| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurdeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.06.2011, 16:50
| #1 |
 |  Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde Hi Leute, ich hatte mir gestern Abend den "Windows Restore"-Virus eingefangen, ihn aber mit Hilfe des Forums hier (http://www.trojaner-board.de/97186-w...entfernen.html) wohl entfernen können. Jedenfalls bekomme ich keine Fehlermeldungen mehr, die auf einen Virus auf meinem System hindeuten. Erst hatte ich auch Angst um meine Daten, aber mit der unhide.exe war das ja alles kein Problem. Nun bleiben allerdings noch zwei bis drei kleinere Probleme bestehen, bzw. tauchen jetzt erst auf. Erstens sind nicht alle Verknüpfungen auf dem Desktop wieder aufgetaucht, nachdem ich das Programm hab drüber laufen lassen. Es ist zwar nicht schlimm, dass ich den Papierkorb da nicht habe, er ist ja auch anders zu erreichen, aber es ist verwunderlich, dass er im Windows Explorer unter "Desktop" ganz normal angezeigt wird. Zweitens fehlen im Startmenü viele Einträge. Unter "Alle Programme" werden vermutlich zwar alle Ordner angezeigt, jedoch viele davon als ganz leer oder mit fehlenden Einträgen. Selbst einfache Programme wie Paint, die dort immer zu finden waren, sind verschwunden. Und drittens bekomme ich immer eine Fehlermeldung, wenn ich Mozilla, den IE oder den WE in der Taskleiste anklicke, um ihn zu öffnen. Die Fehlermeldung ist im Anhang zu finden (sofern das klappt). Mache ich dann aber zB einen Rechtsklick -> Neuen Tab öffnen, dann geht alles normal. Da ich mich nicht allzu gut auskenne, weiss ich nicht, welche Daten ich noch mitposten soll. Im Anhang sind die Logfiles von OTL, wenn noch mehr fehlt, bitte nachfragen, ich bin doch eher der Laie, wenn es um sowas geht. Ich habe im Übrigen ein 32-Bit-Betriebssystem bei Windows 7 Home Premium. Ich hoffe, das alles ist verständlich, ich kenne mich wie erwähnt nicht allzu gut aus. Dennoch hoffe ich auf hilfreiche Lösungen, denn ihr habt mir auch sonst immer sehr geholfen. VG Alex |
|
16.06.2011, 10:57
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurdeZitat:
Durch die Infektion wurde dein Startmenü leergefegt, bei mir bisher bekannten Varianten verschiebt der Schädling alle Verknüpfungen nach %tmp%\smtmp Schau bitte nach ob der Ordner smtmp entweder hier => C:\Qoobox\Quarantine\C\Users\[DEIN_NAME]\AppData\Local\Temp\smtmp oder hier => C:\Users\[DEIN_NAME]\AppData\Local\Temp\smtmp zu finden ist. Stell sicher, dass dir alle Dateien angezeigt werden => http://www.trojaner-board.de/59624-a...-sichtbar.html
__________________ |
|
16.06.2011, 21:30
| #3 |
| | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde Ja genau, unhide hab ich drüberlaufen lassen und sie sichtbar machen lassen, aber ohne Erfolg. Der Ordner existiert, ist aber auch leer.
__________________ |
|
16.06.2011, 21:54
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{687b0688-da06-11df-a08c-001f163189d5}\Shell - "" = AutoRun
O33 - MountPoints2\{687b0688-da06-11df-a08c-001f163189d5}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{7a23d36d-dc87-11df-8b59-001f163189d5}\Shell - "" = AutoRun
O33 - MountPoints2\{7a23d36d-dc87-11df-8b59-001f163189d5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d7c38c47-dad8-11df-9efd-001f163189d5}\Shell - "" = AutoRun
O33 - MountPoints2\{d7c38c47-dad8-11df-9efd-001f163189d5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d7c38c56-dad8-11df-9efd-001f163189d5}\Shell - "" = AutoRun
O33 - MountPoints2\{d7c38c56-dad8-11df-9efd-001f163189d5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
[2011.06.13 04:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Selapy
[2011.06.13 04:09:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qiygbo
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.06.2011, 04:59
| #5 |
| | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurdeCode:
ATTFilter ========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{687b0688-da06-11df-a08c-001f163189d5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687b0688-da06-11df-a08c-001f163189d5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{687b0688-da06-11df-a08c-001f163189d5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687b0688-da06-11df-a08c-001f163189d5}\ not found.
File E:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a23d36d-dc87-11df-8b59-001f163189d5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a23d36d-dc87-11df-8b59-001f163189d5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a23d36d-dc87-11df-8b59-001f163189d5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a23d36d-dc87-11df-8b59-001f163189d5}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7c38c47-dad8-11df-9efd-001f163189d5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7c38c47-dad8-11df-9efd-001f163189d5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7c38c47-dad8-11df-9efd-001f163189d5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7c38c47-dad8-11df-9efd-001f163189d5}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7c38c56-dad8-11df-9efd-001f163189d5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7c38c56-dad8-11df-9efd-001f163189d5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7c38c56-dad8-11df-9efd-001f163189d5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7c38c56-dad8-11df-9efd-001f163189d5}\ not found.
File G:\AutoRun.exe not found.
C:\Users\***\AppData\Roaming\Selapy folder moved successfully.
C:\Users\***\AppData\Roaming\Qiygbo folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.24.0 log created on 06242011_053949
Also, die Sache mit den nicht funktionierdenden Verknüpfungen in der Taskleiste hab ich eigentlich behoben. Habe jene Verknüpfungen gelöscht und mir die Anwendungen erneut aus dem Dateipfad geholt und dorthin verschoben. Heißt zwar jetzt z.B. "Mozilla Firefix (2)", aber das ist mir relativ egal, funktioniert ja. Den Papierkorb habe ich aber immer noch nicht auf dem Desktop. Ist ja auch nicht weiter schlimm, aber umständlich, wenn man wissen will was drin ist. Und das Starmenü, bzw. deren Ordner bleiben leer. Ich weiss nicht woher das kommen kann... Bild dazu ist im Anhang. VG |
|
24.06.2011, 09:01
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde |
|
24.06.2011, 14:23
| #7 |
| | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde Okay, das Tool führe ich bei Gelegenheit mal aus. Und zu den fehlenden Einträgen: Wie ich oben schon geschrieben habe, hatte ich Unhide schon ausgeführt, auch nach weiteren Versuchen bleiben die Ordner leer. |
|
30.06.2011, 01:40
| #8 |
| | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurdeCode:
ATTFilter 2011/06/30 02:36:11.0532 5732 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/30 02:36:11.0742 5732 ================================================================================
2011/06/30 02:36:11.0742 5732 SystemInfo:
2011/06/30 02:36:11.0742 5732
2011/06/30 02:36:11.0742 5732 OS Version: 6.1.7601 ServicePack: 1.0
2011/06/30 02:36:11.0742 5732 Product type: Workstation
2011/06/30 02:36:11.0742 5732 ComputerName: ***
2011/06/30 02:36:11.0742 5732 UserName: ***
2011/06/30 02:36:11.0742 5732 Windows directory: C:\windows
2011/06/30 02:36:11.0742 5732 System windows directory: C:\windows
2011/06/30 02:36:11.0742 5732 Processor architecture: Intel x86
2011/06/30 02:36:11.0742 5732 Number of processors: 2
2011/06/30 02:36:11.0742 5732 Page size: 0x1000
2011/06/30 02:36:11.0742 5732 Boot type: Normal boot
2011/06/30 02:36:11.0742 5732 ================================================================================
2011/06/30 02:36:13.0342 5732 Initialize success
2011/06/30 02:36:17.0212 3608 ================================================================================
2011/06/30 02:36:17.0212 3608 Scan started
2011/06/30 02:36:17.0212 3608 Mode: Manual;
2011/06/30 02:36:17.0212 3608 ================================================================================
2011/06/30 02:36:18.0652 3608 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
2011/06/30 02:36:18.0852 3608 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\windows\system32\drivers\acedrv11.sys
2011/06/30 02:36:18.0962 3608 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
2011/06/30 02:36:19.0102 3608 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
2011/06/30 02:36:19.0152 3608 ACPIVPC (87114efedeb94af49323ca61f344716d) C:\windows\system32\DRIVERS\AcpiVpc.sys
2011/06/30 02:36:19.0302 3608 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/06/30 02:36:19.0422 3608 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/06/30 02:36:19.0482 3608 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/06/30 02:36:19.0592 3608 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
2011/06/30 02:36:19.0742 3608 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
2011/06/30 02:36:19.0862 3608 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/06/30 02:36:19.0952 3608 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
2011/06/30 02:36:20.0099 3608 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
2011/06/30 02:36:20.0115 3608 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
2011/06/30 02:36:20.0177 3608 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/06/30 02:36:20.0286 3608 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/06/30 02:36:20.0364 3608 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
2011/06/30 02:36:20.0489 3608 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/06/30 02:36:20.0551 3608 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
2011/06/30 02:36:20.0739 3608 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
2011/06/30 02:36:20.0926 3608 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/06/30 02:36:20.0957 3608 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/06/30 02:36:21.0019 3608 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/06/30 02:36:21.0113 3608 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
2011/06/30 02:36:21.0285 3608 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/06/30 02:36:21.0409 3608 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/06/30 02:36:21.0550 3608 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\windows\system32\DRIVERS\bcmwl6.sys
2011/06/30 02:36:21.0768 3608 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/06/30 02:36:21.0942 3608 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/06/30 02:36:22.0112 3608 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
2011/06/30 02:36:22.0162 3608 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/06/30 02:36:22.0192 3608 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/06/30 02:36:22.0302 3608 Bridge0 (b35bb97b6dd9913093579f5c83962636) C:\windows\system32\drivers\WDBridge.sys
2011/06/30 02:36:22.0362 3608 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/06/30 02:36:22.0472 3608 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/06/30 02:36:22.0512 3608 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/06/30 02:36:22.0542 3608 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/06/30 02:36:22.0692 3608 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
2011/06/30 02:36:22.0742 3608 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/06/30 02:36:22.0872 3608 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/06/30 02:36:22.0962 3608 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\windows\System32\Drivers\BTHport.sys
2011/06/30 02:36:23.0122 3608 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\windows\System32\Drivers\BTHUSB.sys
2011/06/30 02:36:23.0202 3608 BTMCOM (e4b498c101b60eafb46f1ed6241b359f) C:\windows\system32\Drivers\btmcom.sys
2011/06/30 02:36:23.0312 3608 BTMUSB (3dfa219b02227edd1a1608a7fefe3e6c) C:\windows\system32\Drivers\btmusb.sys
2011/06/30 02:36:23.0432 3608 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/06/30 02:36:23.0692 3608 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
2011/06/30 02:36:23.0932 3608 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/06/30 02:36:23.0962 3608 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/06/30 02:36:24.0112 3608 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/06/30 02:36:24.0182 3608 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
2011/06/30 02:36:24.0302 3608 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/06/30 02:36:24.0352 3608 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/06/30 02:36:24.0512 3608 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
2011/06/30 02:36:24.0582 3608 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/06/30 02:36:24.0802 3608 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
2011/06/30 02:36:24.0862 3608 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/06/30 02:36:24.0982 3608 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/06/30 02:36:25.0042 3608 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/06/30 02:36:25.0172 3608 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\windows\system32\DRIVERS\dtsoftbus01.sys
2011/06/30 02:36:25.0272 3608 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
2011/06/30 02:36:25.0473 3608 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/06/30 02:36:25.0707 3608 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/06/30 02:36:25.0848 3608 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
2011/06/30 02:36:26.0004 3608 ewusbnet (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\windows\system32\DRIVERS\ewusbnet.sys
2011/06/30 02:36:26.0066 3608 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/06/30 02:36:26.0207 3608 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/06/30 02:36:26.0331 3608 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/06/30 02:36:26.0394 3608 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/06/30 02:36:26.0519 3608 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/06/30 02:36:26.0597 3608 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/06/30 02:36:26.0690 3608 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/06/30 02:36:26.0784 3608 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/06/30 02:36:26.0885 3608 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\windows\system32\FsUsbExDisk.SYS
2011/06/30 02:36:27.0005 3608 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/06/30 02:36:27.0105 3608 funfrm (f626f291e3f56e8969e35945552feca3) C:\windows\system32\drivers\funfrm.sys
2011/06/30 02:36:27.0225 3608 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
2011/06/30 02:36:27.0345 3608 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/06/30 02:36:27.0515 3608 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/30 02:36:27.0675 3608 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/06/30 02:36:27.0825 3608 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
2011/06/30 02:36:27.0905 3608 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
2011/06/30 02:36:27.0955 3608 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/06/30 02:36:28.0035 3608 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/06/30 02:36:28.0085 3608 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/06/30 02:36:28.0215 3608 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
2011/06/30 02:36:28.0305 3608 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
2011/06/30 02:36:28.0435 3608 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
2011/06/30 02:36:28.0585 3608 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\windows\system32\DRIVERS\ewusbmdm.sys
2011/06/30 02:36:28.0655 3608 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
2011/06/30 02:36:28.0795 3608 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\windows\system32\DRIVERS\ewusbdev.sys
2011/06/30 02:36:29.0145 3608 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
2011/06/30 02:36:29.0335 3608 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
2011/06/30 02:36:29.0635 3608 igfx (a70c995199a47f326eef4f9f5e6267a1) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/06/30 02:36:29.0875 3608 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/06/30 02:36:30.0085 3608 IntcAzAudAddService (94b1ff5d243d34b31380a2f79fc48959) C:\windows\system32\drivers\RTKVHDA.sys
2011/06/30 02:36:30.0285 3608 IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\windows\system32\drivers\IntcHdmi.sys
2011/06/30 02:36:30.0365 3608 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
2011/06/30 02:36:30.0503 3608 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/06/30 02:36:30.0550 3608 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/06/30 02:36:30.0690 3608 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
2011/06/30 02:36:30.0737 3608 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/06/30 02:36:30.0862 3608 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/06/30 02:36:30.0924 3608 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
2011/06/30 02:36:31.0065 3608 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
2011/06/30 02:36:31.0127 3608 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\windows\system32\DRIVERS\k57nd60x.sys
2011/06/30 02:36:31.0283 3608 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
2011/06/30 02:36:31.0377 3608 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
2011/06/30 02:36:31.0501 3608 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
2011/06/30 02:36:31.0564 3608 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
2011/06/30 02:36:31.0689 3608 L1C (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
2011/06/30 02:36:32.0157 3608 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/06/30 02:36:32.0313 3608 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/06/30 02:36:32.0469 3608 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/06/30 02:36:32.0682 3608 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/06/30 02:36:32.0762 3608 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/06/30 02:36:32.0922 3608 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/06/30 02:36:32.0982 3608 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\windows\system32\drivers\mbam.sys
2011/06/30 02:36:33.0152 3608 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/06/30 02:36:33.0202 3608 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/06/30 02:36:33.0262 3608 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/06/30 02:36:33.0392 3608 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/06/30 02:36:33.0472 3608 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
2011/06/30 02:36:33.0602 3608 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/06/30 02:36:33.0662 3608 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
2011/06/30 02:36:33.0722 3608 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\windows\system32\DRIVERS\MpFilter.sys
2011/06/30 02:36:33.0862 3608 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
2011/06/30 02:36:34.0172 3608 MpKsl279e1724 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C27C77CA-DD77-4FC0-AB12-06755A5888BD}\MpKsl279e1724.sys
2011/06/30 02:36:34.0362 3608 MpKsl3061b855 (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C27C77CA-DD77-4FC0-AB12-06755A5888BD}\MpKsl3061b855.sys
2011/06/30 02:36:34.0662 3608 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/06/30 02:36:34.0712 3608 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/06/30 02:36:34.0852 3608 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
2011/06/30 02:36:34.0942 3608 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/06/30 02:36:35.0092 3608 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/06/30 02:36:35.0152 3608 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/06/30 02:36:35.0222 3608 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
2011/06/30 02:36:35.0362 3608 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
2011/06/30 02:36:35.0442 3608 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/06/30 02:36:35.0542 3608 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/06/30 02:36:35.0602 3608 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
2011/06/30 02:36:35.0792 3608 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/06/30 02:36:35.0932 3608 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/06/30 02:36:35.0962 3608 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/06/30 02:36:36.0002 3608 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/06/30 02:36:36.0143 3608 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
2011/06/30 02:36:36.0221 3608 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/06/30 02:36:36.0314 3608 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/06/30 02:36:36.0345 3608 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/06/30 02:36:36.0486 3608 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/06/30 02:36:36.0642 3608 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
2011/06/30 02:36:36.0782 3608 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/06/30 02:36:36.0845 3608 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/06/30 02:36:36.0969 3608 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
2011/06/30 02:36:37.0083 3608 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
2011/06/30 02:36:37.0203 3608 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
2011/06/30 02:36:37.0283 3608 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/06/30 02:36:37.0403 3608 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
2011/06/30 02:36:37.0653 3608 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\windows\system32\DRIVERS\netw5v32.sys
2011/06/30 02:36:37.0873 3608 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/06/30 02:36:37.0923 3608 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/30 02:36:38.0063 3608 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/06/30 02:36:38.0103 3608 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/06/30 02:36:38.0213 3608 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
2011/06/30 02:36:38.0343 3608 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/06/30 02:36:38.0433 3608 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
2011/06/30 02:36:38.0663 3608 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
2011/06/30 02:36:38.0793 3608 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
2011/06/30 02:36:38.0843 3608 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
2011/06/30 02:36:38.0933 3608 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/06/30 02:36:39.0053 3608 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
2011/06/30 02:36:39.0113 3608 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/06/30 02:36:39.0283 3608 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\windows\system32\DRIVERS\pccsmcfd.sys
2011/06/30 02:36:39.0353 3608 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
2011/06/30 02:36:39.0393 3608 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
2011/06/30 02:36:39.0503 3608 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/06/30 02:36:39.0553 3608 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/06/30 02:36:39.0603 3608 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/06/30 02:36:39.0803 3608 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/06/30 02:36:39.0833 3608 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/06/30 02:36:39.0973 3608 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/06/30 02:36:40.0053 3608 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/06/30 02:36:40.0183 3608 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/06/30 02:36:40.0223 3608 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/06/30 02:36:40.0253 3608 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/06/30 02:36:40.0383 3608 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/06/30 02:36:40.0443 3608 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/06/30 02:36:40.0543 3608 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/06/30 02:36:40.0603 3608 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/06/30 02:36:40.0673 3608 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
2011/06/30 02:36:40.0753 3608 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/06/30 02:36:40.0831 3608 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/06/30 02:36:40.0971 3608 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/06/30 02:36:41.0018 3608 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/06/30 02:36:41.0096 3608 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
2011/06/30 02:36:41.0283 3608 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
2011/06/30 02:36:41.0502 3608 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/06/30 02:36:41.0658 3608 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/06/30 02:36:41.0798 3608 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
2011/06/30 02:36:41.0939 3608 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
2011/06/30 02:36:42.0032 3608 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/06/30 02:36:42.0157 3608 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/06/30 02:36:42.0188 3608 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/06/30 02:36:42.0251 3608 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/06/30 02:36:42.0453 3608 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\windows\system32\drivers\sfdrv01.sys
2011/06/30 02:36:42.0625 3608 sfdrv01a (bfcd2450dc6eeda02aedc6d289ccf037) C:\windows\system32\drivers\sfdrv01a.sys
2011/06/30 02:36:42.0687 3608 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/06/30 02:36:42.0734 3608 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/06/30 02:36:42.0781 3608 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
2011/06/30 02:36:42.0937 3608 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\windows\system32\drivers\sfhlp02.sys
2011/06/30 02:36:43.0015 3608 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/06/30 02:36:43.0190 3608 sfsync04 (755c933969a81d119106097aa466715d) C:\windows\system32\drivers\sfsync04.sys
2011/06/30 02:36:43.0290 3608 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\windows\system32\drivers\sfvfs02.sys
2011/06/30 02:36:43.0400 3608 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
2011/06/30 02:36:43.0470 3608 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/06/30 02:36:43.0510 3608 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/06/30 02:36:43.0610 3608 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/06/30 02:36:43.0800 3608 SNP2UVC (5211173ebc74b388d096e197c2243675) C:\windows\system32\DRIVERS\snp2uvc.sys
2011/06/30 02:36:43.0940 3608 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/06/30 02:36:44.0220 3608 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\System32\Drivers\sptd.sys
2011/06/30 02:36:44.0380 3608 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
2011/06/30 02:36:44.0430 3608 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
2011/06/30 02:36:44.0480 3608 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
2011/06/30 02:36:44.0620 3608 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\windows\system32\DRIVERS\sscdbus.sys
2011/06/30 02:36:44.0650 3608 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\windows\system32\DRIVERS\sscdmdfl.sys
2011/06/30 02:36:44.0680 3608 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\windows\system32\DRIVERS\sscdmdm.sys
2011/06/30 02:36:44.0800 3608 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/06/30 02:36:44.0880 3608 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
2011/06/30 02:36:45.0020 3608 SynTP (e09c6ae9f84b5985979046e0a5896584) C:\windows\system32\DRIVERS\SynTP.sys
2011/06/30 02:36:45.0200 3608 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\windows\system32\drivers\tcpip.sys
2011/06/30 02:36:45.0400 3608 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\windows\system32\DRIVERS\tcpip.sys
2011/06/30 02:36:45.0540 3608 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
2011/06/30 02:36:45.0620 3608 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
2011/06/30 02:36:45.0670 3608 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
2011/06/30 02:36:45.0800 3608 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
2011/06/30 02:36:45.0990 3608 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
2011/06/30 02:36:46.0210 3608 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/06/30 02:36:46.0320 3608 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
2011/06/30 02:36:46.0500 3608 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
2011/06/30 02:36:46.0570 3608 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/06/30 02:36:46.0660 3608 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
2011/06/30 02:36:46.0870 3608 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
2011/06/30 02:36:47.0050 3608 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
2011/06/30 02:36:47.0120 3608 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/06/30 02:36:47.0340 3608 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
2011/06/30 02:36:47.0400 3608 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\drivers\usbccgp.sys
2011/06/30 02:36:47.0520 3608 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
2011/06/30 02:36:47.0870 3608 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
2011/06/30 02:36:48.0130 3608 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
2011/06/30 02:36:48.0470 3608 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
2011/06/30 02:36:48.0670 3608 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/06/30 02:36:49.0100 3608 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/06/30 02:36:49.0411 3608 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS
2011/06/30 02:36:49.0723 3608 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\DRIVERS\usbuhci.sys
2011/06/30 02:36:50.0051 3608 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
2011/06/30 02:36:50.0347 3608 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
2011/06/30 02:36:50.0628 3608 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/06/30 02:36:50.0800 3608 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/06/30 02:36:51.0081 3608 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
2011/06/30 02:36:51.0330 3608 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
2011/06/30 02:36:51.0377 3608 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/06/30 02:36:51.0549 3608 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
2011/06/30 02:36:51.0907 3608 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
2011/06/30 02:36:52.0117 3608 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/06/30 02:36:52.0337 3608 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
2011/06/30 02:36:52.0797 3608 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/06/30 02:36:53.0057 3608 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/06/30 02:36:53.0487 3608 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/06/30 02:36:53.0597 3608 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/06/30 02:36:53.0817 3608 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/30 02:36:53.0827 3608 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/30 02:36:54.0107 3608 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/06/30 02:36:54.0387 3608 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/06/30 02:36:54.0663 3608 wdmirror (ea4e9dd00e69b35f9bd3d39acb113e3f) C:\windows\system32\DRIVERS\WDMirror.sys
2011/06/30 02:36:54.0898 3608 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/06/30 02:36:55.0108 3608 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\windows\system32\DRIVERS\wimfltr.sys
2011/06/30 02:36:55.0258 3608 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/06/30 02:36:55.0548 3608 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUSB.sys
2011/06/30 02:36:55.0778 3608 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
2011/06/30 02:36:55.0958 3608 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/06/30 02:36:56.0158 3608 wsvd (baedc491374defd5e76336901d6d397d) C:\windows\system32\DRIVERS\wsvd.sys
2011/06/30 02:36:56.0248 3608 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
2011/06/30 02:36:56.0378 3608 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/06/30 02:36:56.0488 3608 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/30 02:36:56.0518 3608 Boot (0x1200) (e22e87bce789745c13bfad48ec1e6452) \Device\Harddisk0\DR0\Partition0
2011/06/30 02:36:56.0628 3608 Boot (0x1200) (1406d996a9ca1e53acc05d59ecf97b91) \Device\Harddisk0\DR0\Partition1
2011/06/30 02:36:56.0668 3608 Boot (0x1200) (30f5ced457eb846d2c4b523372a9a90f) \Device\Harddisk0\DR0\Partition2
2011/06/30 02:36:56.0698 3608 ================================================================================
2011/06/30 02:36:56.0698 3608 Scan finished
2011/06/30 02:36:56.0698 3608 ================================================================================
2011/06/30 02:36:56.0718 5692 Detected object count: 0
2011/06/30 02:36:56.0718 5692 Actual detected object count: 0
Startmenüeinträge bleiben auch nach mehrmaligem Ausführen von Unhide.exe leer. Zudem kommt hinzu, dass ich das Gefühl habe, dass mein Internet seit dem Tag langsamer läuft. Mag mich täuschen, aber teilweise braucht es echt lange zum laden. |
|
30.06.2011, 10:20
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.07.2011, 19:30
| #10 |
| | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurdeCode:
ATTFilter ComboFix 11-07-07.03 - *** 07.07.2011 19:32:07.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3003.1964 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\recycle.bin\Recycle.Bin.exe
c:\windows\s.bat
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-07 bis 2011-07-07 ))))))))))))))))))))))))))))))
.
.
2011-07-07 17:51 . 2011-07-07 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-07 16:51 . 2011-07-07 16:51 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A05DB15E-A8BB-412B-93A0-256997125374}\MpKsl230bdac5.sys
2011-07-07 16:51 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A05DB15E-A8BB-412B-93A0-256997125374}\mpengine.dll
2011-07-03 21:53 . 2009-07-14 01:15 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2011-06-29 21:30 . 2011-06-29 21:31 -------- d-----w- c:\windows\system32\SPReview
2011-06-29 21:28 . 2011-06-29 21:28 -------- d-----w- c:\windows\system32\EventProviders
2011-06-29 18:15 . 2011-06-29 18:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-29 18:15 . 2011-06-29 18:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 13:25 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 13:25 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-06-29 13:25 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 13:25 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 13:25 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 13:25 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 13:25 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 13:25 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 13:25 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 13:25 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 13:25 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-27 14:56 . 2011-06-27 14:56 -------- d--h--w- c:\programdata\CanonIJScan
2011-06-27 14:55 . 2011-06-27 14:57 -------- d-----w- c:\users\***\AppData\Roaming\Canon
2011-06-27 14:48 . 2011-06-27 14:48 -------- d-----w- c:\windows\system32\STRING
2011-06-27 14:48 . 2009-04-03 16:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL
2011-06-27 14:48 . 2009-04-03 16:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL
2011-06-27 14:48 . 2011-06-27 14:48 -------- d-----w- c:\windows\system32\CHM
2011-06-27 14:46 . 2011-06-27 14:55 -------- d-----w- c:\program files\Canon
2011-06-24 22:26 . 2011-06-24 22:26 -------- d-----w- c:\users\***\AppData\Roaming\Mozilla-Cache
2011-06-24 22:23 . 2011-06-24 22:23 -------- d-----w- C:\Programs
2011-06-24 03:39 . 2011-06-24 03:39 -------- d-----w- C:\_OTL
2011-06-23 20:07 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-06-23 20:05 . 2010-11-20 12:21 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-06-23 20:04 . 2010-11-20 12:30 53120 ----a-w- c:\windows\system32\drivers\volmgr.sys
2011-06-23 20:03 . 2010-11-20 12:21 196608 ----a-w- c:\windows\system32\wwanconn.dll
2011-06-23 20:02 . 2010-11-20 12:07 2048 ----a-w- c:\windows\system32\tzres.dll
2011-06-23 20:01 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-23 20:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-06-23 20:01 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-23 20:00 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-06-23 20:00 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-06-20 20:50 . 2011-06-20 20:50 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-20 20:50 . 2011-06-20 20:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-15 05:07 . 2011-06-15 05:08 -------- d-----w- c:\users\test
2011-06-15 02:08 . 2011-06-15 02:08 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-06-15 02:08 . 2011-06-15 02:08 -------- d-----w- c:\programdata\Malwarebytes
2011-06-15 00:33 . 2011-04-22 19:10 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-15 00:33 . 2011-04-29 04:57 189952 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 00:33 . 2011-04-22 19:09 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-06-15 00:33 . 2011-05-28 02:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 00:33 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 00:33 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 00:33 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 21:44 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-07 15:55 . 2010-09-29 15:37 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 21:51 . 2011-05-24 21:51 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-24 21:51 . 2011-05-24 21:51 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-10 19:04 . 2011-02-01 05:10 24576 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{EDA2E9CA-8B7E-4BC0-9B0F-34B299555BF3}\IconEDA2E9CA.exe
2011-04-22 19:14 . 2011-05-25 04:02 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-09 06:02 . 2011-05-11 17:05 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 17:05 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-24 11:39 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-29 18:15 . 2011-05-12 18:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-09-11 20:47 5066504 ----a-w- c:\program files\Lenovo\LenovoSecuritySolution FP\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-09-11 20:47 5066504 ----a-w- c:\program files\Lenovo\LenovoSecuritySolution FP\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"IndicatorListener"="c:\program files\Motorola\Bluetooth\mkil.dll" [2009-08-12 107784]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2009-07-22 17753352]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800]
"PSQLLauncher"="c:\program files\Lenovo\LenovoSecuritySolution FP\launcher.exe" [2009-09-11 55048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-09-11 20:20 100616 ----a-w- c:\program files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-12-13 19:51 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R1 MpKsl12f0c6c2;MpKsl12f0c6c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8AF5B40-1E54-4380-88CC-3E7E2475912E}\MpKsl12f0c6c2.sys [x]
R1 MpKsl4cced1c7;MpKsl4cced1c7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FACF7C9-06C0-48D1-8F8E-95FE64D0A5F2}\MpKsl4cced1c7.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2009-07-09 40448]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-26 691696]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]
S1 funfrm;funfrm; [x]
S1 MpKsl230bdac5;MpKsl230bdac5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A05DB15E-A8BB-412B-93A0-256997125374}\MpKsl230bdac5.sys [2011-07-07 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2009-07-22 474888]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-07-15 233472]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 UpekSrvc;Upek Service;c:\program files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe [2009-09-11 44808]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2009-07-22 3473672]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2009-07-22 709384]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2009-07-13 516608]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-20 218688]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-02 122368]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL230BDAC5
*NewlyCreated* - MPKSLB9A8086C
*Deregistered* - MpKslb9a8086c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 03:42]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 03:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bild.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{6BF9D236-A1D2-426D-9AB6-7E95DCBAC6B4}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{7010AAE3-7CBB-46A4-8500-130D143CA629}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ohh0ccb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-4E3E0230AEBB4E96 - c:\recycle.bin\Recycle.Bin.exe
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-VeriFaceManager - c:\program files\Lenovo\VeriFace\PManage.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Free Videos To DVD_is1 - g:\dateien\Videos To DVD\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3336212685-1508650090-3164056612-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*s*e*a*n*_*k*i*n*g*s*t*o*n*_*-*_*r*e*a*d*y*_*o*r*_*n*o*t*_*(*d*e*-**+Z5\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(536)
c:\program files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll
c:\program files\Lenovo\LenovoSecuritySolution FP\homefus2.dll
c:\program files\Lenovo\LenovoSecuritySolution FP\infql2.dll
.
- - - - - - - > 'Explorer.exe'(4820)
c:\program files\Lenovo\LenovoSecuritySolution FP\farchns.dll
c:\program files\Lenovo\LenovoSecuritySolution FP\infql2.dll
c:\program files\Lenovo\LenovoSecuritySolution FP\qlbase.dll
.
Zeit der Fertigstellung: 2011-07-07 20:12:21
ComboFix-quarantined-files.txt 2011-07-07 18:12
.
Vor Suchlauf: 12 Verzeichnis(se), 52.751.499.264 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 53.017.075.712 Bytes frei
.
- - End Of File - - D029AE10A9A8F078F525B195E081677B
|
|
07.07.2011, 21:38
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Reglockdel::
[HKEY_USERS\S-1-5-21-3336212685-1508650090-3164056612-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*s*e*a*n*_*k*i*n*g*s*t*o*n*_*-*_*r*e*a*d*y*_*o*r*_*n*o*t*_*(*d*e*-**+Z5\OpenWithList]
Driver::
funfrm
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.07.2011, 03:04
| #12 |
| | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurdeCode:
ATTFilter ComboFix 11-07-07.05 - *** 08.07.2011 3:31.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3003.2070 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_funfrm
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-06-08 bis 2011-07-08 ))))))))))))))))))))))))))))))
.
.
2011-07-08 01:44 . 2011-07-08 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-08 01:44 . 2011-07-08 01:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-07-08 01:07 . 2011-07-08 01:07 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A05DB15E-A8BB-412B-93A0-256997125374}\MpKslfd4883df.sys
2011-07-07 16:51 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A05DB15E-A8BB-412B-93A0-256997125374}\mpengine.dll
2011-07-03 21:53 . 2009-07-14 01:15 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2011-06-29 21:30 . 2011-06-29 21:31 -------- d-----w- c:\windows\system32\SPReview
2011-06-29 21:28 . 2011-06-29 21:28 -------- d-----w- c:\windows\system32\EventProviders
2011-06-29 18:15 . 2011-06-29 18:15 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-29 18:15 . 2011-06-29 18:15 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 13:25 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 13:25 . 2010-11-20 12:18 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-06-29 13:25 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 13:25 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 13:25 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 13:25 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 13:25 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 13:25 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 13:25 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 13:25 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 13:25 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-27 14:56 . 2011-06-27 14:56 -------- d--h--w- c:\programdata\CanonIJScan
2011-06-27 14:55 . 2011-06-27 14:57 -------- d-----w- c:\users\***\AppData\Roaming\Canon
2011-06-27 14:48 . 2011-06-27 14:48 -------- d-----w- c:\windows\system32\STRING
2011-06-27 14:48 . 2009-04-03 16:51 137216 ----a-w- c:\windows\system32\CNMNPUI.DLL
2011-06-27 14:48 . 2009-04-03 16:51 353792 ----a-w- c:\windows\system32\CNMNPPM.DLL
2011-06-27 14:48 . 2011-06-27 14:48 -------- d-----w- c:\windows\system32\CHM
2011-06-27 14:46 . 2011-06-27 14:55 -------- d-----w- c:\program files\Canon
2011-06-24 22:26 . 2011-06-24 22:26 -------- d-----w- c:\users\***\AppData\Roaming\Mozilla-Cache
2011-06-24 22:23 . 2011-06-24 22:23 -------- d-----w- C:\Programs
2011-06-24 03:39 . 2011-06-24 03:39 -------- d-----w- C:\_OTL
2011-06-23 20:07 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-06-23 20:05 . 2010-11-20 12:21 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-06-23 20:04 . 2010-11-20 12:30 53120 ----a-w- c:\windows\system32\drivers\volmgr.sys
2011-06-23 20:03 . 2010-11-20 12:21 196608 ----a-w- c:\windows\system32\wwanconn.dll
2011-06-23 20:02 . 2010-11-20 12:07 2048 ----a-w- c:\windows\system32\tzres.dll
2011-06-23 20:01 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-23 20:01 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-06-23 20:01 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-23 20:00 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-06-23 20:00 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-06-20 20:50 . 2011-06-20 20:50 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-20 20:50 . 2011-06-20 20:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-15 05:07 . 2011-06-15 05:08 -------- d-----w- c:\users\test
2011-06-15 02:08 . 2011-06-15 02:08 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-06-15 02:08 . 2011-06-15 02:08 -------- d-----w- c:\programdata\Malwarebytes
2011-06-15 00:33 . 2011-04-22 19:10 981504 ----a-w- c:\windows\system32\wininet.dll
2011-06-15 00:33 . 2011-04-29 04:57 189952 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 00:33 . 2011-04-22 19:09 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-06-15 00:33 . 2011-05-28 02:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 00:33 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 00:33 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 00:33 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 21:44 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-06-07 15:55 . 2010-09-29 15:37 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-24 21:51 . 2011-05-24 21:51 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-24 21:51 . 2011-05-24 21:51 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-10 19:04 . 2011-02-01 05:10 24576 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{EDA2E9CA-8B7E-4BC0-9B0F-34B299555BF3}\IconEDA2E9CA.exe
2011-04-22 19:14 . 2011-05-25 04:02 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2011-04-09 06:02 . 2011-05-11 17:05 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 17:05 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-24 11:39 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-29 18:15 . 2011-05-12 18:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-07_17.53.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2011-07-08 01:48 47112 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-26 00:59 . 2011-07-08 01:48 14310 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3336212685-1508650090-3164056612-1003_UserData.bin
- 2009-07-14 04:50 . 2011-07-07 16:40 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2011-07-08 01:47 86016 c:\windows\System32\DriverStore\infpub.dat
- 2010-09-26 06:09 . 2011-07-07 16:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-26 06:09 . 2011-07-08 01:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-26 06:09 . 2011-07-08 01:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-26 06:09 . 2011-07-07 16:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-07-07 16:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-07-08 01:47 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-11 20:49 . 2011-07-07 16:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-11 20:49 . 2011-07-08 01:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-11 20:49 . 2011-07-07 16:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-11 20:49 . 2011-07-08 01:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-11 20:49 . 2011-07-08 01:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-11 20:49 . 2011-07-07 16:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-25 22:49 . 2011-07-08 01:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-25 22:49 . 2011-07-07 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-25 22:49 . 2011-07-07 17:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-25 22:49 . 2011-07-08 01:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-29 23:39 . 2011-07-07 21:58 3016 c:\windows\System32\wdi\ERCQueuedResolutions.dat
- 2010-09-29 23:39 . 2011-06-14 20:26 3016 c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2011-07-08 01:07 . 2011-07-08 01:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-07 16:39 . 2011-07-07 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-07 16:39 . 2011-07-07 16:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-08 01:07 . 2011-07-08 01:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:50 . 2011-07-08 01:47 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2011-07-07 16:40 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2011-07-08 01:47 143360 c:\windows\System32\DriverStore\infstor.dat
- 2009-07-14 04:50 . 2011-07-07 16:40 143360 c:\windows\System32\DriverStore\infstor.dat
- 2010-06-29 20:26 . 2011-07-07 16:40 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-06-29 20:26 . 2011-07-08 01:47 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:47 . 2011-07-07 07:28 457084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-07-07 21:58 457084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-12 21:29 . 2011-07-07 21:58 1817692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3336212685-1508650090-3164056612-1003-8192.dat
- 2011-05-12 21:29 . 2011-07-07 07:28 1817692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3336212685-1508650090-3164056612-1003-8192.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-09-11 20:47 5066504 ----a-w- c:\program files\Lenovo\LenovoSecuritySolution FP\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-09-11 20:47 5066504 ----a-w- c:\program files\Lenovo\LenovoSecuritySolution FP\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"4E3E0230AEBB4E96"="c:\recycle.bin\Recycle.Bin.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"IndicatorListener"="c:\program files\Motorola\Bluetooth\mkil.dll" [2009-08-12 107784]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2009-07-22 17753352]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800]
"PSQLLauncher"="c:\program files\Lenovo\LenovoSecuritySolution FP\launcher.exe" [2009-09-11 55048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-09-11 20:20 100616 ----a-w- c:\program files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-12-13 19:51 102400 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R1 MpKsl12f0c6c2;MpKsl12f0c6c2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8AF5B40-1E54-4380-88CC-3E7E2475912E}\MpKsl12f0c6c2.sys [x]
R1 MpKsl4cced1c7;MpKsl4cced1c7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FACF7C9-06C0-48D1-8F8E-95FE64D0A5F2}\MpKsl4cced1c7.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2009-07-22 709384]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2009-07-09 40448]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 201168]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-26 691696]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2009-02-03 63096]
S1 MpKslfd4883df;MpKslfd4883df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A05DB15E-A8BB-412B-93A0-256997125374}\MpKslfd4883df.sys [2011-07-08 28752]
S1 MpKslff09b73e;MpKslff09b73e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A05DB15E-A8BB-412B-93A0-256997125374}\MpKslff09b73e.sys [2011-07-08 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2009-07-22 474888]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-07-15 233472]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 UpekSrvc;Upek Service;c:\program files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe [2009-09-11 44808]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2009-07-22 3473672]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2009-07-13 516608]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-20 218688]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-02 122368]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLFF09B73E
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 03:42]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 03:42]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bild.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{6BF9D236-A1D2-426D-9AB6-7E95DCBAC6B4}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{7010AAE3-7CBB-46A4-8500-130D143CA629}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ohh0ccb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3336212685-1508650090-3164056612-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_*s*e*a*n*_*k*i*n*g*s*t*o*n*_*-*_*r*e*a*d*y*_*o*r*_*n*o*t*_*(*d*e*-**+Z5\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(520)
c:\program files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll
c:\program files\Lenovo\LenovoSecuritySolution FP\homefus2.dll
c:\program files\Lenovo\LenovoSecuritySolution FP\infql2.dll
.
- - - - - - - > 'Explorer.exe'(3020)
c:\program files\Lenovo\LenovoSecuritySolution FP\farchns.dll
c:\program files\Lenovo\LenovoSecuritySolution FP\infql2.dll
c:\program files\Lenovo\LenovoSecuritySolution FP\qlbase.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Lenovo\LenovoSecuritySolution FP\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-08 04:00:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-07-08 02:00
ComboFix2.txt 2011-07-07 18:12
.
Vor Suchlauf: 13 Verzeichnis(se), 52.744.552.448 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 52.526.571.520 Bytes frei
.
- - End Of File - - 443B75CF7913DB234121EB03A4BCA6CB
|
|
08.07.2011, 15:52
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2011, 05:41
| #14 |
| | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurdeCode:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-13 06:39:18
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS545032B9A300 rev.PB3ZC61H
Running: dyv1ic3w.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldrpog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82E77339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB0D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.xreloc C:\windows\System32\drivers\sfsync04.sys unknown last section [0x8AF42000, 0xC5E, 0x40000040]
? C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5481BC9F-8218-4512-9CCD-58CF49BB11BF}\MpKsl4ded2da8.sys Das System kann die angegebene Datei nicht finden. !
.vmp2 C:\windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xAD36869D]
PAGE peauth.sys AE019B9B 72 Bytes CALL 9D91421D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[3432] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3432] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3432] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3432] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3932] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3932] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3932] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3932] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqltray.exe[3940] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqltray.exe[3940] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqltray.exe[3940] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqltray.exe[3940] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqltray.exe[3940] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqltray.exe[3940] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7528FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8613EDD0
Device \Driver\atapi \Device\Ide\IdePort0 8613EDD0
Device \Driver\atapi \Device\Ide\IdePort1 8613EDD0
Device \Driver\atapi \Device\Ide\IdePort2 8613EDD0
Device \Driver\atapi \Device\Ide\IdePort3 8613EDD0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8613EDD0
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001c7b2c8764
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0x06 0xBC 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0x94 0x8D 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCE 0x39 0x47 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x07 0xC7 0x8A 0x8D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001c7b2c8764 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA2 0x06 0xBC 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB0 0x94 0x8D 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xCE 0x39 0x47 0x96 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x07 0xC7 0x8A 0x8D ...
---- EOF - GMER 1.0.15 ----
|
|
13.07.2011, 05:47
| #15 |
| | Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurdeCode:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 06:45:35 on 13.07.2011 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 5.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\windows\system32\DivXControlPanelApplet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\windows\system32\drivers\acedrv11.sys "Bridge0" (Bridge0) - "Lenovo" - C:\windows\System32\drivers\WDBridge.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "FsUsbExDisk" (FsUsbExDisk) - ? - C:\windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "kxldrpog" (kxldrpog) - ? - C:\Users\***\AppData\Local\Temp\kxldrpog.sys (Hidden registry entry, rootkit activity | File not found) "MpKsl12f0c6c2" (MpKsl12f0c6c2) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8AF5B40-1E54-4380-88CC-3E7E2475912E}\MpKsl12f0c6c2.sys (File not found) "MpKsl14e1b36c" (MpKsl14e1b36c) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AB883B6-5617-48F0-B1EE-C0CDE93BDCB5}\MpKsl14e1b36c.sys "MpKsl4cced1c7" (MpKsl4cced1c7) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6FACF7C9-06C0-48D1-8F8E-95FE64D0A5F2}\MpKsl4cced1c7.sys (File not found) "MpKsl4ded2da8" (MpKsl4ded2da8) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5481BC9F-8218-4512-9CCD-58CF49BB11BF}\MpKsl4ded2da8.sys (File not found) "Realtek IR Driver" (RtsUIR) - ? - C:\windows\System32\DRIVERS\Rts516xIR.sys (File not found) "Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\windows\System32\DRIVERS\RtsUCcid.sys (File not found) "RtsUStor.Sys Realtek USB Card Reader" (RSUSBSTOR) - ? - C:\windows\System32\Drivers\RtsUStor.sys (File not found) "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\windows\System32\drivers\sfdrv01.sys "StarForce Protection Environment Driver (version 1.x.a)" (sfdrv01a) - "Protection Technology (StarForce)" - C:\windows\System32\drivers\sfdrv01a.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\windows\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\windows\System32\drivers\sfsync04.sys "StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology (StarForce)" - C:\windows\System32\drivers\sfvfs02.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "@C:\Program Files\Lenovo\LenovoSecuritySolution FP\farchns.dll,-4263" - "UPEK Inc." - C:\Program Files\Lenovo\LenovoSecuritySolution FP\farchns.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0A7D34C2-E9DA-48A1-9E34-0CDFC2DE3B44} "CSendToContextMenu Object" - "Motorola, Inc." - C:\Program Files\Motorola\Bluetooth\btmshell.dll {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI8079~1\shellext.dll {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {862D80CE-A2A4-45D4-8008-7F40766F5FEA} "My Bluetooth" - "Motorola, Inc." - C:\Program Files\Motorola\Bluetooth\btmshell.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Lenovo\LenovoSecuritySolution FP\farchns.dll {E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Lenovo\LenovoSecuritySolution FP\farchns.dll {66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Lenovo\LenovoSecuritySolution FP\farchns.dll {771C7324-DA80-49D3-8017-753B0AF60951} "VeriFace Enc" - ? - (File not found | COM-object registry key not found) {DF4F5AE4-E795-4C12-BC26-7726C27F71AE} "VeriFace file icon extension" - ? - (File not found | COM-object registry key not found) {2d3dd4c0-3bd7-11d2-821e-444553540000} "WdmidleDeviceShellExtension" - ? - c:\program files\lenovo\energy management\powcpl.dll (File found, but it contains no detailed information) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll <binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "UPEK Inc." - C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll "Security Packages" - "Microsoft Corporation" - C:\windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "4E3E0230AEBB4E96" - ? - C:\Recycle.Bin\Recycle.Bin.exe (File not found) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "BTMTrayAgent" - "Motorola, Inc." - rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp "CanonMyPrinter" - "CANON INC." - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon "CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon "Energy Management" - "Lenovo (Beijing) Limited" - C:\Program Files\Lenovo\Energy Management\Energy Management.exe "EnergyUtility" - "Lenovo(beijing) Limited" - C:\Program Files\Lenovo\Energy Management\utility.exe "IndicatorListener" - "Motorola, Inc." - rundll32.exe "C:\Program Files\Motorola\Bluetooth\mkil.dll",StartNotification "MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Lenovo\LenovoSecuritySolution FP\launcher.exe" /startup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UpdateP2GShortCut" - "CyberLink Corp." - "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" "WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJNP Port" - "CANON INC." - C:\windows\system32\CNMNPPM.DLL [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Bluetooth Device Manager" (Bluetooth Device Manager) - "Motorola, Inc." - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe "Bluetooth Media Service" (Bluetooth Media Service) - "Motorola, Inc." - C:\Program Files\Motorola\Bluetooth\audiosrv.exe "Bluetooth OBEX Service" (Bluetooth OBEX Service) - "Motorola, Inc." - C:\Program Files\Motorola\Bluetooth\obexsrv.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\windows\system32\FsUsbExService.Exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "IGRS" (IGRS) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Lenovo ReadyComm AppSvc" (Lenovo ReadyComm AppSvc) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe "Lenovo ReadyComm ConnSvc" (Lenovo ReadyComm ConnSvc) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - ? - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe (File not found) "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "SeaPort" (SeaPort) - "Microsoft Corp." - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "Upek Service" (UpekSrvc) - "UPEK Inc." - C:\Program Files\Lenovo\LenovoSecuritySolution FP\upeksrvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "psfus" - "UPEK Inc." - C:\Program Files\Lenovo\LenovoSecuritySolution FP\psqlpwd.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
| Themen zu Weiterhin Fehler, obwohl Windows Restore vermutlich komplett entfernt wurde |
| alert, desktop, explorer, fehler, fehlermeldungen, gen, home, klicke, leer, leute, logfiles, mozilla, neue, ordner, papierkorb, probleme, programm, programme, rechtsklick, recovery, restore, system, tab, tab öffnen, taskleiste, virus, windows, windows 7, windows 7 home, windows explorer |
Linear-Darstellung
