| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google Redirect und IExplorer.exe im Hintergrund aktivWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2011, 17:42
| #16 |
 |  Google Redirect und IExplorer.exe im Hintergrund aktiv Ja, die iexplorer.exe läuft wie gehabt als Prozess zweimal im Hintergrund, den IE selber als Anwendung läuft aber nicht und nutze ich auch nicht. Hier den Inhalt der MBR-txt-Datei: Code:
ATTFilter BRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 7736
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 158):
0x03008000 \SystemRoot\system32\ntoskrnl.exe
0x035F1000 \SystemRoot\system32\hal.dll
0x00BC3000 \SystemRoot\system32\kdcom.dll
0x00C49000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C98000 \SystemRoot\system32\PSHED.dll
0x00CAC000 \SystemRoot\system32\CLFS.SYS
0x00D0A000 \SystemRoot\system32\CI.dll
0x00E86000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F2A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F39000 \SystemRoot\system32\drivers\ACPI.sys
0x00F90000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F99000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FA3000 \SystemRoot\system32\drivers\pci.sys
0x00FD6000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FE3000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E09000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DCA000 \SystemRoot\System32\drivers\mountmgr.sys
0x01053000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0116F000 \SystemRoot\system32\drivers\atapi.sys
0x01178000 \SystemRoot\system32\drivers\ataport.SYS
0x011A2000 \SystemRoot\system32\drivers\amdxata.sys
0x011AD000 \SystemRoot\system32\drivers\fltmgr.sys
0x01000000 \SystemRoot\system32\drivers\fileinfo.sys
0x01014000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x0125B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0148C000 \SystemRoot\System32\Drivers\msrpc.sys
0x014EA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01505000 \SystemRoot\System32\Drivers\cng.sys
0x01577000 \SystemRoot\System32\drivers\pcw.sys
0x01588000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01656000 \SystemRoot\system32\drivers\ndis.sys
0x01749000 \SystemRoot\system32\drivers\NETIO.SYS
0x017A9000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01890000 \SystemRoot\System32\drivers\tcpip.sys
0x01A94000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01ADE000 \SystemRoot\system32\drivers\volsnap.sys
0x01B2A000 \SystemRoot\System32\Drivers\spldr.sys
0x01B32000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B6C000 \SystemRoot\System32\Drivers\mup.sys
0x01B7E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B87000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BC1000 \SystemRoot\system32\DRIVERS\disk.sys
0x01800000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03DA6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x03DD0000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x03C00000 \??\C:\Windows\system32\drivers\ale_nf64.sys
0x03C66000 \SystemRoot\System32\Drivers\Null.SYS
0x03C6F000 \SystemRoot\System32\Drivers\Beep.SYS
0x03DD9000 \SystemRoot\System32\drivers\vga.sys
0x0183E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03DE7000 \SystemRoot\System32\drivers\watchdog.sys
0x03DF7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01863000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0186C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01875000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BD7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x017D4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01BE8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01400000 \SystemRoot\system32\drivers\afd.sys
0x01600000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01BF5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01592000 \SystemRoot\system32\DRIVERS\pacer.sys
0x015B8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x01880000 \SystemRoot\system32\DRIVERS\netbios.sys
0x015CE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x015E9000 \SystemRoot\system32\drivers\termdd.sys
0x01200000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x01645000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01029000 \??\c:\program files\norman\ngs\bin\ngs64.sys
0x01036000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x017F6000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x00DE4000 \SystemRoot\system32\drivers\mssmbios.sys
0x00DEF000 \SystemRoot\System32\drivers\discache.sys
0x00C00000 \SystemRoot\System32\Drivers\dfsc.sys
0x00C1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03E33000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03E59000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04A6B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03EAA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x053AA000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04A00000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04A24000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03F9E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04A31000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02E47000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x0584C000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x05EF9000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05F06000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05F0B000 \SystemRoot\system32\drivers\i8042prt.sys
0x05F29000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
0x05F35000 \SystemRoot\system32\drivers\kbdclass.sys
0x05F44000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x05F85000 \SystemRoot\system32\drivers\mouclass.sys
0x05F94000 \SystemRoot\system32\drivers\wmiacpi.sys
0x05F9D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05FB3000 \SystemRoot\system32\drivers\CompositeBus.sys
0x05FC3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05FD9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05800000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0580C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02E98000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02EB3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02ED4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0583B000 \SystemRoot\system32\drivers\swenum.sys
0x02EEE000 \SystemRoot\system32\drivers\ks.sys
0x02F31000 \SystemRoot\system32\drivers\umbus.sys
0x02F43000 \SystemRoot\system32\drivers\usbhub.sys
0x02F9D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0763A000 \SystemRoot\system32\drivers\HdAudio.sys
0x07696000 \SystemRoot\system32\drivers\portcls.sys
0x076D3000 \SystemRoot\system32\drivers\drmk.sys
0x076F5000 \SystemRoot\system32\drivers\ksthunk.sys
0x07006000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x078AC000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x079DD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x079DF000 \SystemRoot\system32\drivers\modem.sys
0x079EE000 \SystemRoot\system32\drivers\hidusb.sys
0x07800000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x07819000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x07822000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x0782F000 \SystemRoot\system32\drivers\usbccgp.sys
0x0784C000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0787A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03C76000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07888000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x0789B000 \SystemRoot\System32\drivers\Dxapi.sys
0x071E7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00460000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x076FB000 \SystemRoot\system32\drivers\luafv.sys
0x0771E000 \SystemRoot\system32\drivers\WudfPf.sys
0x0773F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07754000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x077A7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x077BA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x071F5000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x04810000 \SystemRoot\system32\drivers\HTTP.sys
0x048D9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x048F7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0490F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0493C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0498A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x049AE000 \??\C:\Program Files\Norman\Ngs\Bin\nregsec64.sys
0x072ED000 \SystemRoot\system32\drivers\peauth.sys
0x07393000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0739E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x073CF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07C0D000 \SystemRoot\System32\DRIVERS\srv.sys
0x07CA5000 \SystemRoot\system32\DRIVERS\nvcv64mf.sys
0x07D3F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77570000 \Windows\System32\ntdll.dll
0x47610000 \Windows\System32\smss.exe
0xFF890000 \Windows\System32\apisetschema.dll
Processes (total 68):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
480 csrss.exe
560 C:\Windows\System32\wininit.exe
572 csrss.exe
620 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
752 C:\Windows\System32\svchost.exe
812 C:\Program Files\Norman\Npm\Bin\elogsvc.exe
832 C:\Program Files\Norman\Ngs\Bin\nnf.exe
876 C:\Windows\System32\winlogon.exe
924 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\atiesrxx.exe
416 C:\Windows\System32\svchost.exe
496 C:\Windows\System32\svchost.exe
640 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\atieclxx.exe
1260 C:\Program Files\Norman\Npm\Bin\Zanda.exe
1292 C:\Program Files\Norman\Npm\Bin\nvoy.exe
1408 C:\Program Files\Norman\Npf\Bin\npfsvc32.exe
1484 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\spoolsv.exe
1688 C:\Windows\System32\svchost.exe
1764 C:\Program Files\LSI SoftModem\agr64svc.exe
1792 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1828 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
1868 C:\Windows\System32\svchost.exe
1984 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
2032 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1332 C:\Windows\System32\svchost.exe
1712 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
1532 C:\Windows\System32\svchost.exe
1820 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2476 C:\Windows\System32\svchost.exe
2704 C:\Windows\System32\taskhost.exe
2768 C:\Windows\System32\dwm.exe
2804 C:\Windows\explorer.exe
3008 C:\Program Files\Norman\Npm\Bin\scheduler.exe
3048 C:\Program Files\Norman\Npm\Bin\Njeeves.exe
1976 C:\Program Files\Norman\Nse\Bin\Nsesvc.exe
2580 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2588 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2608 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2624 C:\Program Files\Windows Sidebar\sidebar.exe
2764 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3384 C:\Program Files (x86)\FreePDF_XP\fpassist.exe
3392 C:\Program Files\Norman\Npm\Bin\Zlh.exe
3408 C:\Windows\System32\wbem\unsecapp.exe
3472 WmiPrvSE.exe
3536 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
3712 C:\Windows\System32\SearchIndexer.exe
3764 C:\Program Files\Norman\Nvc\Bin\Nvcoas.exe
3844 C:\Program Files\Norman\Nvc\Bin\CClaw.exe
3856 C:\Program Files\Windows Media Player\wmpnetwk.exe
3380 C:\Windows\System32\svchost.exe
2652 C:\Windows\System32\svchost.exe
3956 C:\Program Files\Internet Explorer\iexplore.exe
736 C:\Windows\System32\audiodg.exe
4780 C:\Program Files\Internet Explorer\iexplore.exe
3320 C:\Windows\System32\SearchProtocolHost.exe
3272 C:\Windows\System32\SearchFilterHost.exe
1168 dllhost.exe
1476 dllhost.exe
4176 C:\Users\JS\Desktop\MBRCheck.exe
4892 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`f4500000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000004d`98e00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000070`ff700000 (NTFS)
PhysicalDrive0 Model Number: WDCWD6400BEVT-22A0RT0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
keepracing |
|
12.07.2011, 17:46
| #17 |
| /// Malwareteam   | Google Redirect und IExplorer.exe im Hintergrund aktiv MBR mit aswMBR von Avast wiederherstellen
__________________Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop nicht woanders hin, falls noch nicht vorhanden. Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen. Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen. Klicke Scan, um den Suchlauf zu starten. Wenn der Scan beendet ist, was mit Scan finished sucessfull! angezeigt wird, klicke auf FixMBR, um den MBR wiederherzustellen. |
|
12.07.2011, 19:48
| #18 |
| | Google Redirect und IExplorer.exe im Hintergrund aktiv So, Scan ist erledigt, MBR ist wiederhergestellt, kannst du villeicht noch was mit der Log-Datei anfangen:
__________________Code:
ATTFilter swMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-12 18:50:10
-----------------------------
18:50:10.361 OS Version: Windows x64 6.1.7601 Service Pack 1
18:50:10.361 Number of processors: 2 586 0x170A
18:50:10.361 ComputerName: KEEPRACING UserName: JS
18:50:11.781 Initialize success
18:52:24.656 AVAST engine defs: 11071201
18:52:30.756 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:52:30.756 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
18:52:30.771 Disk 0 MBR read successfully
18:52:30.787 Disk 0 MBR scan
18:52:30.787 Disk 0 unknown MBR code
18:52:30.787 Disk 0 MBR hidden
18:52:30.802 Service scanning
18:52:32.690 Disk 0 trace - called modules:
18:52:32.706 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8007004254]<<
18:52:32.721 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fe0060]
18:52:32.721 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ef0050]
18:52:32.721 \Driver\iaStor[0xfffffa8005e93920] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007004254
18:52:34.250 AVAST engine scan C:\Windows
19:05:32.005 File: C:\Windows\System32\drivers\de-DE\bfe.dll.mui **SUSPICIOUS**
19:05:33.456 File: C:\Windows\System32\drivers\de-DE\ndiscap.sys.mui **SUSPICIOUS**
19:05:33.752 File: C:\Windows\System32\drivers\de-DE\pacer.sys.mui **SUSPICIOUS**
19:05:34.142 File: C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui **SUSPICIOUS**
19:05:34.485 File: C:\Windows\System32\drivers\de-DE\scfilter.sys.mui **SUSPICIOUS**
19:05:34.875 File: C:\Windows\System32\drivers\de-DE\tcpip.sys.mui **SUSPICIOUS**
19:05:48.541 File: C:\Windows\System32\drivers\wimmount.sys **SUSPICIOUS**
20:27:17.547 AVAST engine scan C:\Users\JS
20:35:12.916 AVAST engine scan C:\ProgramData
20:38:27.214 Scan finished successfully
20:39:09.974 Disk 0 Windows 601 MBR fixed successfully
20:39:23.000 Disk 0 MBR has been saved successfully to "C:\Users\JS\Desktop\MBR.dat"
20:39:23.016 The log file has been saved successfully to "C:\Users\JS\Desktop\aswMBR.txt"
keepracing |
|
12.07.2011, 20:04
| #19 |
| /// Malwareteam | Google Redirect und IExplorer.exe im Hintergrund aktiv Und? Noch immer umgeleitet? |
|
12.07.2011, 20:08
| #20 |
| | Google Redirect und IExplorer.exe im Hintergrund aktiv Eben wurde ich nochmal umgeleitet.... iexplorer.exe im HIntergund als Prozess auch noch aktiv....? |
|
12.07.2011, 20:26
| #21 |
| /// Malwareteam | Google Redirect und IExplorer.exe im Hintergrund aktiv Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
12.07.2011, 20:47
| #22 |
| | Google Redirect und IExplorer.exe im Hintergrund aktiv So, hier das Ergebnis, da ich ja schon mit OTL gescannt hatte, bekomme ich nur die OTL.txt und nicht die Extra.txt: Code:
ATTFilter OTL logfile created on: 12.07.2011 21:28:26 - Run 4 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\JS\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,74 Gb Available Physical Memory | 79,09% Memory free 11,99 Gb Paging File | 10,62 Gb Available in Paging File | 88,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,57 Gb Total Space | 245,46 Gb Free Space | 82,21% Space Free | Partition Type: NTFS Drive E: | 141,60 Gb Total Space | 59,59 Gb Free Space | 42,09% Space Free | Partition Type: NTFS Drive F: | 144,18 Gb Total Space | 128,52 Gb Free Space | 89,14% Space Free | Partition Type: NTFS Computer Name: KEEPRACING | User Name: JS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JS\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Norman\Npm\Bin\Zlh.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA) PRC - C:\Programme\Norman\Ngs\Bin\nnf.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\Njeeves.exe () PRC - C:\Programme\Norman\Npf\Bin\npfsvc32.exe (Norman ASA) PRC - C:\Programme\Norman\Nvc\Bin\Nvcoas.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA) PRC - C:\Programme\Norman\Nvc\Bin\CClaw.exe (Norman ASA) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\JS\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (nsesvc) -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE (Norman ASA) SRV:64bit: - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA) SRV:64bit: - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\elogsvc.exe (Norman ASA) SRV:64bit: - (NNFSVC) -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe (Norman ASA) SRV:64bit: - (Scheduler) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe (Norman ASA) SRV:64bit: - (Norman NJeeves) -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe () SRV:64bit: - (NPFSvc32) -- C:\Program Files\Norman\npf\bin\npfsvc32.exe (Norman ASA) SRV:64bit: - (nvcoas) -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe (Norman ASA) SRV:64bit: - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TomTomHOMEService) -- E:\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe () SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (NvcMFlt) -- C:\Windows\SysNative\drivers\nvcv64mf.sys (Norman ASA) DRV:64bit: - (ALE_NF) -- C:\Windows\SysNative\drivers\ale_nf64.sys (Norman ASA) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (AVerAF15) -- C:\Windows\SysNative\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys () DRV - (nregsec) -- C:\Programme\Norman\Ngs\Bin\nregsec64.sys (Norman ASA) DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (NGS) -- c:\Programme\Norman\Ngs\Bin\ngs64.sys (Norman ASA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_7736&r=27360110s526l0338z1i5t49i1g231 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-934884471-4151548976-3289994798-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/ IE - HKU\S-1-5-21-934884471-4151548976-3289994798-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.22 18:12:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 20:45:42 | 000,000,000 | ---D | M] [2011.02.19 15:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JS\AppData\Roaming\mozilla\Extensions [2010.01.24 17:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JS\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.02.19 15:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JS\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2011.07.10 12:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JS\AppData\Roaming\mozilla\Firefox\Profiles\pfqg6b9g.default\extensions [2011.07.01 21:26:54 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\JS\AppData\Roaming\mozilla\Firefox\Profiles\pfqg6b9g.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} O1 HOSTS File: ([2011.07.10 21:08:45 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-934884471-4151548976-3289994798-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk - C:\PROGRA~2\COMMON~1\AVERME~1\AVERQU~1\AVERHI~1.EXE - () MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk - C:\PROGRA~2\COMMON~1\AVERME~1\AVERQU~1\AVERQU~1.EXE - (AVerMedia TECHNOLOGIES, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^JS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig:64bit - StartUpReg: 1und1Agent - hkey= - key= - C:\Program Files (x86)\Internetradio Player\ps_agent.exe (phonostar) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Apoint - hkey= - key= - C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) MsConfig:64bit - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) MsConfig:64bit - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Philips Device Listener - hkey= - key= - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () MsConfig:64bit - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) MsConfig:64bit - StartUpReg: PLFSetI - hkey= - key= - C:\Windows\PLFSetI.exe () MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - File not found MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - E:\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.12 20:44:51 | 000,000,000 | ---D | C] -- C:\Users\JS\AppData\Local\Diagnostics [2011.07.12 18:49:03 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\JS\Desktop\aswMBR.exe [2011.07.11 22:05:54 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\JS\Desktop\tdsskiller.exe [2011.07.11 13:52:55 | 000,000,000 | ---D | C] -- C:\Users\JS\AppData\Local\Sunbelt Software [2011.07.10 21:49:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.07.10 21:29:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.07.10 20:32:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.07.10 20:32:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.07.10 20:32:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.07.10 20:31:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.07.10 20:31:32 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.07.10 20:29:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.07.10 20:23:43 | 004,138,980 | R--- | C] (Swearware) -- C:\Users\JS\Desktop\ComboFix.exe [2011.07.10 19:37:52 | 000,000,000 | ---D | C] -- C:\Users\JS\Desktop\GooredFix Backups [2011.07.10 19:36:56 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\JS\Desktop\GooredFix.exe [2011.07.10 17:51:41 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\JS\Desktop\OTL.exe [2011.07.10 17:50:14 | 000,000,000 | ---D | C] -- C:\Users\JS\AppData\Roaming\Malwarebytes [2011.07.10 17:49:54 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.07.10 17:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.07.10 17:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.07.07 23:11:42 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011.07.07 22:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.07.07 21:33:31 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.07.07 21:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011.07.07 20:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2011.07.02 19:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Plasmoo [2011.07.02 19:04:07 | 000,000,000 | ---D | C] -- C:\Users\JS\Documents\DVDVideoSoft [2011.07.02 19:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.07.02 19:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011.07.02 18:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.07.02 18:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2011.07.02 18:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Pro Control Center [2011.07.02 18:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2011.07.02 18:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2011.07.02 18:34:00 | 000,000,000 | ---D | C] -- C:\ATI [2011.07.02 18:25:17 | 000,000,000 | ---D | C] -- C:\AMD [2011.07.02 18:11:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.07.02 00:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.07.01 21:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.19 17:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.06.19 17:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.06.19 16:37:33 | 000,378,000 | ---- | C] (Norman ASA) -- C:\Windows\SysNative\drivers\tdi_nf.sys [2011.06.19 16:37:33 | 000,068,176 | ---- | C] (Norman ASA) -- C:\Windows\SysNative\drivers\ale_nf64.sys [2011.06.19 16:37:33 | 000,061,472 | ---- | C] (Norman ASA) -- C:\Windows\SysNative\drivers\ale_nf.sys [2011.06.19 16:37:32 | 000,048,272 | ---- | C] (Norman ASA) -- C:\Windows\SysNative\drivers\nnetsec.sys [2011.06.19 16:37:32 | 000,034,192 | ---- | C] (Norman ASA) -- C:\Windows\SysNative\drivers\nnetsecl64.sys [2011.06.19 16:37:32 | 000,030,584 | ---- | C] (Norman ASA) -- C:\Windows\SysNative\drivers\nnetsecl.sys [2011.06.19 16:37:30 | 000,028,560 | ---- | C] (Norman ASA) -- C:\Windows\SysNative\drivers\nvcv64mf.sys [2009.10.29 07:58:47 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2011.07.12 20:48:48 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.12 20:48:48 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.12 20:41:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.12 20:41:30 | 532,865,023 | -HS- | M] () -- C:\hiberfil.sys [2011.07.12 20:39:23 | 000,000,512 | ---- | M] () -- C:\Users\JS\Desktop\MBR.dat [2011.07.12 18:49:40 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\JS\Desktop\aswMBR.exe [2011.07.12 18:37:46 | 000,080,384 | ---- | M] () -- C:\Users\JS\Desktop\MBRCheck.exe [2011.07.11 22:05:55 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\JS\Desktop\tdsskiller.exe [2011.07.10 21:08:45 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.07.10 20:24:29 | 004,138,980 | R--- | M] (Swearware) -- C:\Users\JS\Desktop\ComboFix.exe [2011.07.10 19:36:57 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\JS\Desktop\GooredFix.exe [2011.07.10 17:51:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\JS\Desktop\OTL.exe [2011.07.10 17:49:54 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.07 21:38:45 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.07.07 21:38:41 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2011.07.07 21:35:03 | 001,613,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.07.07 21:35:03 | 000,697,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.07.07 21:35:03 | 000,652,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.07.07 21:35:03 | 000,148,292 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.07.07 21:35:03 | 000,121,238 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.07.07 21:33:36 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.07.02 19:04:07 | 000,001,402 | ---- | M] () -- C:\Users\JS\Desktop\MP3 Converter.lnk [2011.07.02 00:04:29 | 000,345,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.07.01 21:12:48 | 000,000,392 | ---- | M] () -- C:\ProgramData\37019384 [2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe [2011.06.22 18:12:15 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.20 10:31:32 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys ========== Files Created - No Company Name ========== [2011.07.12 20:39:23 | 000,000,512 | ---- | C] () -- C:\Users\JS\Desktop\MBR.dat [2011.07.12 18:37:33 | 000,080,384 | ---- | C] () -- C:\Users\JS\Desktop\MBRCheck.exe [2011.07.10 20:32:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.07.10 20:32:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.07.10 20:32:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.07.10 20:32:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.07.10 20:32:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.07.10 17:49:54 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.07 21:45:58 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2011.07.07 21:33:36 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.07.02 19:04:07 | 000,001,402 | ---- | C] () -- C:\Users\JS\Desktop\MP3 Converter.lnk [2011.07.01 21:05:15 | 000,000,392 | ---- | C] () -- C:\ProgramData\37019384 [2011.06.19 16:37:30 | 000,222,352 | ---- | C] () -- C:\Windows\SysNative\nscrnsav.scr [2011.03.27 15:12:11 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.dll [2011.03.27 15:12:11 | 000,003,456 | ---- | C] () -- C:\Windows\SysWow64\AVerIO.sys [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.10.17 12:36:55 | 000,007,664 | ---- | C] () -- C:\Users\JS\AppData\Local\Resmon.ResmonCfg [2010.09.26 11:25:41 | 001,590,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.12 10:32:46 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.08.08 18:11:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.06.12 12:07:28 | 000,003,584 | ---- | C] () -- C:\Users\JS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.23 21:06:12 | 000,000,064 | ---- | C] () -- C:\Windows\AVerText.ini [2010.02.10 20:42:27 | 000,598,016 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll [2010.02.10 20:42:27 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll [2010.02.10 20:42:27 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll [2010.02.10 20:42:27 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll [2010.01.24 02:05:40 | 000,000,080 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.01.23 15:28:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.12.24 17:57:23 | 000,001,697 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2009.12.24 09:44:51 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.12.24 09:30:33 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.12.24 09:30:33 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe [2009.12.24 09:30:33 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini [2009.12.24 09:22:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.10.28 19:54:34 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini [2009.10.28 19:54:34 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.10.28 19:54:34 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2010.02.06 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\1&1 [2010.01.24 19:07:59 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\Ashampoo [2011.07.01 21:26:53 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\BuddyW [2010.02.13 19:14:47 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\Canon [2010.01.23 16:35:50 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.07.02 01:00:41 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\elsterformular [2011.07.02 00:22:25 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\FileZilla [2010.01.23 14:32:29 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\GameConsole [2011.07.02 11:59:59 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\gtk-2.0 [2011.07.01 21:26:53 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\Internet-Radio Player [2011.07.01 21:26:54 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\KompoZer [2011.07.01 21:26:54 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\Nvu [2011.07.01 21:26:54 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\Philips-Songbird [2011.07.01 21:26:55 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\PowerCinema [2010.09.20 19:14:20 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\QuickScan [2010.08.08 18:19:00 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\Samsung [2011.07.01 21:26:55 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\SoftDMA [2011.07.01 21:25:26 | 000,000,000 | ---D | M] -- C:\Users\JS\AppData\Roaming\TomTom [2011.06.02 17:21:28 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.10 21:49:26 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.07.02 18:25:17 | 000,000,000 | ---D | M] -- C:\AMD [2011.07.02 18:34:00 | 000,000,000 | ---D | M] -- C:\ATI [2009.12.24 09:35:34 | 000,000,000 | ---D | M] -- C:\BOOK [2010.01.24 17:55:07 | 000,000,000 | ---D | M] -- C:\CanoScan [2011.07.10 21:29:24 | 000,000,000 | ---D | M] -- C:\ComboFix [2011.07.08 17:59:36 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.01.23 13:07:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.01.23 14:52:57 | 000,000,000 | ---D | M] -- C:\elements [2009.10.29 07:44:31 | 000,000,000 | ---D | M] -- C:\Intel [2010.02.03 20:11:48 | 000,000,000 | R--D | M] -- C:\MSOCache [2010.10.17 20:54:34 | 000,000,000 | ---D | M] -- C:\MyWinLockerData [2011.07.01 21:26:32 | 000,000,000 | ---D | M] -- C:\oem [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.02 18:34:39 | 000,000,000 | R--D | M] -- C:\Program Files [2011.07.10 17:49:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.07.07 22:18:17 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.01.23 13:07:57 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.10 21:29:24 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.01.23 13:07:58 | 000,000,000 | ---D | M] -- C:\Recovery [2011.07.12 21:30:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.02.19 15:44:39 | 000,000,000 | ---D | M] -- C:\Temp [2010.01.23 13:08:07 | 000,000,000 | R--D | M] -- C:\Users [2011.07.12 21:17:52 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > keepracing |
|
12.07.2011, 21:11
| #23 |
| /// Malwareteam | Google Redirect und IExplorer.exe im Hintergrund aktiv Ich will nochmals einen CF Scan. Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. |
|
12.07.2011, 22:26
| #24 |
| | Google Redirect und IExplorer.exe im Hintergrund aktiv Anbei die ComboFix-Datei; Umleitung und iexplorer.exe noch aktiv Viele Grüße keepracing |
|
12.07.2011, 22:30
| #25 |
| /// Malwareteam | Google Redirect und IExplorer.exe im Hintergrund aktiv Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. |
|
13.07.2011, 09:28
| #26 |
| | Google Redirect und IExplorer.exe im Hintergrund aktiv So, hat ein wenig gedauert, hier das Log-File: Code:
ATTFilter aswMBR version 0.9.7.707 Copyright(c) 2011 AVAST Software
Run date: 2011-07-13 07:54:46
-----------------------------
07:54:46.279 OS Version: Windows x64 6.1.7601 Service Pack 1
07:54:46.279 Number of processors: 2 586 0x170A
07:54:46.279 ComputerName: KEEPRACING UserName: JS
07:54:47.558 Initialize success
07:54:53.299 AVAST engine defs: 11071201
07:55:01.193 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:55:01.193 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
07:55:01.208 Disk 0 MBR read successfully
07:55:01.208 Disk 0 MBR scan
07:55:01.208 Disk 0 unknown MBR code
07:55:01.224 Disk 0 MBR hidden
07:55:01.224 Service scanning
07:55:03.673 Disk 0 trace - called modules:
07:55:03.689 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8007001254]<<
07:55:03.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fd92f0]
07:55:03.704 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005ee0050]
07:55:03.704 \Driver\iaStor[0xfffffa80054b9570] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007001254
07:55:04.968 AVAST engine scan C:\Windows
10:12:56.301 AVAST engine scan C:\Users\JS
10:22:28.103 AVAST engine scan C:\ProgramData
10:26:27.644 Scan finished successfully
10:26:38.065 Disk 0 MBR has been saved successfully to "C:\Users\JS\Desktop\MBR.dat"
10:26:38.065 The log file has been saved successfully to "C:\Users\JS\Desktop\aswMBR.txt"
keepracing |
|
13.07.2011, 13:09
| #27 |
| /// Malwareteam | Google Redirect und IExplorer.exe im Hintergrund aktiv Nun kontrollieren wir den Master Boot Record,ob alles in Ordnung ist:
|
|
13.07.2011, 13:58
| #28 |
| | Google Redirect und IExplorer.exe im Hintergrund aktiv Hm, schau mal: Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601
device: opened successfully
user: error reading MBR
error: Read Das Handle ist ungültig.
kernel: error reading MBR
keepracing |
|
13.07.2011, 14:00
| #29 |
| /// Malwareteam | Google Redirect und IExplorer.exe im Hintergrund aktiv Hast Du dies im Adminmodus ausgeführt? |
|
13.07.2011, 14:14
| #30 |
| | Google Redirect und IExplorer.exe im Hintergrund aktiv Ja, direkt als Admin ausgeführt, führe ich das Programm normal mit Doppelklick aus - gleiches Ergebnis.... Viel Grüße keepracing |
|
| Themen zu Google Redirect und IExplorer.exe im Hintergrund aktiv |
| abbruch, ad-aware, aktiv, antivirus, explorer, firefox, firewall, forum, google, google redirect, hallo zusammen, hintergrund, iexplorer, iexplorer.exe, internet, internet explorer, norman, probleme, prozess, prozesse, redirect, security, seite, seiten, umleitung, unbekannte seiten, windows |
Textbox.
Linear-Darstellung
