] -- C:\Users\TestAccount\AppData\Roaming\Microsoft [2010/07/07 15:41:26 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Mozilla [2011/06/26 05:44:52 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Qyog [2011/06/25 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Siysa [2011/04/13 21:08:32 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Skype [2011/04/13 16:03:02 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\skypePM [2011/06/23 20:07:55 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\Template [2011/06/12 08:58:46 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\vlc [2010/07/07 19:45:06 | 000,000,000 | ---D | M] -- C:\Users\TestAccount\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011/03/02 02:32:40 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\TestAccount\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/07/18 15:17:18 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009/07/14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll < > < End of report > ICh weiß, dass hier keine Cracks und Co akzeptiert werden. Habe ich auch nicht, ich habe keine illegalen Spiele oder Programme auf der Festplatte. Einzig Daemon Tools, was in meinen Augen sicher nicht illegal ist. Wie hätte ich sonst ne alte CD hier auf das Netbook draufbekommen sollen. Das ist nämlich der Grund, warum ich hier DaemonTools drauf habe. Den Eintrag aus diesem Post zu löschen, wäre vermutlich schneller gegangen, aber trotzden nur zur Info. Spiele kaufe ich, DVDs sammle ich und am PC spiele ich eh sehr selten. Habe DT übrigens ganz am Anfang nach Besitz des Netbooks installiert und nur einmal verwendet. Dass eine Infizierung darüber statt fand, schließe ich aus. Ich gehe stark davon aus, dass es mit Facebook zusammen hängt. Meine Freundin hat daheim nämlich das selbe Problem mit Google Chrome und hatte zu dem Zeitpunkt den Facebook-Chat auf, bekam irgendein Fenster zu Gesicht und klickte "nein". Habe sie gefragt, was in dem Fenster stand - Sie hats nicht gelesen  Ich hoffe, dass man mir hier helfen kann, da ich echt am Verzweifeln bin. LG Benny |
|
26.06.2011, 13:37
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google Chrome geht nicht und ausgehende Aktionen erkannt Wieso hast du McAfee und Avast deinstalliert?? Zwei Virenscanner dieser Art behindern sich. Ich schlage vor, du deinstallierst erstmal McAfee.
__________________
__________________ |
|
27.06.2011, 04:57
| #3 |
| | Google Chrome geht nicht und ausgehende Aktionen erkannt Hallo,
__________________ich hatte ja die ganze Zeit nur einen Virenscanner. Avast! habe ich erst gestern installiert. McAffee ist jetzt jedenfalls deinstalliert. LG |
|
27.06.2011, 10:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google Chrome geht nicht und ausgehende Aktionen erkannt Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [{089D51F0-49F9-B216-0ECE-983C6B0A3A3C}] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6b24539b-926f-11df-8b36-0c6076bed795}\Shell - "" = AutoRun
O33 - MountPoints2\{6b24539b-926f-11df-8b36-0c6076bed795}\Shell\AutoRun\command - "" = E:\install.exe
[2011/06/17 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\TestAccount\AppData\Roaming\Siysa
[2011/06/17 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\TestAccount\AppData\Roaming\Qyog
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.06.2011, 13:48
| #5 |
| | Google Chrome geht nicht und ausgehende Aktionen erkanntCode:
ATTFilter ========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{089D51F0-49F9-B216-0ECE-983C6B0A3A3C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{089D51F0-49F9-B216-0ECE-983C6B0A3A3C}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b24539b-926f-11df-8b36-0c6076bed795}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b24539b-926f-11df-8b36-0c6076bed795}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b24539b-926f-11df-8b36-0c6076bed795}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b24539b-926f-11df-8b36-0c6076bed795}\ not found.
File E:\install.exe not found.
C:\Users\TestAccount\AppData\Roaming\Siysa folder moved successfully.
C:\Users\TestAccount\AppData\Roaming\Qyog folder moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.24.1 log created on 06272011_144641
|
|
27.06.2011, 14:18
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google Chrome geht nicht und ausgehende Aktionen erkannt Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Google Chrome geht nicht und ausgehende Aktionen erkannt |
|
27.06.2011, 17:32
| #7 |
| | Google Chrome geht nicht und ausgehende Aktionen erkanntCode:
ATTFilter 2011/06/27 18:29:03.0780 3640 TDSS rootkit removing tool 2.5.6.0 Jun 27 2011 15:22:52
2011/06/27 18:29:04.0190 3640 ================================================================================
2011/06/27 18:29:04.0191 3640 SystemInfo:
2011/06/27 18:29:04.0191 3640
2011/06/27 18:29:04.0191 3640 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/27 18:29:04.0191 3640 Product type: Workstation
2011/06/27 18:29:04.0193 3640 ComputerName: TESTACCOUNT-PC
2011/06/27 18:29:04.0193 3640 UserName: TestAccount
2011/06/27 18:29:04.0193 3640 Windows directory: C:\windows
2011/06/27 18:29:04.0194 3640 System windows directory: C:\windows
2011/06/27 18:29:04.0194 3640 Processor architecture: Intel x86
2011/06/27 18:29:04.0194 3640 Number of processors: 2
2011/06/27 18:29:04.0194 3640 Page size: 0x1000
2011/06/27 18:29:04.0194 3640 Boot type: Normal boot
2011/06/27 18:29:04.0194 3640 ================================================================================
2011/06/27 18:29:07.0149 3640 Initialize success
2011/06/27 18:29:26.0778 1080 ================================================================================
2011/06/27 18:29:26.0779 1080 Scan started
2011/06/27 18:29:26.0779 1080 Mode: Manual;
2011/06/27 18:29:26.0779 1080 ================================================================================
2011/06/27 18:29:28.0425 1080 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/06/27 18:29:28.0486 1080 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/06/27 18:29:28.0563 1080 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/06/27 18:29:28.0635 1080 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/06/27 18:29:28.0705 1080 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/06/27 18:29:28.0757 1080 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/06/27 18:29:28.0897 1080 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
2011/06/27 18:29:28.0955 1080 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/06/27 18:29:29.0028 1080 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/06/27 18:29:29.0102 1080 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/06/27 18:29:29.0155 1080 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/06/27 18:29:29.0209 1080 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/06/27 18:29:29.0285 1080 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/06/27 18:29:29.0342 1080 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/06/27 18:29:29.0394 1080 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/06/27 18:29:29.0452 1080 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/06/27 18:29:29.0509 1080 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/06/27 18:29:29.0602 1080 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/06/27 18:29:29.0695 1080 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/06/27 18:29:29.0748 1080 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/06/27 18:29:29.0826 1080 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\windows\system32\drivers\aswFsBlk.sys
2011/06/27 18:29:29.0933 1080 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\windows\system32\drivers\aswMonFlt.sys
2011/06/27 18:29:29.0981 1080 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\windows\system32\drivers\aswRdr.sys
2011/06/27 18:29:30.0061 1080 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\windows\system32\drivers\aswSnx.sys
2011/06/27 18:29:30.0148 1080 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\windows\system32\drivers\aswSP.sys
2011/06/27 18:29:30.0204 1080 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\windows\system32\drivers\aswTdi.sys
2011/06/27 18:29:30.0279 1080 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/06/27 18:29:30.0326 1080 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/06/27 18:29:30.0439 1080 athr (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys
2011/06/27 18:29:30.0653 1080 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/06/27 18:29:30.0724 1080 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/06/27 18:29:30.0818 1080 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/06/27 18:29:30.0913 1080 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/06/27 18:29:31.0000 1080 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/06/27 18:29:31.0078 1080 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/06/27 18:29:31.0136 1080 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/06/27 18:29:31.0214 1080 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/06/27 18:29:31.0271 1080 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/06/27 18:29:31.0330 1080 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/06/27 18:29:31.0375 1080 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/06/27 18:29:31.0472 1080 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/06/27 18:29:31.0515 1080 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/06/27 18:29:31.0579 1080 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/06/27 18:29:31.0644 1080 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/06/27 18:29:31.0721 1080 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/06/27 18:29:31.0831 1080 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
2011/06/27 18:29:31.0887 1080 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\drivers\btwavdt.sys
2011/06/27 18:29:31.0976 1080 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/06/27 18:29:32.0044 1080 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
2011/06/27 18:29:32.0118 1080 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/06/27 18:29:32.0207 1080 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/06/27 18:29:32.0289 1080 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/06/27 18:29:32.0369 1080 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/06/27 18:29:32.0443 1080 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/06/27 18:29:32.0501 1080 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/06/27 18:29:32.0565 1080 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/06/27 18:29:32.0625 1080 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/06/27 18:29:32.0700 1080 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/06/27 18:29:32.0780 1080 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/06/27 18:29:32.0958 1080 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
2011/06/27 18:29:33.0032 1080 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/06/27 18:29:33.0102 1080 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/06/27 18:29:33.0209 1080 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/06/27 18:29:33.0293 1080 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
2011/06/27 18:29:33.0476 1080 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/06/27 18:29:33.0614 1080 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/06/27 18:29:33.0661 1080 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/06/27 18:29:33.0773 1080 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/06/27 18:29:33.0837 1080 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/06/27 18:29:33.0962 1080 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/06/27 18:29:34.0055 1080 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/06/27 18:29:34.0107 1080 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/06/27 18:29:34.0165 1080 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/06/27 18:29:34.0232 1080 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/06/27 18:29:34.0322 1080 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/06/27 18:29:34.0403 1080 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
2011/06/27 18:29:34.0464 1080 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/06/27 18:29:34.0547 1080 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\windows\system32\DRIVERS\fvevol.sys
2011/06/27 18:29:34.0607 1080 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/06/27 18:29:34.0700 1080 giveio (77ebf3e9386daa51551af429052d88d0) C:\windows\system32\giveio.sys
2011/06/27 18:29:34.0828 1080 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/06/27 18:29:34.0926 1080 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/06/27 18:29:35.0000 1080 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/06/27 18:29:35.0058 1080 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/06/27 18:29:35.0124 1080 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/06/27 18:29:35.0198 1080 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/06/27 18:29:35.0278 1080 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/06/27 18:29:35.0391 1080 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/06/27 18:29:35.0469 1080 hspabus (5e14697dcc32c9cc3030f7aa490a5a2f) C:\windows\system32\DRIVERS\hspabus.sys
2011/06/27 18:29:35.0546 1080 hspamdfl (95fe82f24b6f9b3a5765ce4fd278a866) C:\windows\system32\DRIVERS\hspamdfl.sys
2011/06/27 18:29:35.0610 1080 hspamdm (e8d986fad8f91a3c5e08a8c7e6367510) C:\windows\system32\DRIVERS\hspamdm.sys
2011/06/27 18:29:35.0686 1080 hspaserd (fc9f8d2c5317d3c6e813e1528dcf6d75) C:\windows\system32\DRIVERS\hspaserd.sys
2011/06/27 18:29:35.0765 1080 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/06/27 18:29:35.0833 1080 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/06/27 18:29:35.0889 1080 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/06/27 18:29:35.0988 1080 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/06/27 18:29:36.0212 1080 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/06/27 18:29:36.0466 1080 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/06/27 18:29:36.0675 1080 IntcAzAudAddService (6927a442beed2b68a3d35cae7a951913) C:\windows\system32\drivers\RTKVHDA.sys
2011/06/27 18:29:36.0799 1080 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/06/27 18:29:36.0884 1080 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/06/27 18:29:36.0962 1080 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/06/27 18:29:37.0044 1080 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/06/27 18:29:37.0093 1080 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/06/27 18:29:37.0168 1080 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/06/27 18:29:37.0221 1080 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/06/27 18:29:37.0287 1080 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/06/27 18:29:37.0363 1080 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/06/27 18:29:37.0436 1080 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/06/27 18:29:37.0499 1080 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/06/27 18:29:37.0588 1080 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/06/27 18:29:37.0751 1080 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/06/27 18:29:37.0873 1080 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/06/27 18:29:37.0919 1080 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/06/27 18:29:37.0988 1080 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/06/27 18:29:38.0035 1080 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/06/27 18:29:38.0123 1080 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/06/27 18:29:38.0216 1080 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\windows\system32\drivers\mbam.sys
2011/06/27 18:29:38.0312 1080 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\windows\system32\drivers\mbamswissarmy.sys
2011/06/27 18:29:38.0369 1080 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/06/27 18:29:38.0433 1080 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/06/27 18:29:38.0506 1080 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/06/27 18:29:38.0580 1080 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/06/27 18:29:38.0646 1080 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/06/27 18:29:38.0712 1080 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/06/27 18:29:38.0776 1080 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/06/27 18:29:38.0831 1080 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/06/27 18:29:38.0885 1080 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/06/27 18:29:38.0964 1080 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/06/27 18:29:39.0076 1080 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/06/27 18:29:39.0150 1080 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/06/27 18:29:39.0221 1080 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/06/27 18:29:39.0278 1080 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/06/27 18:29:39.0343 1080 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/06/27 18:29:39.0435 1080 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/06/27 18:29:39.0487 1080 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/06/27 18:29:39.0544 1080 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/06/27 18:29:39.0646 1080 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/06/27 18:29:39.0698 1080 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/06/27 18:29:39.0754 1080 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/06/27 18:29:39.0814 1080 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/06/27 18:29:39.0879 1080 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/06/27 18:29:39.0940 1080 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/06/27 18:29:39.0987 1080 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/06/27 18:29:40.0052 1080 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/06/27 18:29:40.0163 1080 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/06/27 18:29:40.0258 1080 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/06/27 18:29:40.0323 1080 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/06/27 18:29:40.0381 1080 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/06/27 18:29:40.0449 1080 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/06/27 18:29:40.0508 1080 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/06/27 18:29:40.0564 1080 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/06/27 18:29:40.0628 1080 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/06/27 18:29:40.0692 1080 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/06/27 18:29:40.0857 1080 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/06/27 18:29:40.0935 1080 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/06/27 18:29:41.0019 1080 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/06/27 18:29:41.0129 1080 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/06/27 18:29:41.0199 1080 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/06/27 18:29:41.0273 1080 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/06/27 18:29:41.0324 1080 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/06/27 18:29:41.0376 1080 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/06/27 18:29:41.0484 1080 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/06/27 18:29:41.0593 1080 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/06/27 18:29:41.0648 1080 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/06/27 18:29:41.0712 1080 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/06/27 18:29:41.0787 1080 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/06/27 18:29:41.0857 1080 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/06/27 18:29:41.0924 1080 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/06/27 18:29:42.0003 1080 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/06/27 18:29:42.0087 1080 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/06/27 18:29:42.0358 1080 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/06/27 18:29:42.0414 1080 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/06/27 18:29:42.0524 1080 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/06/27 18:29:42.0633 1080 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/06/27 18:29:42.0702 1080 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/06/27 18:29:42.0775 1080 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/06/27 18:29:42.0830 1080 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/06/27 18:29:42.0918 1080 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/06/27 18:29:42.0991 1080 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/06/27 18:29:43.0073 1080 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/06/27 18:29:43.0133 1080 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/06/27 18:29:43.0209 1080 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/06/27 18:29:43.0269 1080 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/06/27 18:29:43.0322 1080 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/06/27 18:29:43.0414 1080 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/06/27 18:29:43.0490 1080 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/06/27 18:29:43.0549 1080 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/06/27 18:29:43.0611 1080 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/06/27 18:29:43.0740 1080 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/06/27 18:29:43.0854 1080 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/06/27 18:29:43.0936 1080 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/06/27 18:29:44.0018 1080 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
2011/06/27 18:29:44.0093 1080 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/06/27 18:29:44.0174 1080 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/06/27 18:29:44.0297 1080 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/06/27 18:29:44.0403 1080 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/06/27 18:29:44.0476 1080 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/06/27 18:29:44.0520 1080 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/06/27 18:29:44.0649 1080 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/06/27 18:29:44.0721 1080 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/06/27 18:29:44.0776 1080 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/06/27 18:29:44.0844 1080 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/06/27 18:29:44.0942 1080 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/06/27 18:29:44.0988 1080 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/06/27 18:29:45.0047 1080 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/06/27 18:29:45.0123 1080 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/06/27 18:29:45.0247 1080 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\windows\system32\speedfan.sys
2011/06/27 18:29:45.0314 1080 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/06/27 18:29:45.0482 1080 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
2011/06/27 18:29:45.0482 1080 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/27 18:29:45.0503 1080 sptd - detected LockedFile.Multi.Generic (1)
2011/06/27 18:29:45.0584 1080 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
2011/06/27 18:29:45.0653 1080 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
2011/06/27 18:29:45.0757 1080 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
2011/06/27 18:29:45.0871 1080 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/06/27 18:29:45.0958 1080 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/06/27 18:29:46.0062 1080 SynTP (d690c810ae7af5844267e24128c44280) C:\windows\system32\DRIVERS\SynTP.sys
2011/06/27 18:29:46.0233 1080 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\drivers\tcpip.sys
2011/06/27 18:29:46.0345 1080 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\DRIVERS\tcpip.sys
2011/06/27 18:29:46.0433 1080 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/06/27 18:29:46.0527 1080 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/06/27 18:29:46.0572 1080 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/06/27 18:29:46.0651 1080 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/06/27 18:29:46.0711 1080 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/06/27 18:29:46.0884 1080 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/06/27 18:29:46.0958 1080 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/06/27 18:29:47.0023 1080 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/06/27 18:29:47.0113 1080 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
2011/06/27 18:29:47.0229 1080 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/06/27 18:29:47.0303 1080 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/06/27 18:29:47.0351 1080 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/06/27 18:29:47.0436 1080 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/06/27 18:29:47.0502 1080 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/06/27 18:29:47.0564 1080 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/06/27 18:29:47.0644 1080 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/06/27 18:29:47.0709 1080 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/06/27 18:29:47.0758 1080 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/06/27 18:29:47.0834 1080 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/06/27 18:29:47.0896 1080 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/06/27 18:29:47.0983 1080 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
2011/06/27 18:29:48.0090 1080 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/06/27 18:29:48.0171 1080 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/06/27 18:29:48.0229 1080 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/06/27 18:29:48.0304 1080 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/06/27 18:29:48.0353 1080 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/06/27 18:29:48.0410 1080 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/06/27 18:29:48.0467 1080 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/06/27 18:29:48.0565 1080 VMC326 (88c52f322117f60b7a0c89d683e30f6a) C:\windows\system32\Drivers\VMC326.sys
2011/06/27 18:29:48.0638 1080 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/06/27 18:29:48.0701 1080 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/06/27 18:29:48.0771 1080 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/06/27 18:29:48.0853 1080 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/06/27 18:29:48.0925 1080 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/06/27 18:29:49.0002 1080 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/06/27 18:29:49.0076 1080 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/06/27 18:29:49.0165 1080 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/06/27 18:29:49.0261 1080 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/27 18:29:49.0304 1080 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/27 18:29:49.0436 1080 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/06/27 18:29:49.0519 1080 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/06/27 18:29:49.0714 1080 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/06/27 18:29:49.0763 1080 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/06/27 18:29:49.0978 1080 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/06/27 18:29:50.0126 1080 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/06/27 18:29:50.0245 1080 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/06/27 18:29:50.0319 1080 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/06/27 18:29:50.0484 1080 yukonw7 (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys
2011/06/27 18:29:50.0661 1080 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
2011/06/27 18:29:51.0102 1080 Boot (0x1200) (73de9e5f9ec6064522b43588b04d7040) \Device\Harddisk0\DR0\Partition0
2011/06/27 18:29:51.0156 1080 Boot (0x1200) (bae2758b306ed87ec9bcab6f701f28e1) \Device\Harddisk0\DR0\Partition1
2011/06/27 18:29:51.0224 1080 Boot (0x1200) (34361ec0ceea5db19c98b6eb1924a7e7) \Device\Harddisk0\DR0\Partition2
2011/06/27 18:29:51.0242 1080 ================================================================================
2011/06/27 18:29:51.0242 1080 Scan finished
2011/06/27 18:29:51.0242 1080 ================================================================================
2011/06/27 18:29:51.0304 0944 Detected object count: 1
2011/06/27 18:29:51.0305 0944 Actual detected object count: 1
2011/06/27 18:29:58.0719 0944 LockedFile.Multi.Generic(sptd) - User select action: Skip
Zwischenstand: Schon bevor ich diesen Scan mit dem TDSSKiller gemacht habe, sind die ursprünglichen Probleme beseitigt. Malwarebytes und Avast! bringen keine Meldungen mehr und der Chrome-Browse rgeht wieder. Dennoch würde ich gerne alles bis zum Ende durchziehen, bis mir gesagt wird, das alles sauber ist. Und dann muss ich mich mal informieren, welche Programme ich zum Schutz nebenher laufen lassen soll. |
|
28.06.2011, 09:26
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google Chrome geht nicht und ausgehende Aktionen erkannt Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Google Chrome geht nicht und ausgehende Aktionen erkannt |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, adobe, antivirus, c:\windows\system32\rundll32.exe, device driver, facebook gesperrt, google chrome, infizierte, infizierte dateien, kommt immer wieder, nvstor.sys, plug-in, problem, pup.adgame, pup.casino, recycle.bin, siteadvisor, sptd.sys, spyware.passwords.xgen, start menu, system, taskhost.exe, trojan.fakealert, trojan.spyeyes, trojan.zbotr.gen, url:mal, warum, webcheck, winlogon.exe, wrapper |
Hybrid-Darstellung
