| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Laptop fliegt dauern aus dem netzWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
08.06.2011, 19:49
| #1 |
 |  Laptop fliegt dauern aus dem netz mein laptop hat die angewohnheit entwickelt das er nach ca 15 min das internet trent gehe per UMTS STICK online deshalb muss ich scans im offlline betrieb machen da er auch downloads abricht hab einmal ausfersehen combofix gestartet was ich durchlaufen gelassen hab weil man soll ja nicht drauf "rumklicken"  hoff das macht nichts hab heut mal den Tdsskiller laufen gelassen hier combofix: code: Combofix Logfile: Code:
ATTFilter ComboFix 11-06-01.04 - RaLi 03.06.2011 9:25.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2038.1070 [GMT 2:00]
ausgeführt von:: c:\users\RaLi\Desktop\ComboFixla.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-03 bis 2011-06-03 ))))))))))))))))))))))))))))))
.
.
2011-06-03 07:56 . 2011-06-03 07:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-03 07:56 . 2011-06-03 07:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-21 17:49 . 2011-05-21 17:49 29696 ----a-w- c:\windows\system32\SensorsDpl.dll
2011-05-21 04:04 . 2011-05-21 04:04 -------- d-----w- C:\AsusVibeData
2011-05-14 17:28 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 18:18 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 18:18 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-06 05:16 . 2011-05-06 05:16 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-06 05:16 . 2011-05-06 05:16 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-06 05:16 . 2011-05-06 05:16 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-06 05:16 . 2011-05-06 05:16 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-06 05:16 . 2011-05-06 05:16 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-06 05:16 . 2011-05-06 05:16 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-06 05:16 . 2011-05-06 05:16 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-06 05:16 . 2011-05-06 05:16 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2011-03-08 10:13 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2011-03-08 10:13 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-11 17:59 . 2011-05-11 17:49 380056915 ----a-w- C:\Stretch.zip
2011-04-26 15:30 . 2011-04-26 15:30 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-04-26 15:30 . 2011-04-26 15:30 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-26 15:30 . 2011-04-26 15:30 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-26 15:30 . 2011-04-26 15:30 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-04-26 15:30 . 2011-04-26 15:30 100224 ----a-w- c:\windows\system32\drivers\ewsercd.sys
2011-04-12 19:47 . 2011-04-12 19:47 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-12 19:47 . 2011-04-12 19:47 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-12 19:47 . 2011-04-12 19:47 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-12 19:47 . 2011-04-12 19:47 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-12 19:47 . 2011-04-12 19:47 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-12 19:47 . 2011-04-12 19:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-12 19:47 . 2011-04-12 19:47 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-12 19:47 . 2011-04-12 19:47 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-12 19:47 . 2011-04-12 19:47 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-12 19:47 . 2011-04-12 19:47 367104 ----a-w- c:\windows\system32\html.iec
2011-04-12 19:47 . 2011-04-12 19:47 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-12 19:47 . 2011-04-12 19:47 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-12 19:47 . 2011-04-12 19:47 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-12 19:47 . 2011-04-12 19:47 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-12 19:47 . 2011-04-12 19:47 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-12 19:47 . 2011-04-12 19:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-12 19:47 . 2011-04-12 19:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-12 19:47 . 2011-04-12 19:47 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-12 19:47 . 2011-04-12 19:47 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-12 19:47 . 2011-04-12 19:47 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-04-12 19:47 . 2011-04-12 19:47 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-11 07:04 . 2011-04-22 17:47 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E65D246-E05E-42FC-B1A4-95566395B4DA}\mpengine.dll
2011-03-26 18:45 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-21 13:45 . 2011-03-21 13:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-17 23:20 . 2011-01-29 14:00 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-13 14:32 . 2011-03-13 14:32 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-11 05:33 . 2011-04-13 04:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-13 04:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-08 05:28 . 2011-04-13 04:33 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-06 05:16 . 2011-05-06 05:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotkeyMon"="AsusSender.exe" [2010-05-24 35304]
"HotkeyService"="AsusSender.exe" [2010-05-24 35304]
"SuperHybridEngine"="AsusSender.exe" [2010-05-24 35304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"LiveUpdate"="AsusSender.exe" [2010-05-24 35304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-12-31 378128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\RaLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CPUCooL.lnk - c:\program files\CPUCooL\CPUCooL.exe [2010-1-10 884736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-21 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-09-18 15:34 205976 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2011-03-30 07:14 3265648 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar]
2010-11-07 09:22 286720 ----a-w- c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-10-25 03:20 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-10-25 03:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LivCam]
2009-11-19 13:05 284160 ----a-w- c:\program files\ASUS\LivCam\LivCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-10-25 03:20 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-02-28 14:15 427008 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-04-16 09:01 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [2011-04-26 100224]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-27 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-03-13 722416]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-12-31 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-12-31 69392]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 ntiomin;ntiomin; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\WTGService.exe [2011-04-29 330696]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-12-31 33552]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home?AF=17241
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: Interfaces\{57861E94-130A-4A58-A00C-6339644F67D3}: NameServer = 195.182.96.28 195.82.96.61
FF - ProfilePath - c:\users\RaLi\AppData\Roaming\Mozilla\Firefox\Profiles\85vg9l02.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17241
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17241&q=
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(576)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(1200)
c:\program files\ThreatFire\TfWah.dll
c:\windows\System32\DAVHLPR.dll
c:\windows\system32\WINSPOOL.DRV
c:\windows\system32\taskschd.dll
c:\windows\System32\netprofm.dll
c:\windows\system32\Wlanapi.dll
c:\windows\System32\QAgent.dll
c:\windows\System32\framedynos.dll
c:\windows\System32\wercplsupport.dll
.
Zeit der Fertigstellung: 2011-06-03 10:13:31
ComboFix-quarantined-files.txt 2011-06-03 08:13
ComboFix2.txt 2011-06-01 22:02
ComboFix3.txt 2011-05-17 22:02
ComboFix4.txt 2011-04-26 19:13
ComboFix5.txt 2011-06-03 07:18
.
Vor Suchlauf: 12 Verzeichnis(se), 273.631.662.080 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 273.585.102.848 Bytes frei
.
- - End Of File - - DA7D9A7AFD036751DE4C451B7BD4AB8D
code: combofix hat ich wegen nem anderen rechner runtergeladen noch was seit das ist ca ne woche meint windows es sei nicht "original" wahr forher normal nächstes log code: 2011/06/08 18:09:57.0380 0344 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48 2011/06/08 18:09:58.0222 0344 ================================================================================ 2011/06/08 18:09:58.0222 0344 SystemInfo: 2011/06/08 18:09:58.0222 0344 2011/06/08 18:09:58.0222 0344 OS Version: 6.1.7601 ServicePack: 1.0 2011/06/08 18:09:58.0222 0344 Product type: Workstation 2011/06/08 18:09:58.0222 0344 ComputerName: RALI-PC 2011/06/08 18:09:58.0222 0344 UserName: RaLi 2011/06/08 18:09:58.0222 0344 Windows directory: C:\Windows 2011/06/08 18:09:58.0222 0344 System windows directory: C:\Windows 2011/06/08 18:09:58.0222 0344 Processor architecture: Intel x86 2011/06/08 18:09:58.0222 0344 Number of processors: 2 2011/06/08 18:09:58.0222 0344 Page size: 0x1000 2011/06/08 18:09:58.0222 0344 Boot type: Normal boot 2011/06/08 18:09:58.0222 0344 ================================================================================ 2011/06/08 18:10:02.0107 0344 Initialize success 2011/06/08 18:10:08.0269 3040 ================================================================================ 2011/06/08 18:10:08.0269 3040 Scan started 2011/06/08 18:10:08.0269 3040 Mode: Manual; 2011/06/08 18:10:08.0269 3040 ================================================================================ 2011/06/08 18:10:10.0156 3040 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 2011/06/08 18:10:10.0281 3040 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 2011/06/08 18:10:10.0375 3040 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 2011/06/08 18:10:10.0500 3040 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/06/08 18:10:10.0593 3040 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/06/08 18:10:10.0702 3040 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/06/08 18:10:10.0874 3040 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys 2011/06/08 18:10:10.0952 3040 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/06/08 18:10:11.0061 3040 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/06/08 18:10:11.0202 3040 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/06/08 18:10:11.0342 3040 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/06/08 18:10:11.0451 3040 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/06/08 18:10:11.0560 3040 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/06/08 18:10:11.0638 3040 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/06/08 18:10:11.0732 3040 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys 2011/06/08 18:10:11.0810 3040 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/06/08 18:10:11.0888 3040 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys 2011/06/08 18:10:12.0044 3040 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 2011/06/08 18:10:12.0231 3040 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/06/08 18:10:12.0356 3040 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/06/08 18:10:12.0481 3040 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\Windows\system32\drivers\AsUpIO.sys 2011/06/08 18:10:12.0590 3040 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/06/08 18:10:12.0684 3040 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/06/08 18:10:12.0793 3040 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys 2011/06/08 18:10:12.0949 3040 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 2011/06/08 18:10:13.0120 3040 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/06/08 18:10:13.0620 3040 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/06/08 18:10:13.0744 3040 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/06/08 18:10:13.0854 3040 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/06/08 18:10:14.0010 3040 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/06/08 18:10:14.0134 3040 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/06/08 18:10:14.0275 3040 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 2011/06/08 18:10:14.0353 3040 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/06/08 18:10:14.0446 3040 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/06/08 18:10:14.0571 3040 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/06/08 18:10:14.0680 3040 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/06/08 18:10:14.0805 3040 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/06/08 18:10:14.0899 3040 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/06/08 18:10:14.0977 3040 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/06/08 18:10:15.0289 3040 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/06/08 18:10:15.0367 3040 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 2011/06/08 18:10:15.0445 3040 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/06/08 18:10:15.0554 3040 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/06/08 18:10:15.0694 3040 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/06/08 18:10:15.0788 3040 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/06/08 18:10:15.0866 3040 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/06/08 18:10:16.0006 3040 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/06/08 18:10:16.0131 3040 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 2011/06/08 18:10:16.0272 3040 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/06/08 18:10:16.0584 3040 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 2011/06/08 18:10:16.0724 3040 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/06/08 18:10:16.0786 3040 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/06/08 18:10:17.0005 3040 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/06/08 18:10:17.0208 3040 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/06/08 18:10:17.0473 3040 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/06/08 18:10:17.0785 3040 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/06/08 18:10:17.0956 3040 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/06/08 18:10:18.0159 3040 ewsercd (e66710639a292f6341d63b01ee8e8037) C:\Windows\system32\DRIVERS\ewsercd.sys 2011/06/08 18:10:18.0222 3040 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/06/08 18:10:18.0409 3040 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/06/08 18:10:18.0518 3040 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/06/08 18:10:18.0674 3040 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/06/08 18:10:18.0799 3040 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/06/08 18:10:18.0861 3040 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/06/08 18:10:18.0939 3040 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/06/08 18:10:19.0048 3040 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/06/08 18:10:19.0142 3040 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/06/08 18:10:19.0251 3040 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 2011/06/08 18:10:19.0345 3040 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/06/08 18:10:19.0454 3040 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/06/08 18:10:19.0594 3040 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 2011/06/08 18:10:19.0719 3040 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 2011/06/08 18:10:19.0782 3040 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/06/08 18:10:19.0891 3040 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/06/08 18:10:19.0984 3040 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/06/08 18:10:20.0125 3040 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 2011/06/08 18:10:20.0281 3040 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/06/08 18:10:20.0390 3040 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 2011/06/08 18:10:20.0499 3040 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/06/08 18:10:20.0593 3040 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 2011/06/08 18:10:20.0671 3040 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys 2011/06/08 18:10:20.0749 3040 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 2011/06/08 18:10:20.0858 3040 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys 2011/06/08 18:10:21.0108 3040 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/06/08 18:10:21.0279 3040 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/06/08 18:10:21.0544 3040 IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\Windows\system32\drivers\RTKVHDA.sys 2011/06/08 18:10:21.0747 3040 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/06/08 18:10:21.0841 3040 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/06/08 18:10:21.0950 3040 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/06/08 18:10:22.0137 3040 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 2011/06/08 18:10:22.0278 3040 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/06/08 18:10:22.0387 3040 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/06/08 18:10:22.0512 3040 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/06/08 18:10:22.0636 3040 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 2011/06/08 18:10:22.0730 3040 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 2011/06/08 18:10:22.0870 3040 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 2011/06/08 18:10:22.0995 3040 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 2011/06/08 18:10:23.0089 3040 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2011/06/08 18:10:23.0260 3040 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\Windows\system32\DRIVERS\L1C62x86.sys 2011/06/08 18:10:23.0448 3040 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/06/08 18:10:23.0541 3040 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/06/08 18:10:23.0697 3040 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/06/08 18:10:23.0853 3040 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/06/08 18:10:23.0962 3040 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/06/08 18:10:24.0072 3040 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/06/08 18:10:24.0196 3040 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/06/08 18:10:24.0352 3040 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/06/08 18:10:24.0462 3040 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/06/08 18:10:24.0602 3040 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/06/08 18:10:24.0680 3040 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/06/08 18:10:24.0789 3040 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/06/08 18:10:24.0883 3040 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/06/08 18:10:24.0976 3040 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 2011/06/08 18:10:25.0086 3040 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 2011/06/08 18:10:25.0195 3040 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/06/08 18:10:25.0351 3040 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 2011/06/08 18:10:25.0538 3040 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/06/08 18:10:25.0741 3040 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/06/08 18:10:25.0881 3040 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/06/08 18:10:25.0959 3040 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 2011/06/08 18:10:26.0100 3040 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 2011/06/08 18:10:26.0271 3040 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/06/08 18:10:26.0396 3040 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/06/08 18:10:26.0505 3040 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/06/08 18:10:26.0739 3040 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/06/08 18:10:26.0817 3040 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/06/08 18:10:26.0911 3040 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/06/08 18:10:27.0004 3040 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/06/08 18:10:27.0176 3040 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 2011/06/08 18:10:27.0254 3040 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/06/08 18:10:27.0363 3040 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/06/08 18:10:27.0472 3040 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/06/08 18:10:27.0628 3040 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/06/08 18:10:27.0784 3040 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 2011/06/08 18:10:27.0862 3040 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/06/08 18:10:27.0940 3040 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/06/08 18:10:28.0065 3040 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/06/08 18:10:28.0143 3040 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/06/08 18:10:28.0268 3040 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 2011/06/08 18:10:28.0346 3040 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/06/08 18:10:28.0486 3040 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 2011/06/08 18:10:28.0658 3040 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/06/08 18:10:28.0767 3040 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/06/08 18:10:28.0892 3040 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/06/08 18:10:29.0048 3040 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys 2011/06/08 18:10:29.0266 3040 ntiomin (8a2788ff5aa0fe75d7231417200406ff) C:\Windows\system32\drivers\ntiomin.sys 2011/06/08 18:10:29.0360 3040 ntiopnp (d1b956288363cc67edbb34c578cc5374) C:\Windows\system32\drivers\ntiopnp.sys 2011/06/08 18:10:29.0438 3040 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/06/08 18:10:29.0578 3040 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys 2011/06/08 18:10:29.0703 3040 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys 2011/06/08 18:10:29.0797 3040 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/06/08 18:10:29.0906 3040 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/06/08 18:10:30.0031 3040 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/06/08 18:10:30.0124 3040 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 2011/06/08 18:10:30.0234 3040 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/06/08 18:10:30.0343 3040 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 2011/06/08 18:10:30.0468 3040 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/06/08 18:10:30.0546 3040 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/06/08 18:10:30.0686 3040 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/06/08 18:10:30.0811 3040 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/06/08 18:10:31.0232 3040 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/06/08 18:10:31.0310 3040 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/06/08 18:10:31.0560 3040 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/06/08 18:10:31.0700 3040 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/06/08 18:10:31.0981 3040 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/06/08 18:10:32.0090 3040 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/06/08 18:10:32.0184 3040 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/06/08 18:10:32.0277 3040 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/06/08 18:10:32.0355 3040 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/06/08 18:10:32.0480 3040 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/06/08 18:10:32.0542 3040 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/06/08 18:10:32.0698 3040 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 2011/06/08 18:10:32.0823 3040 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/06/08 18:10:32.0979 3040 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/06/08 18:10:33.0057 3040 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/06/08 18:10:33.0166 3040 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/06/08 18:10:33.0260 3040 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 2011/06/08 18:10:33.0447 3040 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 2011/06/08 18:10:33.0666 3040 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/06/08 18:10:33.0775 3040 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys 2011/06/08 18:10:33.0868 3040 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys 2011/06/08 18:10:33.0993 3040 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys 2011/06/08 18:10:34.0102 3040 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys 2011/06/08 18:10:34.0165 3040 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys 2011/06/08 18:10:34.0258 3040 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys 2011/06/08 18:10:34.0352 3040 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys 2011/06/08 18:10:34.0477 3040 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 2011/06/08 18:10:34.0633 3040 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 2011/06/08 18:10:34.0836 3040 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/06/08 18:10:34.0992 3040 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/06/08 18:10:35.0070 3040 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/06/08 18:10:35.0226 3040 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/06/08 18:10:35.0428 3040 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/06/08 18:10:35.0522 3040 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/06/08 18:10:35.0616 3040 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 2011/06/08 18:10:35.0709 3040 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/06/08 18:10:35.0865 3040 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/06/08 18:10:35.0959 3040 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/06/08 18:10:36.0084 3040 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/06/08 18:10:36.0177 3040 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/06/08 18:10:36.0411 3040 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/06/08 18:10:36.0630 3040 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys 2011/06/08 18:10:36.0630 3040 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e 2011/06/08 18:10:36.0661 3040 sptd - detected LockedFile.Multi.Generic (1) 2011/06/08 18:10:36.0770 3040 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys 2011/06/08 18:10:36.0895 3040 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys 2011/06/08 18:10:37.0035 3040 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys 2011/06/08 18:10:37.0222 3040 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/06/08 18:10:37.0363 3040 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/06/08 18:10:37.0519 3040 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 2011/06/08 18:10:37.0659 3040 SynTP (bd8e7f87de409a745a132a8812de5a96) C:\Windows\system32\DRIVERS\SynTP.sys 2011/06/08 18:10:37.0924 3040 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys 2011/06/08 18:10:38.0096 3040 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys 2011/06/08 18:10:38.0236 3040 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/06/08 18:10:38.0346 3040 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 2011/06/08 18:10:38.0486 3040 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 2011/06/08 18:10:38.0580 3040 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 2011/06/08 18:10:38.0704 3040 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 2011/06/08 18:10:38.0860 3040 TfFsMon (b058e0293471d6a3155fbb0c458eb47e) C:\Windows\system32\drivers\TfFsMon.sys 2011/06/08 18:10:38.0954 3040 TfNetMon (ad00a7aefd176e18a1153108b4135b65) C:\Windows\system32\drivers\TfNetMon.sys 2011/06/08 18:10:39.0063 3040 TfSysMon (202ebf436d7fca2122e4a3751bb0c18f) C:\Windows\system32\drivers\TfSysMon.sys 2011/06/08 18:10:39.0297 3040 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/06/08 18:10:39.0453 3040 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 2011/06/08 18:10:39.0578 3040 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 2011/06/08 18:10:39.0656 3040 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/06/08 18:10:39.0765 3040 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 2011/06/08 18:10:39.0968 3040 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/06/08 18:10:40.0077 3040 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 2011/06/08 18:10:40.0171 3040 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/06/08 18:10:40.0358 3040 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/06/08 18:10:40.0467 3040 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/06/08 18:10:40.0561 3040 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys 2011/06/08 18:10:40.0639 3040 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys 2011/06/08 18:10:40.0717 3040 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/06/08 18:10:40.0857 3040 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/06/08 18:10:40.0951 3040 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/06/08 18:10:40.0998 3040 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys 2011/06/08 18:10:41.0076 3040 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 2011/06/08 18:10:41.0185 3040 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/06/08 18:10:41.0325 3040 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/06/08 18:10:41.0403 3040 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/06/08 18:10:41.0497 3040 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 2011/06/08 18:10:41.0668 3040 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/06/08 18:10:41.0746 3040 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/06/08 18:10:41.0856 3040 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/06/08 18:10:41.0949 3040 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 2011/06/08 18:10:42.0105 3040 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/06/08 18:10:42.0199 3040 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 2011/06/08 18:10:42.0277 3040 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/06/08 18:10:42.0480 3040 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/06/08 18:10:42.0573 3040 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/06/08 18:10:42.0729 3040 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/06/08 18:10:42.0854 3040 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/08 18:10:42.0963 3040 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/08 18:10:43.0166 3040 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/06/08 18:10:43.0306 3040 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/06/08 18:10:43.0540 3040 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/06/08 18:10:43.0603 3040 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/06/08 18:10:43.0868 3040 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/06/08 18:10:44.0024 3040 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/06/08 18:10:44.0274 3040 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 2011/06/08 18:10:44.0383 3040 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/06/08 18:10:44.0617 3040 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 2011/06/08 18:10:44.0679 3040 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 2011/06/08 18:10:44.0757 3040 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2 2011/06/08 18:10:44.0835 3040 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk3\DR3 2011/06/08 18:10:45.0163 3040 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR5 2011/06/08 18:10:45.0303 3040 ================================================================================ 2011/06/08 18:10:45.0303 3040 Scan finished 2011/06/08 18:10:45.0303 3040 ================================================================================ 2011/06/08 18:10:45.0381 2120 Detected object count: 1 2011/06/08 18:10:45.0381 2120 Actual detected object count: 1 2011/06/08 18:12:09.0481 2120 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot 2011/06/08 18:12:09.0543 2120 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot 2011/06/08 18:12:09.0575 2120 C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot 2011/06/08 18:12:09.0575 2120 LockedFile.Multi.Generic(sptd) - User select action: Delete 2011/06/08 18:12:32.0319 3624 Deinitialize success code: anscheinend was gefunden? |
|
09.06.2011, 10:19
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Laptop fliegt dauern aus dem netz Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL-Custom: CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
11.06.2011, 05:50
| #3 |
| | Laptop fliegt dauern aus dem netz hab ich heut abend
__________________transferiere ich se rüber und poste se hier so hier sind sie logs von otl tdsskil logs mbam folgt so hier jetzt mbam code: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6704 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 29.05.2011 19:50:47 mbam-log-2011-05-29 (19-50-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|H:\|I:\|) Durchsuchte Objekte: 298205 Laufzeit: 1 Stunde(n), 8 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully. code: hier das letzte scan code: Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6822 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 10.06.2011 01:35:11 mbam-log-2011-06-10 (01-35-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|H:\|) Durchsuchte Objekte: 299406 Laufzeit: 1 Stunde(n), 3 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) dode: |
|
13.06.2011, 19:18
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop fliegt dauern aus dem netz Du solltest doch nur MBAM und OTL ausführen - wer hat dich angewiesen combofix zu starten?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.06.2011, 20:13
| #5 |
| | Laptop fliegt dauern aus dem netz hatte wie gesagt es ausfersehn gestartet hab es laufen gelassen weil man soll da nichts machen steht auch oben drin es wahr für jemand anderes heruntergeladen worden den admin von der firma |
|
14.06.2011, 08:46
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop fliegt dauern aus dem netzZitat:
__________________ --> Laptop fliegt dauern aus dem netz |
|
14.06.2011, 16:08
| #7 |
| | Laptop fliegt dauern aus dem netz dieser hier ist privat es wahr für ein anderen rechner vorgesehen der absolut nicht ins netz ging deshalb hat er über meinem es heruntergeladen auf stick kopiert und dan beim anderen pc benutzt ich hatte es noch nicht gelöscht hatte meinem wegen den updates mit in der firma da mein umts netz voll rumspinnt  |
|
14.06.2011, 18:44
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop fliegt dauern aus dem netz Du würfelst hier jetzt aber nicht Logs von beiden Rechnern hier in den Thread oder? Das endet nämlich im Chaos.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.06.2011, 19:13
| #9 |
| | Laptop fliegt dauern aus dem netz ne die anderen sind nicht uf dem gespeichert (gottseidank) hab bis auf combofix und mbam alles gedownloadet auf stick gespeichert und dann bei dem lappi auf desktop gespeichert logs gleich speichern unter -> CONTAINER <- (stick) damit da nichts durcheinander komt wen was noch da sein solte |
|
14.06.2011, 19:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop fliegt dauern aus dem netz Ok. Auf das Log vom OTL-CustomScan warte ich aber noch.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.06.2011, 21:56
| #11 |
| | Laptop fliegt dauern aus dem netz so hier der vermisste scan code:OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2011 21:31:05 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\RaLi\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,45% Memory free 3,98 Gb Paging File | 2,87 Gb Available in Paging File | 72,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 254,54 Gb Free Space | 54,66% Space Free | Partition Type: NTFS Drive E: | 1,95 Gb Total Space | 0,34 Gb Free Space | 17,61% Space Free | Partition Type: FAT Drive F: | 298,09 Gb Total Space | 9,45 Gb Free Space | 3,17% Space Free | Partition Type: NTFS Drive H: | 3,68 Gb Total Space | 0,01 Gb Free Space | 0,16% Space Free | Partition Type: FAT32 Computer Name: RALI-PC | User Name: RaLi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.09 18:59:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\RaLi\Desktop\OTL.exe PRC - [2011.04.27 22:47:47 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.18 01:20:10 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.27 17:02:11 | 001,343,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wat\WatAdminSvc.exe PRC - [2010.12.31 10:29:44 | 000,378,128 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFTray.exe PRC - [2010.12.31 10:29:40 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:46 | 000,325,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slui.exe PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010.11.10 00:12:08 | 000,551,424 | ---- | M] (Distributed Computing Technologies, Inc.) -- C:\Programme\distributed.net\dnetc.exe PRC - [2010.06.11 22:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Programme\ASUS\LiveUpdate\LiveUpdate.exe PRC - [2010.02.23 11:01:28 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.10 14:33:22 | 000,884,736 | ---- | M] () -- C:\Programme\CPUCooL\CPUCooL.exe PRC - [2010.01.03 20:28:18 | 000,118,784 | ---- | M] () -- C:\Programme\CPUCooL\CooLSRV.exe PRC - [2009.10.26 15:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\SHE\SuperHybridEngine.exe PRC - [2009.10.16 22:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\HotkeyService\HotkeyService.exe PRC - [2009.09.11 12:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009.08.18 18:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (SafeList) ========== MOD - [2011.06.09 18:59:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\RaLi\Desktop\OTL.exe MOD - [2010.12.31 10:29:50 | 000,406,800 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFWAH.dll MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.27 22:47:47 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.18 01:20:10 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.02.27 17:02:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.02.10 15:29:24 | 000,150,528 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2010.12.31 10:29:40 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire) SRV - [2010.02.23 11:01:28 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2010.01.03 20:28:18 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Programme\CPUCooL\CooLSRV.exe -- (CPUCooLServer) SRV - [2009.08.18 18:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) ========== Driver Services (SafeList) ========== DRV - [2011.06.09 00:51:52 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2011.06.09 00:51:52 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewsercd.sys -- (ewsercd) DRV - [2011.03.18 01:20:13 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.01.29 16:01:23 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.01.29 16:01:23 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.12.31 10:29:58 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - [2010.12.31 10:29:58 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon) DRV - [2010.12.31 10:29:56 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - [2010.12.13 09:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.03 20:28:18 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp) DRV - [2010.01.03 20:28:18 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiomin.sys -- (ntiomin) DRV - [2009.10.05 10:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.28 00:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial) DRV - [2009.07.06 11:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2008.12.13 11:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2003.05.14 23:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Bulk533.sys -- (USBCamera) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=17241 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 61 15 EA 7D CB CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17241" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: adapter@babylontc.com:1.0.0.1 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&AF=17241&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 07:16:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 07:16:50 | 000,000,000 | ---D | M] [2011.01.29 15:06:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RaLi\AppData\Roaming\mozilla\Extensions [2011.05.27 07:07:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RaLi\AppData\Roaming\mozilla\Firefox\Profiles\85vg9l02.default\extensions [2011.05.05 06:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.21 15:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.16 11:13:23 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com File not found (No name found) -- [2011.03.21 15:46:19 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.16 11:13:23 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM () (No name found) -- C:\USERS\RALI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\85VG9L02.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.05.06 07:16:29 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.03.21 15:45:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.05.06 07:16:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.16 11:11:57 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml [2011.05.06 07:16:41 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.05.06 07:16:41 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.06 07:16:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.06 07:16:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.06 07:16:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.22 14:48:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found. O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HotkeyMon] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [LiveUpdate] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SuperHybridEngine] C:\Windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools) O4 - Startup: C:\Users\RaLi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPUCooL.lnk = C:\Programme\CPUCooL\CPUCooL.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: Babylon Client - hkey= - key= - C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) MsConfig - StartUpReg: BabylonToolbar - hkey= - key= - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: LivCam - hkey= - key= - C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek) MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson) MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: 15260985.sys - Driver SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 15260985.sys - Driver SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.SP54 - C:\Windows\System32\SP5X_32.DLL (Sunplus) ========== Files/Folders - Created Within 30 Days ========== [2011.06.11 01:40:00 | 000,011,048 | ---- | C] (USB BULK) -- C:\Windows\System32\drivers\Bulk533.sys [2011.06.11 01:39:59 | 000,515,803 | R--- | C] (Digital Camera) -- C:\Windows\System32\drivers\Ca533av.sys [2011.06.11 01:39:59 | 000,131,072 | R--- | C] (Sunplus) -- C:\Windows\System32\SP5X_32.DLL [2011.06.11 01:39:59 | 000,065,536 | ---- | C] (DSC CAMERA) -- C:\Windows\amcap533.exe [2011.06.11 01:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Camera [2011.06.11 01:39:54 | 000,000,000 | ---D | C] -- C:\Windows\Setup533 [2011.06.09 19:54:00 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\RaLi\Desktop\OTL.exe [2011.06.09 00:52:42 | 000,000,000 | ---D | C] -- C:\Users\RaLi\AppData\Roaming\Verbindungsassistent [2011.06.09 00:52:04 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2011.06.09 00:52:04 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2011.06.09 00:52:04 | 000,103,040 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbfake.sys [2011.06.09 00:52:04 | 000,100,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewsercd.sys [2011.06.09 00:52:04 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2011.06.09 00:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verbindungsassistent [2011.06.09 00:51:52 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2011.06.08 18:08:01 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\RaLi\Desktop\tdsskiller.exe [2011.06.03 10:08:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.06.03 09:12:45 | 004,109,727 | R--- | C] (Swearware) -- C:\Users\RaLi\Desktop\ComboFixla.exe [2011.06.01 23:45:54 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.06.01 23:06:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.06.01 23:06:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.06.01 23:06:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.05.21 06:04:10 | 000,000,000 | ---D | C] -- C:\AsusVibeData ========== Files - Modified Within 30 Days ========== [2011.06.14 21:30:35 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.14 21:30:35 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.14 21:30:35 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.14 21:30:35 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.14 21:30:09 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.14 21:30:09 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.14 21:26:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.12 00:36:14 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys [2011.06.09 18:59:14 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\RaLi\Desktop\OTL.exe [2011.06.09 00:51:59 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Verbindungsassistent.lnk [2011.06.09 00:51:52 | 000,621,056 | ---- | M] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2011.06.09 00:51:52 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2011.06.09 00:51:52 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbfake.sys [2011.06.09 00:51:52 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewsercd.sys [2011.06.09 00:51:52 | 000,023,424 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2011.06.08 18:09:00 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\RaLi\Desktop\tdsskiller.exe [2011.06.02 14:54:28 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.01 22:59:54 | 004,109,727 | R--- | M] (Swearware) -- C:\Users\RaLi\Desktop\ComboFixla.exe [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.21 19:49:58 | 000,029,696 | ---- | M] () -- C:\Windows\System32\SensorsDpl.dll [2011.05.21 06:04:35 | 000,001,978 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ========== Files Created - No Company Name ========== [2011.06.11 01:39:57 | 000,118,784 | ---- | C] () -- C:\Windows\ShowBmp.exe [2011.06.11 01:39:57 | 000,000,505 | ---- | C] () -- C:\Windows\Remove.ini [2011.06.09 00:51:59 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Verbindungsassistent.lnk [2011.06.02 14:54:28 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.01 23:06:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.06.01 23:06:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.06.01 23:06:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.06.01 23:06:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.06.01 23:06:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.21 19:49:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\SensorsDpl.dll [2011.05.21 06:04:35 | 000,001,978 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2011.03.13 16:44:40 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2011.03.13 16:44:40 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2011.03.13 16:44:38 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2011.03.13 16:44:18 | 000,559,104 | ---- | C] () -- C:\Windows\System32\lame.exe [2011.03.13 16:44:15 | 000,007,519 | ---- | C] () -- C:\Users\RaLi\AppData\Roaming\unins000.dat [2011.02.06 14:26:17 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.02.06 14:26:17 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.02.06 14:26:17 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.01.29 15:06:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.01.29 02:51:35 | 000,006,144 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2011.01.29 02:37:11 | 000,011,448 | ---- | C] () -- C:\Windows\System32\drivers\AsUpIO.sys [2011.01.29 02:34:00 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2011.01.29 01:24:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.01.29 01:24:19 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.01.28 18:05:45 | 000,219,136 | ---- | C] () -- C:\Windows\System32\AsusService.exe [2011.01.28 18:05:45 | 000,021,864 | ---- | C] () -- C:\Windows\AsAcpiSvrLang.ini [2011.01.28 18:03:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.01.03 20:28:18 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys [2010.01.03 20:28:18 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys [2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,298,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll ========== LOP Check ========== [2011.04.16 14:55:18 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Babylon [2011.03.13 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\concept design [2011.03.13 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Franzis [2011.02.15 08:34:46 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\HamsterSoft [2011.03.21 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\LibreOffice [2011.05.16 13:54:02 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\uTorrent [2011.06.09 02:00:08 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Verbindungsassistent [2011.04.26 22:15:48 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.19 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Adobe [2011.01.30 23:40:15 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Avira [2011.04.16 14:55:18 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Babylon [2011.03.13 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\concept design [2011.03.13 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Franzis [2011.02.15 08:34:46 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\HamsterSoft [2011.01.28 16:24:22 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Identities [2011.01.29 02:33:26 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\InstallShield [2011.03.21 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\LibreOffice [2011.01.29 15:57:39 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Macromedia [2011.03.08 12:13:41 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Media Center Programs [2011.03.19 14:45:45 | 000,000,000 | --SD | M] -- C:\Users\RaLi\AppData\Roaming\Microsoft [2011.01.29 15:06:19 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Mozilla [2011.05.16 13:54:02 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\uTorrent [2011.06.09 02:00:08 | 000,000,000 | ---D | M] -- C:\Users\RaLi\AppData\Roaming\Verbindungsassistent < %APPDATA%\*.exe /s > [2011.03.21 16:18:44 | 002,608,640 | ---- | M] (SMEStorage) -- C:\Users\RaLi\AppData\Roaming\LibreOffice\3\user\uno_packages\cache\uno_packages\304E.tmp_\SMEStorage.OpenOffice.oxt\SMEStorage\SMEStorage.Dialog.exe [2011.03.21 16:19:24 | 000,028,672 | ---- | M] () -- C:\Users\RaLi\AppData\Roaming\LibreOffice\3\user\uno_packages\cache\uno_packages\CD96.tmp_\StarXpert_MultiDiff.oxt\StarXpert_MultiDiff\sendmail98.exe [2011.01.28 21:29:15 | 000,010,134 | R--- | M] () -- C:\Users\RaLi\AppData\Roaming\Microsoft\Installer\{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}\ARPPRODUCTICON.exe [2011.04.14 13:26:57 | 000,015,086 | R--- | M] () -- C:\Users\RaLi\AppData\Roaming\Microsoft\Installer\{763DEB88-48E6-4648-9CE6-A0FFC6900BEB}\_19D3C379A92FDF3BCCB2DE.exe [2011.04.14 13:26:57 | 000,015,086 | R--- | M] () -- C:\Users\RaLi\AppData\Roaming\Microsoft\Installer\{763DEB88-48E6-4648-9CE6-A0FFC6900BEB}\_853F67D554F05449430E7E.exe [2011.04.14 13:26:57 | 000,015,086 | R--- | M] () -- C:\Users\RaLi\AppData\Roaming\Microsoft\Installer\{763DEB88-48E6-4648-9CE6-A0FFC6900BEB}\_F224E6AEB24C5DDD2BC400.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.11.20 14:21:24 | 000,193,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sppcomapi.dll [2010.11.20 14:21:35 | 000,492,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll < End of report > |
|
15.06.2011, 08:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop fliegt dauern aus dem netz Sieht unauffällig aus. Hast du mal die UMTS-Verbindung unter Windows neu eingerichtet? Sieht nach einen Konfigfehler aus, wenn die Verbindung immer nach (genau) 15 Minuten getrennt wird.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.06.2011, 16:18
| #13 |
| | Laptop fliegt dauern aus dem netz nun tauchen nach dem scan desktopinis auf bei den bildern im musickverzeichnis und mbam findet auf einmal en schädling im cpu cool prgramm (zum temp auslesen gedacht) |
|
15.06.2011, 20:59
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop fliegt dauern aus dem netz Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen. Lad dir mal sowas wie Knoppix oder Ubuntu herunter (unter Ubuntu sollte AFAIR die UMTS-Einrichtung einfacher sein), brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon. Teste dann mal ausgiebig die Internetverbindung unter Linux und berichte ob die Verbindung dort stabil ist.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 18:32
| #15 |
| | Laptop fliegt dauern aus dem netz nun bei linux ist es einigermassen stabil jetzt tauchen dauern desktop inis auf in jedem dateiordner wie z. b. musik bilder eigene daten gerät man drauf kriselt es und die grafikkarte spinnt rum |
|
| Themen zu Laptop fliegt dauern aus dem netz |
| adobe, antivir, avg, avgnt, avira, babylon, babylontoolbar, combofix, dateien, defender, desktop, dxgkrnl, explorer.exe, firefox, home, internet, lockedfile.multi.generic, lsass.exe, malwarebytes, mozilla, port, prozesse, realtek, search the web, security, security scan, software, start menu, stick, suspicious file, system, tunnel, updates, wickel, windows, windows 7 home, windows 7 home premium, winlogon.exe |
Textbox.
.
Hybrid-Darstellung
