| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: IE öffnet komplett andere Seiten durch TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
29.04.2011, 15:07
| #1 |
 |  IE öffnet komplett andere Seiten durch Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 11-04-28.03 - User 29.04.2011 15:59:29.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.6135.4431 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\cofi.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Roaming\Local
c:\users\User\AppData\Roaming\Local\Temp\DDM\Settings\(2).ddr
c:\users\User\AppData\Roaming\Local\Temp\DDM\Settings\(3).ddr
c:\users\User\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\User\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\User\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\User\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\User\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\User\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3)
c:\users\User\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\User\AppData\Roaming\MSA
c:\users\User\infinst.exe
c:\windows\system32\hosts
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-28 bis 2011-04-29 ))))))))))))))))))))))))))))))
.
.
2011-04-29 10:05 . 2011-04-29 10:05 -------- d-----w- c:\program files (x86)\Tunatic
2011-04-27 16:24 . 2011-04-27 16:24 -------- d-----w- C:\_OTL
2011-04-27 10:32 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 10:32 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.21189351611425766.exe
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.09438208857365815.exe
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.5399563998682995.exe
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.19771568843115184.exe
2011-04-24 15:59 . 2011-04-24 15:59 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-04-24 15:58 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-24 15:58 . 2011-04-24 15:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-24 15:58 . 2011-04-24 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-24 15:58 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.3177135607912589.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.7264726497121414.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.019164675131827957.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.17757153460061625.exe
2011-04-22 12:44 . 2011-04-22 12:44 -------- d-----w- C:\files
2011-04-14 18:31 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 18:31 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 18:29 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 13:26 . 2011-04-12 13:26 -------- d-----w- c:\program files\SD EnterNET
2011-04-12 13:26 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-04-11 18:21 . 2011-04-11 18:21 -------- d-----w- c:\users\User\AppData\Local\Urgesoft
2011-04-10 20:29 . 2011-04-10 20:29 -------- d-----w- c:\users\User\AppData\Local\Jaksta_Technologies_Pty_L
2011-04-10 20:29 . 2011-04-10 20:29 -------- d-----w- c:\programdata\Applian
2011-04-10 20:28 . 2011-04-10 20:28 -------- d-----w- c:\windows\Applian Director
2011-04-05 18:00 . 2011-04-13 15:07 -------- d-----w- c:\program files (x86)\Metin2
2011-04-01 21:29 . 2011-04-17 14:22 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2011-04-01 12:33 . 2011-04-01 12:33 -------- d-----w- c:\program files (x86)\Cisco
2011-04-01 12:32 . 2010-02-26 10:37 676864 ----a-r- c:\windows\system32\drivers\rtl8192su.sys
2011-04-01 12:32 . 2010-02-26 10:37 188416 ------r- c:\windows\RTLExtUI.dll
2011-04-01 12:32 . 2010-02-26 10:37 614400 ------r- c:\windows\system32\Rtlihvs.dll
2011-04-01 12:32 . 2010-02-26 10:37 614400 ------r- c:\windows\Rtlihvs.dll
2011-04-01 12:32 . 2010-02-26 10:37 380928 ------r- c:\windows\RtlUI2.exe
2011-04-01 12:32 . 2010-02-26 10:37 380928 ------r- c:\windows\system32\RtlUI2.exe
2011-04-01 12:32 . 2010-02-26 10:37 188416 ------r- c:\windows\system32\RTLExtUI.dll
2011-04-01 12:32 . 2011-04-01 12:32 -------- d-----w- c:\program files (x86)\Edimax
2011-03-31 17:55 . 2011-03-31 17:55 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-03-31 17:52 . 2011-03-31 17:52 -------- d-----w- c:\windows\PCHEALTH
2011-03-30 15:45 . 2011-03-30 15:45 -------- d-----w- c:\users\User\AppData\Roaming\avidemux
2011-03-30 15:43 . 2011-03-30 15:43 -------- d-----w- c:\program files (x86)\Xvid
2011-03-30 15:43 . 2009-06-07 14:25 77824 ----a-w- c:\windows\SysWow64\xvid.ax
2011-03-30 15:43 . 2009-06-07 14:24 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-03-30 15:43 . 2009-06-07 14:16 819200 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-03-30 15:30 . 2011-03-30 15:37 -------- d-----w- c:\users\User\AppData\Roaming\Cuttermaran
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:17 . 2011-04-27 10:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 10:33 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 09:56 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 09:56 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 09:56 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 09:56 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 09:56 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 20:50 . 2011-02-18 20:50 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-02-18 20:50 . 2011-02-18 20:50 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-02-18 20:50 . 2011-02-18 20:50 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-02-18 20:50 . 2011-02-18 20:50 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-02-18 20:50 . 2011-02-18 20:50 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-02-18 20:50 . 2011-02-18 20:50 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-02-18 20:50 . 2011-02-18 20:50 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-02-18 20:50 . 2011-02-18 20:50 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-02-18 20:50 . 2011-02-18 20:50 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-02-18 20:50 . 2011-02-18 20:50 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-02-18 20:50 . 2011-02-18 20:50 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-02-18 20:50 . 2010-07-07 01:54 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-02-18 20:50 . 2011-02-18 20:50 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-02-18 20:50 . 2011-02-18 20:50 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-02-18 20:50 . 2011-02-18 20:50 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-02-18 20:50 . 2011-02-18 20:50 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-02-18 20:50 . 2010-04-07 01:40 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-02-18 20:50 . 2011-02-18 20:50 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-02-18 20:50 . 2011-02-18 20:50 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-02-18 20:50 . 2011-02-18 20:50 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-02-18 20:50 . 2011-02-18 20:50 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-02-18 20:50 . 2011-02-18 20:50 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-02-18 20:50 . 2011-02-18 20:50 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-02-18 20:50 . 2010-09-23 16:39 58880 ----a-w- c:\windows\system32\coinst.dll
2011-02-18 20:50 . 2011-02-18 20:50 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-02-18 20:50 . 2011-02-18 20:50 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-02-18 20:50 . 2011-02-18 20:50 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-02-18 20:50 . 2011-02-18 20:50 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-02-18 20:50 . 2011-02-18 20:50 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-02-18 20:50 . 2011-02-18 20:50 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-02-18 20:50 . 2011-02-18 20:50 332800 ----a-w- c:\windows\system32\ATIODE.exe
2011-02-18 20:50 . 2011-02-18 20:50 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-02-18 20:50 . 2011-02-18 20:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-02-18 20:50 . 2010-04-07 01:21 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-02-18 20:50 . 2011-02-18 20:50 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-02-18 20:50 . 2011-02-18 20:50 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-02-18 20:50 . 2011-02-18 20:50 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-02-18 20:50 . 2011-02-18 20:50 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-02-18 20:50 . 2011-02-18 20:50 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-02-18 20:50 . 2011-02-18 20:50 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-02-18 20:50 . 2011-02-18 20:50 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-02-18 20:50 . 2011-02-18 20:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-02-18 20:50 . 2011-02-18 20:50 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-02-18 20:50 . 2011-02-18 20:50 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-02-18 20:50 . 2010-04-07 01:22 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-02-11 07:30 . 2011-03-18 11:37 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE269F37-198C-4267-91F0-BA9282130E30}\mpengine.dll
2011-02-04 21:12 . 2011-02-04 21:12 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-04 21:12 . 2011-02-04 21:12 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-02-04 21:12 . 2011-02-04 21:12 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-04 21:12 . 2011-02-04 21:12 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-02-02 16:11 . 2010-09-18 16:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-02-18 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ugrllhsluukjoafhzxbuTaskMgr"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va003;X6va003;c:\users\User\AppData\Local\Temp\0039253.tmp [x]
R3 X6va005;X6va005;c:\users\User\AppData\Local\Temp\005A835.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2010-09-16 8761344]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: die-staemme.de\de71
TCP: {CBBC9FEA-46B8-41DF-909C-5566F8219919} = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwjhbt5a.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{33b974a8-e892-4f5f-bd17-f7b0331843d5} - (no file)
WebBrowser-{33B974A8-E892-4F5F-BD17-F7B0331843D5} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va003]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\0039253.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\005A835.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exe
c:\program files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-29 16:05:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-29 14:05
.
Vor Suchlauf: 11 Verzeichnis(se), 106.482.020.352 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 106.973.278.208 Bytes frei
.
- - End Of File - - 4796962A0819B9428CA55844B3104696
|
|
29.04.2011, 20:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | IE öffnet komplett andere Seiten durch Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.21189351611425766.exe
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.09438208857365815.exe
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.5399563998682995.exe
2011-04-25 22:17 . 2011-04-25 22:17 311296 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.19771568843115184.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.3177135607912589.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.7264726497121414.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.019164675131827957.exe
2011-04-24 14:49 . 2011-04-24 14:49 569344 ----a-w- c:\program files (x86)\Mozilla Firefox\null0.17757153460061625.exe
2011-04-22 12:44 . 2011-04-22 12:44 -------- d-----w- C:\files
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ |
|
30.04.2011, 00:07
| #3 |
| | IE öffnet komplett andere Seiten durch Trojaner All processes killed
__________________========== OTL ========== ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: User ->Temp folder emptied: 2792 bytes ->Temporary Internet Files folder emptied: 1502454 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 88396645 bytes ->Flash cache emptied: 1145 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes RecycleBin emptied: 996467304 bytes Total Files Cleaned = 1.036,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04302011_005709 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
30.04.2011, 02:43
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Sry hatte einen kleinen Blackout  Mach den Fix bitte nochmal aber mit diesem Script: Code:
ATTFilter :OTL
c:\program files (x86)\Mozilla Firefox\null0.21189351611425766.exe
c:\program files (x86)\Mozilla Firefox\null0.09438208857365815.exe
c:\program files (x86)\Mozilla Firefox\null0.5399563998682995.exe
c:\program files (x86)\Mozilla Firefox\null0.19771568843115184.exe
c:\program files (x86)\Mozilla Firefox\null0.3177135607912589.exe
c:\program files (x86)\Mozilla Firefox\null0.7264726497121414.exe
c:\program files (x86)\Mozilla Firefox\null0.019164675131827957.exe
c:\program files (x86)\Mozilla Firefox\null0.17757153460061625.exe
C:\files
:Commands
[purity]
[resethosts]
[emptytemp]
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.04.2011, 16:33
| #5 |
| | IE öffnet komplett andere Seiten durch Trojaner All processes killed ========== OTL ========== ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1516470 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 91335393 bytes ->Flash cache emptied: 1671 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 89,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04302011_172625 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
01.05.2011, 13:49
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Sry irgendwie hab ich es bei dir mti dem Script, da war schon wieder ein Fehler drin  Mach es bitte nochmal mit diesem jetzt endlich korrektem Script: Zitat:
__________________ --> IE öffnet komplett andere Seiten durch Trojaner |
|
01.05.2011, 15:03
| #7 |
| | IE öffnet komplett andere Seiten durch Trojaner All processes killed ========== FILES ========== c:\program files (x86)\Mozilla Firefox\null0.21189351611425766.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.09438208857365815.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.5399563998682995.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.19771568843115184.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.3177135607912589.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.7264726497121414.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.019164675131827957.exe moved successfully. c:\program files (x86)\Mozilla Firefox\null0.17757153460061625.exe moved successfully. C:\files folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 65670 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 45021563 bytes ->Flash cache emptied: 521 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 43,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05012011_155949 Files\Folders moved on Reboot... C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
02.05.2011, 23:30
| #8 |
| | IE öffnet komplett andere Seiten durch Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 11-05-02.03 - User 03.05.2011 0:26.4.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.6135.4666 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\users\User\AppData\Local\Temp\0039253.tmp"
"c:\users\User\AppData\Local\Temp\005A835.tmp"
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-02 bis 2011-05-02 ))))))))))))))))))))))))))))))
.
.
2011-05-02 22:28 . 2011-05-02 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-02 13:38 . 2011-05-02 13:38 -------- d-----w- c:\users\User\AppData\Local\The Lord of the Rings Online
2011-05-01 20:07 . 2011-05-02 13:17 -------- d-----w- c:\users\User\AppData\Local\Turbine
2011-05-01 20:07 . 2011-05-02 18:35 -------- d-----w- c:\users\User\AppData\Local\ApplicationHistory
2011-05-01 20:06 . 2011-05-01 20:06 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-05-01 19:42 . 2011-05-01 19:42 -------- d-----w- c:\program files (x86)\Codemasters
2011-05-01 15:49 . 2011-05-02 22:28 -------- d-----w- c:\users\User\AppData\Local\PMB Files
2011-05-01 15:49 . 2011-05-01 15:56 -------- d-----w- c:\programdata\PMB Files
2011-04-29 10:05 . 2011-04-29 10:05 -------- d-----w- c:\program files (x86)\Tunatic
2011-04-27 16:24 . 2011-04-27 16:24 -------- d-----w- C:\_OTL
2011-04-27 10:32 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 10:32 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-24 15:59 . 2011-04-24 15:59 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-04-24 15:58 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-24 15:58 . 2011-04-24 15:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-24 15:58 . 2011-04-24 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-24 15:58 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 18:31 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 18:31 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 18:29 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 13:26 . 2011-04-12 13:26 -------- d-----w- c:\program files\SD EnterNET
2011-04-12 13:26 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-04-11 18:21 . 2011-04-11 18:21 -------- d-----w- c:\users\User\AppData\Local\Urgesoft
2011-04-10 20:29 . 2011-04-10 20:29 -------- d-----w- c:\users\User\AppData\Local\Jaksta_Technologies_Pty_L
2011-04-10 20:29 . 2011-04-10 20:29 -------- d-----w- c:\programdata\Applian
2011-04-10 20:28 . 2011-04-10 20:28 -------- d-----w- c:\windows\Applian Director
2011-04-05 18:00 . 2011-04-13 15:07 -------- d-----w- c:\program files (x86)\Metin2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:17 . 2011-04-27 10:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 10:33 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 09:56 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 09:56 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 09:56 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 09:56 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 09:56 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 20:50 . 2011-02-18 20:50 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-02-18 20:50 . 2011-02-18 20:50 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-02-18 20:50 . 2011-02-18 20:50 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-02-18 20:50 . 2011-02-18 20:50 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-02-18 20:50 . 2011-02-18 20:50 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-02-18 20:50 . 2011-02-18 20:50 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-02-18 20:50 . 2011-02-18 20:50 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-02-18 20:50 . 2011-02-18 20:50 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-02-18 20:50 . 2011-02-18 20:50 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-02-18 20:50 . 2011-02-18 20:50 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-02-18 20:50 . 2011-02-18 20:50 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-02-18 20:50 . 2010-07-07 01:54 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-02-18 20:50 . 2011-02-18 20:50 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-02-18 20:50 . 2011-02-18 20:50 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-02-18 20:50 . 2011-02-18 20:50 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-02-18 20:50 . 2011-02-18 20:50 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-02-18 20:50 . 2010-04-07 01:40 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-02-18 20:50 . 2011-02-18 20:50 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-02-18 20:50 . 2011-02-18 20:50 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-02-18 20:50 . 2011-02-18 20:50 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-02-18 20:50 . 2011-02-18 20:50 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-02-18 20:50 . 2011-02-18 20:50 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-02-18 20:50 . 2011-02-18 20:50 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-02-18 20:50 . 2010-09-23 16:39 58880 ----a-w- c:\windows\system32\coinst.dll
2011-02-18 20:50 . 2011-02-18 20:50 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-02-18 20:50 . 2011-02-18 20:50 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-02-18 20:50 . 2011-02-18 20:50 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-02-18 20:50 . 2011-02-18 20:50 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-02-18 20:50 . 2011-02-18 20:50 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-02-18 20:50 . 2011-02-18 20:50 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-02-18 20:50 . 2011-02-18 20:50 332800 ----a-w- c:\windows\system32\ATIODE.exe
2011-02-18 20:50 . 2011-02-18 20:50 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-02-18 20:50 . 2011-02-18 20:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-02-18 20:50 . 2010-04-07 01:21 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-02-18 20:50 . 2011-02-18 20:50 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-02-18 20:50 . 2011-02-18 20:50 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-02-18 20:50 . 2011-02-18 20:50 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-02-18 20:50 . 2011-02-18 20:50 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-02-18 20:50 . 2011-02-18 20:50 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-02-18 20:50 . 2011-02-18 20:50 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-02-18 20:50 . 2011-02-18 20:50 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-02-18 20:50 . 2011-02-18 20:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-02-18 20:50 . 2011-02-18 20:50 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-02-18 20:50 . 2011-02-18 20:50 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-02-18 20:50 . 2010-04-07 01:22 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-02-11 07:30 . 2011-03-18 11:37 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE269F37-198C-4267-91F0-BA9282130E30}\mpengine.dll
2011-02-04 21:12 . 2011-02-04 21:12 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-04 21:12 . 2011-02-04 21:12 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-02-04 21:12 . 2011-02-04 21:12 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-04 21:12 . 2011-02-04 21:12 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-02-02 16:11 . 2010-09-18 16:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-02_14.00.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:46 . 2011-05-02 15:27 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-09-18 15:32 . 2011-05-02 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-18 15:32 . 2011-05-02 13:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-18 15:32 . 2011-05-02 13:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-18 15:32 . 2011-05-02 22:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2011-05-02 20:00 661064 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-05-02 13:53 661064 c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2011-05-02 20:00 707446 c:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2011-05-02 13:53 707446 c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-05-02 20:00 125254 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-05-02 13:53 125254 c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2011-05-02 13:53 153038 c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2011-05-02 20:00 153038 c:\windows\system32\perfc007.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-02-18 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-05-01 3071384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2010-09-16 8761344]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: die-staemme.de\de71
TCP: {CBBC9FEA-46B8-41DF-909C-5566F8219919} = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwjhbt5a.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-03 00:30:00
ComboFix-quarantined-files.txt 2011-05-02 22:29
ComboFix2.txt 2011-05-02 14:01
ComboFix3.txt 2011-04-29 14:05
.
Vor Suchlauf: 11 Verzeichnis(se), 82.086.477.824 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 82.011.013.120 Bytes frei
.
- - End Of File - - 8234897BE9AEBA35660437A58276ED49
|
|
01.05.2011, 15:26
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2011, 18:50
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Log ist unvollstöndig!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2011, 20:00
| #11 |
| | IE öffnet komplett andere Seiten durch Trojaner 2011/05/01 17:53:42.0856 4588 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/05/01 17:53:43.0011 4588 ================================================================================ 2011/05/01 17:53:43.0011 4588 SystemInfo: 2011/05/01 17:53:43.0011 4588 2011/05/01 17:53:43.0011 4588 OS Version: 6.1.7600 ServicePack: 0.0 2011/05/01 17:53:43.0011 4588 Product type: Workstation 2011/05/01 17:53:43.0011 4588 ComputerName: USER-PC 2011/05/01 17:53:43.0011 4588 UserName: User 2011/05/01 17:53:43.0011 4588 Windows directory: C:\Windows 2011/05/01 17:53:43.0011 4588 System windows directory: C:\Windows 2011/05/01 17:53:43.0011 4588 Running under WOW64 2011/05/01 17:53:43.0011 4588 Processor architecture: Intel x64 2011/05/01 17:53:43.0011 4588 Number of processors: 8 2011/05/01 17:53:43.0011 4588 Page size: 0x1000 2011/05/01 17:53:43.0011 4588 Boot type: Normal boot 2011/05/01 17:53:43.0011 4588 ================================================================================ 2011/05/01 17:53:43.0261 4588 Initialize success 2011/05/01 17:53:45.0031 4384 ================================================================================ 2011/05/01 17:53:45.0031 4384 Scan started 2011/05/01 17:53:45.0031 4384 Mode: Manual; 2011/05/01 17:53:45.0031 4384 ================================================================================ 2011/05/01 17:53:45.0831 4384 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/05/01 17:53:45.0865 4384 6077757b (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys 2011/05/01 17:53:45.0882 4384 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2011/05/01 17:53:45.0902 4384 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/05/01 17:53:45.0926 4384 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/01 17:53:45.0950 4384 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/01 17:53:45.0968 4384 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/01 17:53:46.0006 4384 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2011/05/01 17:53:46.0023 4384 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2011/05/01 17:53:46.0047 4384 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2011/05/01 17:53:46.0065 4384 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2011/05/01 17:53:46.0082 4384 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/01 17:53:46.0196 4384 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/05/01 17:53:46.0242 4384 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys 2011/05/01 17:53:46.0263 4384 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/01 17:53:46.0293 4384 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 2011/05/01 17:53:46.0311 4384 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/01 17:53:46.0330 4384 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 2011/05/01 17:53:46.0350 4384 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2011/05/01 17:53:46.0388 4384 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2011/05/01 17:53:46.0397 4384 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/01 17:53:46.0413 4384 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/01 17:53:46.0430 4384 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2011/05/01 17:53:46.0451 4384 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 2011/05/01 17:53:46.0477 4384 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys 2011/05/01 17:53:46.0512 4384 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2011/05/01 17:53:46.0540 4384 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2011/05/01 17:53:46.0573 4384 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2011/05/01 17:53:46.0610 4384 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/01 17:53:46.0642 4384 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/01 17:53:46.0658 4384 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/01 17:53:46.0671 4384 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/01 17:53:46.0693 4384 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2011/05/01 17:53:46.0702 4384 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/01 17:53:46.0716 4384 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/01 17:53:46.0725 4384 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/01 17:53:46.0735 4384 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/01 17:53:46.0791 4384 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/01 17:53:46.0811 4384 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2011/05/01 17:53:46.0832 4384 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/01 17:53:46.0868 4384 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2011/05/01 17:53:46.0891 4384 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/01 17:53:46.0901 4384 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2011/05/01 17:53:46.0947 4384 cmudaxp (3cd27b6666d0a6a71a7b6834dd5c97f7) C:\Windows\system32\drivers\cmudaxp.sys 2011/05/01 17:53:46.0965 4384 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2011/05/01 17:53:46.0986 4384 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/01 17:53:47.0003 4384 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/05/01 17:53:47.0016 4384 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/01 17:53:47.0050 4384 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 2011/05/01 17:53:47.0070 4384 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2011/05/01 17:53:47.0082 4384 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2011/05/01 17:53:47.0092 4384 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2011/05/01 17:53:47.0127 4384 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2011/05/01 17:53:47.0167 4384 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/01 17:53:47.0232 4384 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2011/05/01 17:53:47.0276 4384 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/01 17:53:47.0293 4384 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2011/05/01 17:53:47.0310 4384 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2011/05/01 17:53:47.0337 4384 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2011/05/01 17:53:47.0357 4384 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/01 17:53:47.0373 4384 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2011/05/01 17:53:47.0391 4384 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2011/05/01 17:53:47.0400 4384 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/01 17:53:47.0413 4384 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2011/05/01 17:53:47.0437 4384 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2011/05/01 17:53:47.0456 4384 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/01 17:53:47.0475 4384 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/01 17:53:47.0483 4384 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/01 17:53:47.0523 4384 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys 2011/05/01 17:53:47.0543 4384 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/01 17:53:47.0571 4384 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2011/05/01 17:53:47.0581 4384 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/05/01 17:53:47.0591 4384 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/01 17:53:47.0621 4384 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/01 17:53:47.0628 4384 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/01 17:53:47.0655 4384 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2011/05/01 17:53:47.0681 4384 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/05/01 17:53:47.0717 4384 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys 2011/05/01 17:53:47.0745 4384 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys 2011/05/01 17:53:47.0768 4384 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2011/05/01 17:53:47.0783 4384 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/01 17:53:47.0803 4384 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/05/01 17:53:47.0832 4384 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 2011/05/01 17:53:47.0853 4384 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/01 17:53:47.0901 4384 IntcAzAudAddService (491dadcc74327fabc85e0ab80af8f204) C:\Windows\system32\drivers\RTKVHD64.sys 2011/05/01 17:53:47.0917 4384 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2011/05/01 17:53:47.0936 4384 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/01 17:53:47.0956 4384 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/01 17:53:47.0967 4384 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/05/01 17:53:47.0977 4384 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2011/05/01 17:53:48.0001 4384 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2011/05/01 17:53:48.0010 4384 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2011/05/01 17:53:48.0041 4384 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/05/01 17:53:48.0057 4384 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/05/01 17:53:48.0072 4384 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/05/01 17:53:48.0103 4384 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/01 17:53:48.0122 4384 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/01 17:53:48.0140 4384 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2011/05/01 17:53:48.0171 4384 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/01 17:53:48.0195 4384 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/01 17:53:48.0217 4384 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/01 17:53:48.0231 4384 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/01 17:53:48.0247 4384 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/01 17:53:48.0256 4384 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2011/05/01 17:53:48.0282 4384 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/01 17:53:48.0305 4384 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/01 17:53:48.0322 4384 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2011/05/01 17:53:48.0346 4384 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/01 17:53:48.0355 4384 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2011/05/01 17:53:48.0377 4384 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/01 17:53:48.0385 4384 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2011/05/01 17:53:48.0408 4384 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2011/05/01 17:53:48.0426 4384 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/01 17:53:48.0451 4384 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2011/05/01 17:53:48.0496 4384 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/01 17:53:48.0517 4384 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/01 17:53:48.0538 4384 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/01 17:53:48.0553 4384 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2011/05/01 17:53:48.0573 4384 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2011/05/01 17:53:48.0600 4384 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2011/05/01 17:53:48.0616 4384 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/01 17:53:48.0623 4384 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/05/01 17:53:48.0657 4384 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/01 17:53:48.0671 4384 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/01 17:53:48.0680 4384 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2011/05/01 17:53:48.0703 4384 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2011/05/01 17:53:48.0715 4384 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/05/01 17:53:48.0725 4384 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2011/05/01 17:53:48.0741 4384 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/01 17:53:48.0763 4384 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys 2011/05/01 17:53:48.0772 4384 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2011/05/01 17:53:48.0808 4384 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/01 17:53:48.0835 4384 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2011/05/01 17:53:48.0856 4384 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/01 17:53:48.0865 4384 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/01 17:53:48.0883 4384 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/01 17:53:48.0901 4384 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/01 17:53:48.0913 4384 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2011/05/01 17:53:48.0933 4384 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/01 17:53:48.0953 4384 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/01 17:53:48.0985 4384 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/01 17:53:49.0007 4384 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2011/05/01 17:53:49.0021 4384 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/01 17:53:49.0080 4384 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 2011/05/01 17:53:49.0111 4384 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2011/05/01 17:53:49.0138 4384 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 2011/05/01 17:53:49.0157 4384 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 2011/05/01 17:53:49.0173 4384 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/05/01 17:53:49.0191 4384 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/05/01 17:53:49.0230 4384 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2011/05/01 17:53:49.0238 4384 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2011/05/01 17:53:49.0271 4384 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2011/05/01 17:53:49.0280 4384 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2011/05/01 17:53:49.0301 4384 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/01 17:53:49.0320 4384 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2011/05/01 17:53:49.0348 4384 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2011/05/01 17:53:49.0406 4384 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/01 17:53:49.0415 4384 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2011/05/01 17:53:49.0431 4384 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/01 17:53:49.0465 4384 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/01 17:53:49.0498 4384 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/01 17:53:49.0522 4384 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/01 17:53:49.0537 4384 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/01 17:53:49.0562 4384 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/01 17:53:49.0573 4384 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/01 17:53:49.0586 4384 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/01 17:53:49.0596 4384 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/01 17:53:49.0612 4384 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/01 17:53:49.0622 4384 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/01 17:53:49.0635 4384 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/01 17:53:49.0651 4384 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 2011/05/01 17:53:49.0661 4384 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/01 17:53:49.0673 4384 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/01 17:53:49.0685 4384 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2011/05/01 17:53:49.0712 4384 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2011/05/01 17:53:49.0762 4384 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys 2011/05/01 17:53:49.0801 4384 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/01 17:53:49.0833 4384 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys 2011/05/01 17:53:49.0860 4384 RTL8192su (fc00c0de6dc83de1b2b01420e2195b21) C:\Windows\system32\DRIVERS\RTL8192su.sys 2011/05/01 17:53:49.0895 4384 s0017bus (032f537623a7b2fb81aaa184c30b70c3) C:\Windows\system32\DRIVERS\s0017bus.sys 2011/05/01 17:53:49.0918 4384 s0017mdfl (9964a28e569b4ff105b446ef8978fd5c) C:\Windows\system32\DRIVERS\s0017mdfl.sys 2011/05/01 17:53:49.0940 4384 s0017mdm (06347087d274c23dcfa8c4ab5c4314db) C:\Windows\system32\DRIVERS\s0017mdm.sys 2011/05/01 17:53:49.0966 4384 s0017mgmt (f0f0747b3fa50272de6b1bf575fa4700) C:\Windows\system32\DRIVERS\s0017mgmt.sys 2011/05/01 17:53:49.0990 4384 s0017nd5 (7224412cea2ff2df7d4842c1b0e71045) C:\Windows\system32\DRIVERS\s0017nd5.sys 2011/05/01 17:53:50.0000 4384 s0017obex (3feadbc7f09b8b596cbfb82f12aba87f) C:\Windows\system32\DRIVERS\s0017obex.sys 2011/05/01 17:53:50.0012 4384 s0017unic (2b63bea31d939888b2a8f3f14d89b5c1) C:\Windows\system32\DRIVERS\s0017unic.sys 2011/05/01 17:53:50.0027 4384 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/05/01 17:53:50.0047 4384 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/05/01 17:53:50.0066 4384 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/01 17:53:50.0128 4384 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2011/05/01 17:53:50.0170 4384 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/01 17:53:50.0191 4384 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2011/05/01 17:53:50.0200 4384 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/01 17:53:50.0236 4384 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/05/01 17:53:50.0256 4384 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/05/01 17:53:50.0265 4384 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/05/01 17:53:50.0285 4384 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/01 17:53:50.0307 4384 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/01 17:53:50.0323 4384 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/01 17:53:50.0342 4384 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2011/05/01 17:53:50.0371 4384 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2011/05/01 17:53:50.0415 4384 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 2011/05/01 17:53:50.0415 4384 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 2011/05/01 17:53:50.0417 4384 sptd - detected Locked file (1) 2011/05/01 17:53:50.0456 4384 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys 2011/05/01 17:53:50.0480 4384 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/01 17:53:50.0512 4384 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/01 17:53:50.0561 4384 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/01 17:53:50.0572 4384 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/05/01 17:53:50.0586 4384 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 2011/05/01 17:53:50.0596 4384 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2011/05/01 17:53:50.0661 4384 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2011/05/01 17:53:50.0693 4384 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/01 17:53:50.0721 4384 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/01 17:53:50.0738 4384 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2011/05/01 17:53:50.0747 4384 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2011/05/01 17:53:50.0763 4384 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/01 17:53:50.0772 4384 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2011/05/01 17:53:50.0807 4384 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/01 17:53:50.0822 4384 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/01 17:53:50.0836 4384 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/01 17:53:50.0856 4384 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/01 17:53:50.0886 4384 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/05/01 17:53:50.0896 4384 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2011/05/01 17:53:50.0905 4384 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/01 17:53:50.0942 4384 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys 2011/05/01 17:53:50.0968 4384 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 2011/05/01 17:53:50.0990 4384 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/05/01 17:53:50.0998 4384 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2011/05/01 17:53:51.0017 4384 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2011/05/01 17:53:51.0031 4384 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 2011/05/01 17:53:51.0056 4384 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/01 17:53:51.0070 4384 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/01 17:53:51.0096 4384 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 2011/05/01 17:53:51.0120 4384 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS 2011/05/01 17:53:51.0137 4384 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/05/01 17:53:51.0167 4384 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/05/01 17:53:51.0191 4384 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/05/01 17:53:51.0210 4384 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/01 17:53:51.0218 4384 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2011/05/01 17:53:51.0245 4384 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/05/01 17:53:51.0253 4384 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2011/05/01 17:53:51.0265 4384 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 2011/05/01 17:53:51.0278 4384 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/05/01 17:53:51.0288 4384 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/05/01 17:53:51.0300 4384 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2011/05/01 17:53:51.0312 4384 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2011/05/01 17:53:51.0328 4384 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/01 17:53:51.0341 4384 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2011/05/01 17:53:51.0368 4384 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/05/01 17:53:51.0392 4384 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/01 17:53:51.0401 4384 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/01 17:53:51.0410 4384 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/01 17:53:51.0443 4384 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2011/05/01 17:53:51.0456 4384 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/01 17:53:51.0483 4384 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/01 17:53:51.0493 4384 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2011/05/01 17:53:51.0546 4384 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/05/01 17:53:51.0556 4384 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/05/01 17:53:51.0588 4384 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/01 17:53:51.0633 4384 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2011/05/01 17:53:51.0652 4384 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/01 17:53:51.0785 4384 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys 2011/05/01 17:53:51.0827 4384 ================================================================================ 2011/05/01 17:53:51.0827 4384 Scan finished 2011/05/01 17:53:51.0827 4384 ================================================================================ 2011/05/01 17:53:51.0833 4812 Detected object count: 1 2011/05/01 17:53:55.0558 4812 Locked file(sptd) - User select action: Skip 2011/05/01 17:54:56.0487 4940 Deinitialize success |
|
02.05.2011, 11:04
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2011, 19:55
| #13 |
| | IE öffnet komplett andere Seiten durch Trojaner Combofix Logfile: Code:
ATTFilter ComboFix 11-05-01.04 - User 02.05.2011 16:05:47.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.6135.4784 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\cofi.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-02 bis 2011-05-02 ))))))))))))))))))))))))))))))
.
.
2011-05-02 14:07 . 2011-05-02 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-02 13:38 . 2011-05-02 13:38 -------- d-----w- c:\users\User\AppData\Local\The Lord of the Rings Online
2011-05-01 20:07 . 2011-05-02 13:17 -------- d-----w- c:\users\User\AppData\Local\Turbine
2011-05-01 20:07 . 2011-05-02 13:53 -------- d-----w- c:\users\User\AppData\Local\ApplicationHistory
2011-05-01 20:06 . 2011-05-01 20:06 -------- d-----w- c:\windows\SysWow64\URTTEMP
2011-05-01 19:42 . 2011-05-01 19:42 -------- d-----w- c:\program files (x86)\Codemasters
2011-05-01 15:49 . 2011-05-02 14:07 -------- d-----w- c:\users\User\AppData\Local\PMB Files
2011-05-01 15:49 . 2011-05-01 15:56 -------- d-----w- c:\programdata\PMB Files
2011-04-29 10:05 . 2011-04-29 10:05 -------- d-----w- c:\program files (x86)\Tunatic
2011-04-27 16:24 . 2011-04-27 16:24 -------- d-----w- C:\_OTL
2011-04-27 10:32 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 10:32 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-24 15:59 . 2011-04-24 15:59 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-04-24 15:58 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-24 15:58 . 2011-04-24 15:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-24 15:58 . 2011-04-24 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-24 15:58 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-14 18:31 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 18:31 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-14 18:29 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 13:26 . 2011-04-12 13:26 -------- d-----w- c:\program files\SD EnterNET
2011-04-12 13:26 . 2005-11-13 21:19 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-04-11 18:21 . 2011-04-11 18:21 -------- d-----w- c:\users\User\AppData\Local\Urgesoft
2011-04-10 20:29 . 2011-04-10 20:29 -------- d-----w- c:\users\User\AppData\Local\Jaksta_Technologies_Pty_L
2011-04-10 20:29 . 2011-04-10 20:29 -------- d-----w- c:\programdata\Applian
2011-04-10 20:28 . 2011-04-10 20:28 -------- d-----w- c:\windows\Applian Director
2011-04-05 18:00 . 2011-04-13 15:07 -------- d-----w- c:\program files (x86)\Metin2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:17 . 2011-04-27 10:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 10:33 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 09:56 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 09:56 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 09:56 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 09:56 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 09:56 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-18 20:50 . 2011-02-18 20:50 22295040 ----a-w- c:\windows\system32\atio6axx.dll
2011-02-18 20:50 . 2011-02-18 20:50 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-02-18 20:50 . 2011-02-18 20:50 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-02-18 20:50 . 2011-02-18 20:50 4847616 ----a-w- c:\windows\system32\atidxx64.dll
2011-02-18 20:50 . 2011-02-18 20:50 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
2011-02-18 20:50 . 2011-02-18 20:50 17204736 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-02-18 20:50 . 2011-02-18 20:50 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-02-18 20:50 . 2011-02-18 20:50 9085952 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-02-18 20:50 . 2011-02-18 20:50 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-02-18 20:50 . 2011-02-18 20:50 3222016 ----a-w- c:\windows\system32\atiumd6a.dll
2011-02-18 20:50 . 2011-02-18 20:50 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-02-18 20:50 . 2010-07-07 01:54 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-02-18 20:50 . 2011-02-18 20:50 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-02-18 20:50 . 2011-02-18 20:50 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-02-18 20:50 . 2011-02-18 20:50 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-02-18 20:50 . 2011-02-18 20:50 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-02-18 20:50 . 2010-04-07 01:40 4170752 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-02-18 20:50 . 2011-02-18 20:50 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-02-18 20:50 . 2011-02-18 20:50 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-02-18 20:50 . 2011-02-18 20:50 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-02-18 20:50 . 2011-02-18 20:50 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2011-02-18 20:50 . 2011-02-18 20:50 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-02-18 20:50 . 2011-02-18 20:50 479232 ----a-w- c:\windows\system32\atieclxx.exe
2011-02-18 20:50 . 2010-09-23 16:39 58880 ----a-w- c:\windows\system32\coinst.dll
2011-02-18 20:50 . 2011-02-18 20:50 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-02-18 20:50 . 2011-02-18 20:50 299520 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-02-18 20:50 . 2011-02-18 20:50 5316096 ----a-w- c:\windows\system32\atiumd64.dll
2011-02-18 20:50 . 2011-02-18 20:50 6982144 ----a-w- c:\windows\system32\aticaldd64.dll
2011-02-18 20:50 . 2011-02-18 20:50 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-02-18 20:50 . 2011-02-18 20:50 5580800 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-02-18 20:50 . 2011-02-18 20:50 332800 ----a-w- c:\windows\system32\ATIODE.exe
2011-02-18 20:50 . 2011-02-18 20:50 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-02-18 20:50 . 2011-02-18 20:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-02-18 20:50 . 2010-04-07 01:21 3463680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-02-18 20:50 . 2011-02-18 20:50 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-02-18 20:50 . 2011-02-18 20:50 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-02-18 20:50 . 2011-02-18 20:50 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-02-18 20:50 . 2011-02-18 20:50 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-02-18 20:50 . 2011-02-18 20:50 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-02-18 20:50 . 2011-02-18 20:50 354304 ----a-w- c:\windows\system32\atiadlxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-02-18 20:50 . 2011-02-18 20:50 4105728 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-02-18 20:50 . 2011-02-18 20:50 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-02-18 20:50 . 2011-02-18 20:50 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-02-18 20:50 . 2011-02-18 20:50 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-02-18 20:50 . 2011-02-18 20:50 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-02-18 20:50 . 2010-04-07 01:22 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-02-11 07:30 . 2011-03-18 11:37 7947600 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE269F37-198C-4267-91F0-BA9282130E30}\mpengine.dll
2011-02-04 21:12 . 2011-02-04 21:12 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-02-04 21:12 . 2011-02-04 21:12 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-02-04 21:12 . 2011-02-04 21:12 111616 ----a-w- c:\windows\system32\OpenAL32.dll
2011-02-04 21:12 . 2011-02-04 21:12 102400 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-02-02 16:11 . 2010-09-18 16:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-02-18 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-05-01 3071384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-07 585728]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ugrllhsluukjoafhzxbuTaskMgr"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 X6va003;X6va003;c:\users\User\AppData\Local\Temp\0039253.tmp [x]
R3 X6va005;X6va005;c:\users\User\AppData\Local\Temp\005A835.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2010-09-16 8761344]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: die-staemme.de\de71
TCP: {CBBC9FEA-46B8-41DF-909C-5566F8219919} = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wwjhbt5a.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va003]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\0039253.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\User\AppData\Local\Temp\005A835.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-02 16:08:55
ComboFix-quarantined-files.txt 2011-05-02 14:08
ComboFix2.txt 2011-05-02 14:01
ComboFix3.txt 2011-04-29 14:05
.
Vor Suchlauf: 11 Verzeichnis(se), 82.181.541.888 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 82.106.580.992 Bytes frei
.
- - End Of File - - 2DE234CF934A18A52C98DDF8148CE3A9
|
|
02.05.2011, 20:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"ugrllhsluukjoafhzxbuTaskMgr"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va003]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005]
File::
c:\users\User\AppData\Local\Temp\0039253.tmp
c:\users\User\AppData\Local\Temp\005A835.tmp
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 08:31
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IE öffnet komplett andere Seiten durch Trojaner Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu IE öffnet komplett andere Seiten durch Trojaner |
| 100%, aktiv, anschluss, avira, beendet, datei, dateien, diverse, download, explorer, gelöscht, hijack, infizierte, infizierte dateien, internet, internet explorer, malwarebytes, microsoft, microsoft essentials, nicht mehr, nicht mehr öffnen, plug-in, prozess, rojaner gefunden, rückmeldung, seite, seiten, suche, syswow64, trojane, trojaner, trojaner gefunden, öffnet |
Hybrid-Darstellung
