| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf MalwarenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
03.04.2011, 18:21
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Verdacht auf Malwaren Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
03.04.2011, 20:23
| #2 |
 | Verdacht auf Malwaren Der Log:
__________________Code:
ATTFilter ComboFix 11-04-03.01 - Admin 03.04.2011 20:25:42.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.41.1031.18.6004.1683 [GMT 2:00]
ausgeführt von:: f:\benutzer\Admin\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WMPNetworkSvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-03 bis 2011-04-03 ))))))))))))))))))))))))))))))
.
.
2011-04-03 15:24 . 2011-03-23 08:11 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3D3801F2-F85C-43DD-977C-B589FA01A1B7}\mpengine.dll
2011-04-03 14:59 . 2011-04-03 14:58 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-04-03 14:59 . 2011-04-03 14:58 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB4F051D-0147-49C8-8C4F-96E93FE0C461}\gapaengine.dll
2011-04-03 14:59 . 2011-01-13 00:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-03 14:57 . 2011-04-03 14:57 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-04-03 14:20 . 2011-04-03 16:06 -------- d-----w- c:\programdata\SecTaskMan
2011-04-03 11:42 . 2011-04-03 16:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-03 11:42 . 2011-04-03 16:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-04-01 12:34 . 2011-04-03 14:57 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-01 12:31 . 2011-04-01 12:31 -------- d-----w- c:\program files\CCleaner
2011-03-30 12:01 . 2011-03-30 12:01 -------- d-----w- c:\users\Admin\AppData\Roaming\Avira
2011-03-30 12:00 . 2011-03-04 12:36 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-30 12:00 . 2011-03-04 12:36 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-30 12:00 . 2011-03-30 12:00 -------- d-----w- c:\programdata\Avira
2011-03-30 12:00 . 2011-03-30 12:00 -------- d-----w- c:\program files (x86)\Avira
2011-03-29 12:02 . 2011-03-29 12:02 108032 --sha-r- c:\windows\SysWow64\DevMngrt.dll
2011-03-20 21:31 . 2011-03-20 21:32 -------- d-sh--w- c:\users\Admin\AppData\Local\Lock
2011-03-15 13:23 . 2011-03-15 13:23 -------- d-----w- c:\users\Admin\AppData\Roaming\InstallShield
2011-03-13 10:05 . 2011-03-13 10:05 -------- d-----w- c:\users\Admin\AppData\Local\mquadr.at
2011-03-09 15:48 . 2011-03-09 15:48 -------- d-----w- c:\users\Admin\AppData\Roaming\Roxio
2011-03-09 15:45 . 2011-03-10 15:31 -------- d-----w- c:\programdata\Napster
2011-03-06 09:39 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-06 09:39 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-05 16:13 . 2011-03-05 16:13 -------- d-----w- C:\Advanced Wheel Mouse
2011-03-05 16:13 . 2011-03-05 16:13 -------- d-----w- C:\download
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-01 16:53 . 2010-07-29 09:39 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-01 16:53 . 2010-07-29 09:39 2052928 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-30 10:22 . 2011-01-30 10:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-01-30 10:22 . 2011-01-30 10:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-01-26 06:53 . 2011-02-12 10:32 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-12 10:32 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-12 10:32 144384 ----a-w- c:\windows\system32\cdd.dll
2011-01-22 09:51 . 2010-08-09 16:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-01-22 09:51 . 2010-08-09 16:58 2052928 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-01-07 08:07 . 2011-02-23 13:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 08:07 . 2011-02-23 13:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 08:06 . 2011-02-12 10:32 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:31 . 2011-02-23 13:08 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-07 07:31 . 2011-02-23 13:07 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27 . 2011-02-12 10:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-12 10:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-12 10:32 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-12 10:32 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-12 10:32 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-12 10:33 3127808 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-24 2454840]
"Dit"="Dit.exe" [2003-12-29 94208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-01-30 273544]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2007-11-10 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-11-5 2717024]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x]
S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 08:53]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 08:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"combofix"="c:\cofi\CF23410.cfxxe" [X]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-07 16414824]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bluewin.ch
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyServer = http=proxy.bluewin.ch:8080;ftp=proxy.bluewin.ch:8080
uInternet Settings,ProxyOverride = *.bluewin.ch;*.bluewindow.ch;<local>
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4o9l009c.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://de-de.facebook.com/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-HDMICtrlMan - %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
c:\windows\Dit.exe
c:\windows\DitExp.exe
c:\advanced wheel mouse\wh_exec.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-03 20:40:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-03 18:40
.
Vor Suchlauf: 10 Verzeichnis(se), 142'392'528'896 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 142'438'227'968 Bytes frei
.
- - End Of File - - 420B7A80A9ABD1B49F1B9241ACA02D9B
|
|
04.04.2011, 08:32
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf MalwarenZitat:
Danach dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ |
|
05.04.2011, 13:05
| #4 |
| | Verdacht auf Malwaren Der Log. Das Programm hat nichts gefunden. Code:
ATTFilter 2011/04/05 14:03:25.0281 8040 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/05 14:03:25.0656 8040 ================================================================================
2011/04/05 14:03:25.0656 8040 SystemInfo:
2011/04/05 14:03:25.0656 8040
2011/04/05 14:03:25.0656 8040 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/05 14:03:25.0656 8040 Product type: Workstation
2011/04/05 14:03:25.0656 8040 ComputerName: ADMIN-TOSH
2011/04/05 14:03:25.0656 8040 UserName: Admin
2011/04/05 14:03:25.0656 8040 Windows directory: C:\Windows
2011/04/05 14:03:25.0656 8040 System windows directory: C:\Windows
2011/04/05 14:03:25.0656 8040 Running under WOW64
2011/04/05 14:03:25.0656 8040 Processor architecture: Intel x64
2011/04/05 14:03:25.0656 8040 Number of processors: 4
2011/04/05 14:03:25.0656 8040 Page size: 0x1000
2011/04/05 14:03:25.0656 8040 Boot type: Normal boot
2011/04/05 14:03:25.0656 8040 ================================================================================
2011/04/05 14:03:26.0623 8040 Initialize success
2011/04/05 14:03:36.0248 6612 ================================================================================
2011/04/05 14:03:36.0248 6612 Scan started
2011/04/05 14:03:36.0248 6612 Mode: Manual;
2011/04/05 14:03:36.0248 6612 ================================================================================
2011/04/05 14:03:37.0387 6612 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/05 14:03:37.0558 6612 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/05 14:03:37.0714 6612 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/05 14:03:37.0855 6612 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/05 14:03:38.0042 6612 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/05 14:03:38.0198 6612 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/05 14:03:38.0370 6612 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/05 14:03:38.0510 6612 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/05 14:03:38.0682 6612 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/05 14:03:38.0838 6612 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/05 14:03:38.0978 6612 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/05 14:03:39.0134 6612 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/05 14:03:39.0274 6612 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/05 14:03:39.0415 6612 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/05 14:03:39.0555 6612 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/05 14:03:39.0696 6612 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/05 14:03:39.0914 6612 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/05 14:03:40.0054 6612 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/05 14:03:40.0210 6612 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/05 14:03:40.0382 6612 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/05 14:03:40.0538 6612 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/05 14:03:40.0725 6612 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/05 14:03:40.0928 6612 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/05 14:03:41.0115 6612 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/05 14:03:41.0240 6612 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/05 14:03:41.0412 6612 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/05 14:03:41.0536 6612 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/05 14:03:41.0677 6612 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/05 14:03:41.0770 6612 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/05 14:03:41.0926 6612 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/05 14:03:42.0051 6612 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/05 14:03:42.0192 6612 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/05 14:03:42.0285 6612 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/05 14:03:42.0441 6612 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/05 14:03:42.0613 6612 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/05 14:03:42.0769 6612 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/05 14:03:42.0940 6612 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/05 14:03:43.0065 6612 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/05 14:03:43.0237 6612 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/05 14:03:43.0362 6612 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/05 14:03:43.0518 6612 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/05 14:03:43.0705 6612 CnxtHdAudService (94af76ba5b74518610da47e7181a1d68) C:\Windows\system32\drivers\CHDRT64.sys
2011/04/05 14:03:43.0845 6612 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/05 14:03:43.0970 6612 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/05 14:03:44.0126 6612 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/05 14:03:44.0329 6612 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/05 14:03:44.0469 6612 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/05 14:03:44.0610 6612 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/05 14:03:44.0797 6612 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/05 14:03:44.0968 6612 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/05 14:03:45.0187 6612 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/05 14:03:45.0405 6612 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/05 14:03:45.0546 6612 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/05 14:03:45.0717 6612 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/05 14:03:45.0826 6612 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/05 14:03:45.0982 6612 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/05 14:03:46.0107 6612 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/05 14:03:46.0248 6612 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/05 14:03:46.0372 6612 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/05 14:03:46.0482 6612 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/05 14:03:46.0638 6612 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/05 14:03:46.0731 6612 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/05 14:03:46.0903 6612 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/05 14:03:47.0043 6612 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/05 14:03:47.0246 6612 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/05 14:03:47.0371 6612 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/05 14:03:47.0527 6612 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/05 14:03:47.0683 6612 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/04/05 14:03:47.0792 6612 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/05 14:03:47.0917 6612 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/05 14:03:48.0057 6612 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/05 14:03:48.0213 6612 hidshim (f44381f466cfcee8e850de6bbfa43fe2) C:\Windows\system32\DRIVERS\hidshim.sys
2011/04/05 14:03:48.0354 6612 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/05 14:03:48.0525 6612 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/05 14:03:48.0666 6612 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/05 14:03:48.0790 6612 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/05 14:03:48.0931 6612 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/05 14:03:49.0040 6612 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/05 14:03:49.0212 6612 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/05 14:03:49.0414 6612 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/05 14:03:49.0586 6612 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
2011/04/05 14:03:49.0726 6612 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/05 14:03:49.0867 6612 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/05 14:03:50.0023 6612 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/05 14:03:50.0148 6612 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/05 14:03:50.0319 6612 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/05 14:03:50.0460 6612 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/05 14:03:50.0647 6612 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/05 14:03:50.0787 6612 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/05 14:03:50.0959 6612 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/05 14:03:51.0115 6612 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/05 14:03:51.0255 6612 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/05 14:03:51.0380 6612 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/05 14:03:51.0520 6612 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/05 14:03:51.0661 6612 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/04/05 14:03:51.0817 6612 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/05 14:03:51.0973 6612 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/05 14:03:52.0113 6612 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/05 14:03:52.0269 6612 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/05 14:03:52.0410 6612 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/05 14:03:52.0519 6612 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/05 14:03:52.0659 6612 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/05 14:03:52.0815 6612 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/05 14:03:53.0002 6612 mod7700 (551d2ab26007aaeaa246872501ac8c17) C:\Windows\system32\Drivers\dvb7700all.sys
2011/04/05 14:03:53.0143 6612 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/05 14:03:53.0299 6612 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/05 14:03:53.0470 6612 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/05 14:03:53.0580 6612 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/05 14:03:53.0720 6612 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/05 14:03:53.0860 6612 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/05 14:03:53.0985 6612 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/05 14:03:54.0110 6612 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/05 14:03:54.0235 6612 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/05 14:03:54.0375 6612 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS
2011/04/05 14:03:54.0500 6612 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/05 14:03:54.0609 6612 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/05 14:03:54.0734 6612 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/05 14:03:54.0874 6612 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/05 14:03:54.0968 6612 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/05 14:03:55.0093 6612 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/05 14:03:55.0264 6612 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/05 14:03:55.0452 6612 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/05 14:03:55.0561 6612 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/05 14:03:55.0732 6612 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/05 14:03:55.0935 6612 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/05 14:03:56.0091 6612 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/05 14:03:56.0232 6612 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/05 14:03:56.0372 6612 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/05 14:03:56.0512 6612 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/05 14:03:56.0622 6612 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/05 14:03:56.0746 6612 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/05 14:03:56.0902 6612 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/05 14:03:57.0090 6612 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/05 14:03:57.0246 6612 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/05 14:03:57.0370 6612 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/05 14:03:57.0542 6612 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/05 14:03:57.0682 6612 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/05 14:03:57.0792 6612 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/05 14:03:57.0963 6612 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/05 14:03:58.0104 6612 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/05 14:03:58.0260 6612 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/05 14:03:58.0400 6612 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/05 14:03:58.0556 6612 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/05 14:03:58.0681 6612 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/05 14:03:58.0837 6612 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/05 14:03:58.0993 6612 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/05 14:03:59.0149 6612 nuvotoncir (4f990bd111cf94891104193f8787788f) C:\Windows\system32\DRIVERS\nuvotoncir.sys
2011/04/05 14:03:59.0289 6612 nuvotonhidcir (05416052f584e7488dce7f6bce4e75a1) C:\Windows\system32\DRIVERS\nuvotonhidcir.sys
2011/04/05 14:03:59.0445 6612 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
2011/04/05 14:03:59.0835 6612 nvlddmkm (0433890f7bfc6e781c5fae78c7ff6eb4) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/05 14:04:00.0241 6612 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/05 14:04:00.0397 6612 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/05 14:04:00.0537 6612 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/05 14:04:00.0693 6612 O2MDGRDR (a3c51527dfd788880c2ece6e9fb68355) C:\Windows\system32\DRIVERS\o2mdgx64.sys
2011/04/05 14:04:00.0849 6612 O2SDGRDR (fa1eed3a10992eba9a39172b50346434) C:\Windows\system32\DRIVERS\o2sdgx64.sys
2011/04/05 14:04:00.0990 6612 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/05 14:04:01.0208 6612 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/05 14:04:01.0380 6612 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/05 14:04:01.0520 6612 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/05 14:04:01.0645 6612 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/05 14:04:01.0770 6612 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/05 14:04:01.0895 6612 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/05 14:04:02.0035 6612 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/05 14:04:02.0253 6612 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
2011/04/05 14:04:02.0487 6612 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/05 14:04:02.0612 6612 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/05 14:04:02.0753 6612 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/05 14:04:02.0909 6612 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\Windows\system32\DRIVERS\QIOMem.sys
2011/04/05 14:04:03.0065 6612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/05 14:04:03.0236 6612 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/05 14:04:03.0345 6612 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/05 14:04:03.0455 6612 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/05 14:04:03.0611 6612 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/05 14:04:03.0751 6612 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/05 14:04:03.0923 6612 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/05 14:04:04.0063 6612 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/05 14:04:04.0203 6612 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/05 14:04:04.0344 6612 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/05 14:04:04.0484 6612 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/05 14:04:04.0640 6612 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/05 14:04:04.0765 6612 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/05 14:04:04.0874 6612 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/05 14:04:05.0046 6612 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/05 14:04:05.0186 6612 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
2011/04/05 14:04:05.0327 6612 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
2011/04/05 14:04:05.0514 6612 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/05 14:04:05.0670 6612 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/04/05 14:04:05.0810 6612 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/05 14:04:05.0935 6612 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/05 14:04:06.0075 6612 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/05 14:04:06.0247 6612 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/05 14:04:06.0403 6612 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/05 14:04:06.0543 6612 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/05 14:04:06.0731 6612 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/05 14:04:06.0855 6612 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/05 14:04:06.0965 6612 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/05 14:04:07.0089 6612 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/05 14:04:07.0214 6612 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/05 14:04:07.0339 6612 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/05 14:04:07.0464 6612 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/05 14:04:07.0589 6612 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/05 14:04:07.0745 6612 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/05 14:04:07.0885 6612 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/05 14:04:08.0041 6612 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/05 14:04:08.0197 6612 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/05 14:04:08.0353 6612 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/05 14:04:08.0509 6612 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/05 14:04:08.0681 6612 SynTP (ecb9097c86db32bf3940590e0e1792c3) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/05 14:04:08.0899 6612 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/05 14:04:09.0117 6612 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/05 14:04:09.0258 6612 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/05 14:04:09.0445 6612 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/04/05 14:04:09.0585 6612 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/05 14:04:09.0710 6612 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/05 14:04:09.0819 6612 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/05 14:04:09.0960 6612 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/05 14:04:10.0100 6612 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\Windows\system32\DRIVERS\thpdrv.sys
2011/04/05 14:04:10.0256 6612 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\Windows\system32\DRIVERS\Thpevm.SYS
2011/04/05 14:04:10.0443 6612 tosporte (8021f63311797085949fa387f7c83583) C:\Windows\system32\DRIVERS\tosporte.sys
2011/04/05 14:04:10.0615 6612 tosrfbd (1b09357180034639e62cf745e77ac66e) C:\Windows\system32\DRIVERS\tosrfbd.sys
2011/04/05 14:04:10.0740 6612 tosrfbnp (62512b5277d88600f8bd4b7aec43569d) C:\Windows\system32\Drivers\tosrfbnp.sys
2011/04/05 14:04:10.0896 6612 Tosrfcom (c523a9186c39d65cc9adebb2e1b93ccd) C:\Windows\system32\Drivers\tosrfcom.sys
2011/04/05 14:04:11.0021 6612 tosrfec (11699d47b3491d86249c168496d55c92) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/04/05 14:04:11.0177 6612 Tosrfhid (451b8c1815c6cc39650af916c2a382cd) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2011/04/05 14:04:11.0379 6612 tosrfnds (b6fdc3c76ffe9c5171eea9c37ea367c2) C:\Windows\system32\DRIVERS\tosrfnds.sys
2011/04/05 14:04:11.0567 6612 TosRfSnd (e1e045240c1184fa6628f3c7e7ff85d8) C:\Windows\system32\drivers\tosrfsnd.sys
2011/04/05 14:04:11.0723 6612 Tosrfusb (fc88baf46ff87d2bc80f8b0f0322d84a) C:\Windows\system32\DRIVERS\tosrfusb.sys
2011/04/05 14:04:11.0894 6612 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
2011/04/05 14:04:12.0050 6612 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/05 14:04:12.0191 6612 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/05 14:04:12.0347 6612 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/04/05 14:04:12.0487 6612 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
2011/04/05 14:04:12.0612 6612 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/05 14:04:12.0752 6612 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/05 14:04:12.0924 6612 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/05 14:04:13.0064 6612 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/05 14:04:13.0173 6612 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/05 14:04:13.0314 6612 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/05 14:04:13.0485 6612 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/05 14:04:13.0610 6612 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/05 14:04:13.0751 6612 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/05 14:04:13.0875 6612 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/05 14:04:14.0000 6612 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/05 14:04:14.0141 6612 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/05 14:04:14.0234 6612 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/05 14:04:14.0421 6612 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/05 14:04:14.0577 6612 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/05 14:04:14.0749 6612 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/05 14:04:14.0843 6612 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/05 14:04:14.0967 6612 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/05 14:04:15.0123 6612 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/05 14:04:15.0264 6612 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/05 14:04:15.0389 6612 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/05 14:04:15.0498 6612 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/05 14:04:15.0638 6612 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/05 14:04:15.0779 6612 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/05 14:04:15.0935 6612 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/05 14:04:16.0059 6612 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/05 14:04:16.0247 6612 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/05 14:04:16.0418 6612 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/05 14:04:16.0449 6612 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/05 14:04:16.0605 6612 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/05 14:04:16.0746 6612 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/05 14:04:16.0964 6612 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/05 14:04:17.0120 6612 whfltr2k (297b242a1a75baf5bb24530b3c31ec5a) C:\Windows\system32\DRIVERS\whfltr2k.sys
2011/04/05 14:04:17.0245 6612 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/05 14:04:17.0448 6612 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/05 14:04:17.0619 6612 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/05 14:04:17.0791 6612 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/05 14:04:17.0947 6612 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/05 14:04:18.0134 6612 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/05 14:04:18.0696 6612 ================================================================================
2011/04/05 14:04:18.0696 6612 Scan finished
2011/04/05 14:04:18.0696 6612 ================================================================================
|
|
05.04.2011, 13:43
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Malwaren Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.04.2011, 14:11
| #6 |
| | Verdacht auf Malwaren Hier: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: SATELLITE P500
Logical Drives Mask: 0x0000043c
Kernel Drivers (total 214):
0x03065000 \SystemRoot\system32\ntoskrnl.exe
0x0301C000 \SystemRoot\system32\hal.dll
0x00BAD000 \SystemRoot\system32\kdcom.dll
0x00C52000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C96000 \SystemRoot\system32\PSHED.dll
0x00CAA000 \SystemRoot\system32\CLFS.SYS
0x00D08000 \SystemRoot\system32\CI.dll
0x00E80000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F24000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F33000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F8A000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F93000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F9D000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FD0000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FDD000 \SystemRoot\System32\drivers\partmgr.sys
0x00FF2000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E0C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E21000 \SystemRoot\System32\drivers\volmgrx.sys
0x00DC8000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DE2000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00DE9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x01088000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01290000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01299000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x012C3000 \SystemRoot\system32\DRIVERS\msahci.sys
0x012CE000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x012D9000 \SystemRoot\system32\drivers\fltmgr.sys
0x01325000 \SystemRoot\system32\drivers\fileinfo.sys
0x0141B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01339000 \SystemRoot\System32\Drivers\msrpc.sys
0x015BE000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x015D8000 \SystemRoot\System32\drivers\pcw.sys
0x015E9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162B000 \SystemRoot\system32\drivers\ndis.sys
0x0171D000 \SystemRoot\system32\drivers\NETIO.SYS
0x0177D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x017A8000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017F4000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x0183D000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x018B7000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
0x018B9000 \SystemRoot\system32\DRIVERS\thpdrv.sys
0x018C5000 \SystemRoot\System32\Drivers\spldr.sys
0x018CD000 \SystemRoot\System32\drivers\rdyboost.sys
0x01907000 \SystemRoot\System32\Drivers\mup.sys
0x01919000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01922000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0195C000 \SystemRoot\system32\DRIVERS\disk.sys
0x01972000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04306000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x04330000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x04361000 \SystemRoot\System32\Drivers\Null.SYS
0x0436A000 \SystemRoot\System32\Drivers\Beep.SYS
0x04371000 \SystemRoot\System32\drivers\vga.sys
0x0437F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x043A4000 \SystemRoot\System32\drivers\watchdog.sys
0x043B4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x043BD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x043C6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x043CF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x043DA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C03000 \SystemRoot\System32\drivers\tcpip.sys
0x04000000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0404A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04068000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A91000 \SystemRoot\system32\drivers\afd.sys
0x03B1B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03B60000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03B69000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03B8F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03BA5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03BB4000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x03BC7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03BE2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03A68000 \SystemRoot\System32\drivers\discache.sys
0x04075000 \SystemRoot\System32\Drivers\dfsc.sys
0x03A77000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04093000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x040B5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03A88000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04801000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0532A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x044ED000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04400000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04446000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0446A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x0447B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0448C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0564D000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x0577A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05787000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x0579C000 \SystemRoot\system32\DRIVERS\nuvotoncir.sys
0x057B2000 \SystemRoot\system32\DRIVERS\nuvotonhidcir.sys
0x057C0000 \SystemRoot\system32\DRIVERS\hidshim.sys
0x057C8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x057E1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05600000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0561E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0562D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0563C000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x0532C000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x057EA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05646000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x044E2000 \SystemRoot\system32\DRIVERS\tosrfec.sys
0x045E1000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x045E8000 \SystemRoot\system32\DRIVERS\QIOMem.sys
0x05352000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05362000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05378000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x045F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0539C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x053CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x019B0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x053E6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0564B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01397000 \SystemRoot\system32\DRIVERS\ks.sys
0x043EB000 \SystemRoot\system32\DRIVERS\circlass.sys
0x019D1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05C3F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05C99000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05CA7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05CBC000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05CD4000 \SystemRoot\system32\drivers\portcls.sys
0x05D11000 \SystemRoot\system32\drivers\drmk.sys
0x05D33000 \SystemRoot\system32\drivers\ksthunk.sys
0x05D39000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05DE9000 \SystemRoot\system32\DRIVERS\hidir.sys
0x05C00000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05C0D000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x000B0000 \SystemRoot\System32\win32k.sys
0x05C1E000 \SystemRoot\System32\drivers\Dxapi.sys
0x040DB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05C2A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05C2C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05C3A000 \SystemRoot\system32\DRIVERS\whfltr2k.sys
0x040F8000 \SystemRoot\System32\Drivers\dvb7700all.sys
0x05DFA000 \SystemRoot\System32\Drivers\BdaSup.SYS
0x041E8000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0x041F5000 \SystemRoot\System32\Drivers\usbvideo.sys
0x03BF6000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x04223000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0x04256000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0x0427A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x00580000 \SystemRoot\System32\TSDDD.dll
0x07A8F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07C97000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00730000 \SystemRoot\System32\cdd.dll
0x07CAA000 \SystemRoot\system32\drivers\luafv.sys
0x07CCD000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x07CEA000 \SystemRoot\system32\drivers\WudfPf.sys
0x07D0B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07D20000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07D73000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x07D86000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07E49000 \SystemRoot\system32\drivers\HTTP.sys
0x07F11000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07F2F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07F47000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07F74000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07FC2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x086C1000 \SystemRoot\system32\drivers\peauth.sys
0x08767000 \SystemRoot\system32\drivers\regi.sys
0x0876F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0877A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x087A7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08CEC000 \SystemRoot\System32\DRIVERS\srv.sys
0x08DF3000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x08C00000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x08C10000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x08C25000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x08D82000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0D6EE000 \SystemRoot\system32\drivers\MSPQM.sys
0x0D6F0000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0x0D763000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x0D61B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x0D69A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0D6B5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x77580000 \Windows\System32\ntdll.dll
0x48410000 \Windows\System32\smss.exe
0xFF8A0000 \Windows\System32\apisetschema.dll
0xFF390000 \Windows\System32\autochk.exe
0xFF7B0000 \Windows\System32\advapi32.dll
0xFF730000 \Windows\System32\difxapi.dll
0xFF6E0000 \Windows\System32\ws2_32.dll
0xFF480000 \Windows\System32\iertutil.dll
0xFF3A0000 \Windows\System32\oleaut32.dll
0xFF330000 \Windows\System32\gdi32.dll
0xFF320000 \Windows\System32\nsi.dll
0xFF2F0000 \Windows\System32\imm32.dll
0xFF1C0000 \Windows\System32\rpcrt4.dll
0xFF1A0000 \Windows\System32\sechost.dll
0x77750000 \Windows\System32\psapi.dll
0x77460000 \Windows\System32\kernel32.dll
0xFE410000 \Windows\System32\shell32.dll
0x77740000 \Windows\System32\normaliz.dll
0xFE390000 \Windows\System32\shlwapi.dll
0xFE260000 \Windows\System32\wininet.dll
0xFE0E0000 \Windows\System32\urlmon.dll
0xFE0D0000 \Windows\System32\lpk.dll
0xFE030000 \Windows\System32\comdlg32.dll
0xFDF60000 \Windows\System32\usp10.dll
0xFDD50000 \Windows\System32\ole32.dll
0x77360000 \Windows\System32\user32.dll
0xFDCB0000 \Windows\System32\msvcrt.dll
0xFDBA0000 \Windows\System32\msctf.dll
0xFDB50000 \Windows\System32\Wldap32.dll
0xFDB30000 \Windows\System32\imagehlp.dll
0xFDA90000 \Windows\System32\clbcatq.dll
0xFD8B0000 \Windows\System32\setupapi.dll
Processes (total 102):
0 System Idle Process
4 System
356 C:\Windows\System32\smss.exe
508 csrss.exe
680 C:\Windows\System32\wininit.exe
700 csrss.exe
736 C:\Windows\System32\services.exe
764 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
860 C:\Windows\System32\winlogon.exe
928 C:\Windows\System32\svchost.exe
128 C:\Windows\System32\nvvsvc.exe
404 C:\Windows\System32\svchost.exe
888 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1064 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\svchost.exe
1604 C:\Windows\System32\spoolsv.exe
1636 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1668 C:\Windows\System32\nvvsvc.exe
1712 C:\Windows\System32\svchost.exe
1872 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1932 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1972 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1316 C:\Windows\System32\drivers\o2flash.exe
1468 C:\Windows\System32\svchost.exe
2028 C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
2064 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2100 C:\Windows\System32\conhost.exe
2184 C:\Windows\System32\ThpSrv.exe
2208 C:\Windows\System32\TODDSrv.exe
2236 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2396 C:\Program Files\Toshiba\TECO\TecoService.exe
2536 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
1828 C:\Windows\System32\svchost.exe
1844 C:\Windows\System32\taskhost.exe
1840 C:\Windows\System32\dwm.exe
3132 C:\Windows\explorer.exe
3244 C:\Windows\System32\taskeng.exe
3596 C:\Windows\System32\svchost.exe
3320 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
3444 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
3448 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
3560 C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
3696 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4040 C:\Windows\System32\ThpSrv.exe
3532 C:\Program Files\Toshiba\TECO\Teco.exe
3680 C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
3728 C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
3352 C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
3804 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
3876 C:\Windows\System32\SearchIndexer.exe
3884 C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
3540 C:\Program Files\Microsoft Security Client\msseces.exe
3988 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3916 C:\Program Files\Windows Sidebar\sidebar.exe
3744 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
2604 C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
2392 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
1532 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
3580 C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
1112 C:\Windows\Dit.exe
936 C:\Windows\DitExp.exe
4100 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4156 C:\Advanced Wheel Mouse\wh_exec.exe
4212 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
4884 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
4908 C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
5112 C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
4092 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
1612 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
2864 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
3188 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
5056 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
1728 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
5160 C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
5380 C:\Windows\System32\svchost.exe
5536 C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
5632 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
6100 C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
5868 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1704 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
5728 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
5356 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
5144 C:\Windows\ehome\ehrecvr.exe
8180 mcGlidHost.exe
6316 C:\Windows\System32\svchost.exe
7192 C:\Windows\explorer.exe
8924 WUDFHost.exe
5504 C:\Windows\System32\audiodg.exe
5516 WmiPrvSE.exe
6412 C:\Windows\System32\taskhost.exe
5836 C:\Windows\System32\taskeng.exe
4324 C:\Windows\System32\SearchProtocolHost.exe
6768 C:\Windows\System32\SearchFilterHost.exe
7680 taskhost.exe
2980 dllhost.exe
6112 dllhost.exe
5408 F:\Benutzer\Admin\Desktop\MBRCheck.exe
6304 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003a`55300000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001M
PhysicalDrive1 Model Number: TOSHIBAMK5055GSX, Rev: FG001M
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
05.04.2011, 14:52
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Malwaren GMER wollte nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.04.2011, 15:56
| #8 |
| | Verdacht auf Malwaren Nein habs 3 mal probiert. Ist der wichtiger? LG |
|
07.04.2011, 18:43
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf Malwaren Nein ich frag nur nach. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2011, 13:21
| #10 |
| | Verdacht auf Malwaren Anti Malware Log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6308
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
08.04.2011 14:21:04
mbam-log-2011-04-08 (14-20-59).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 332908
Laufzeit: 1 Stunde(n), 30 Minute(n), 56 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\BSRURUF55J (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Gruss |
|
08.04.2011, 14:51
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verdacht auf MalwarenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Verdacht auf Malwaren |
| 64-bit, anti-malware, avira, deaktiviert, eingefangen, ergebnisse, essen, gen, gleichzeitig, hallo zusammen, hijack, hijack logfile, logfile, malware, malwarebytes, microsoft, microsoft security, microsoft security essentials, nicht mehr, nicht mehr öffnen, problem, programme, security, sicherheitscenter, trojaner, trojaner eingefangen, verdacht, wahrscheinlich, zusammen, öffnen |
Hybrid-Darstellung
