| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
15.06.2011, 18:52
| #1 |
 | ![TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. - Standard](images/icons/icon1.gif){kind=icon} TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Hallo zusammen und erstmals danke für die kompetente Hilfe die Ihr hier anbietet. Wie im Titel zu sehen wurde ein Trojaner namens Kazy gefunden, im Google finde ich aber zu dieser Versionsnummer noch nichts. Ich habe sofort Malwarebytes im Offlinemodus mit allen Programmen geschlossen drüberlaufen lassen und 4 Infizierungen wurden so entdeckt. Hier der LOG: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6860
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
15.06.2011 13:08:47
mbam-log-2011-06-15 (13-08-33).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 496655
Laufzeit: 1 Stunde(n), 11 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.Agent) -> Value: 4E3E0230AEBB4E96 -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> No action taken.
Infizierte Dateien:
c:\Recycle.Bin\recycle.bin.exe (Trojan.Agent) -> No action taken.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> No action taken.
Seitdem bekomme ich weder neue Warnungen von Antivir und auch Malewarebytes findet nichts mehr. Meine Frage nun.... ist der Rechner nun sauber oder sollte ich hier besonders vorsichtig ans werk gehen. PS: Mein System ist Vista 64 bit und als Browser verwende ich Mozilla Firefox mit Noscript als Addon. Lg und vielen Dank Stefan Anbei die OTL Logs: Geändert von cosinus (16.06.2011 um 12:54 Uhr) Grund: CODE- statt PHP-Tags |
|
16.06.2011, 11:04
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden.Zitat:
Hm, was willst du mit diesen komischen Toolbars auf dem Rechner? Am besten alles entfernen wo Toolbar steht, was in der Systemsteuerung unter Software bzw. Programme und Funktionen zu sehen ist und bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann. Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.
__________________ |
|
16.06.2011, 11:27
| #3 |
| | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Hallo Arne.
__________________Danke das du dich so schnell meldest. Aye! Bin gerade dabei da auszumisten.  |
|
16.06.2011, 11:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. OK. Mach danach bitte ein neue OTL-Custom-Log.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.06.2011, 12:17
| #5 |
| | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Hier der neue Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.06.2011 13:02:36 - Run 3 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Stefan\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 77,04% Memory free 12,09 Gb Paging File | 10,73 Gb Available in Paging File | 88,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 920,66 Gb Total Space | 241,84 Gb Free Space | 26,27% Space Free | Partition Type: NTFS Drive D: | 7,18 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: STEFANSBABY | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (PS3 Media Server) -- C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (ahcix64) -- C:\Windows\SysNative\drivers\ahcix64.sys () DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys () DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys () DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys () DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys () DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys () DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (JGOGO) -- C:\Windows\SysNative\drivers\jgogo.sys () DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.26 11:39:55 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.26 11:39:55 | 000,000,000 | ---D | M] [2009.10.05 06:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2011.06.15 10:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\05ec9n1r.default\extensions [2009.10.07 14:38:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\05ec9n1r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.15 10:58:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\05ec9n1r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.06.08 19:05:11 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\05ec9n1r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.06.08 19:05:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\05ec9n1r.default\extensions\engine@conduit.com [2011.06.16 12:29:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.11 05:40:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.11.20 03:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2011.05.26 11:39:42 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.09.15 06:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.05.26 11:39:44 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.26 11:39:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.05.26 11:39:44 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.26 11:39:44 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.26 11:39:44 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.26 11:39:44 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [PlayNC Launcher] File not found O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\SysNative\OOBE\INFO\default\1031\ALIENWARE\wallpapers\wallpaper3.jpg O24 - Desktop BackupWallPaper: C:\Windows\SysNative\OOBE\INFO\default\1031\ALIENWARE\wallpapers\wallpaper3.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.01 19:36:21 | 000,726,248 | R--- | M] (BioWare) - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2007.11.16 00:48:02 | 000,000,057 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{4c9ff613-ae8f-11de-9558-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4c9ff613-ae8f-11de-9558-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2008.05.01 19:36:21 | 000,726,248 | R--- | M] (BioWare) O33 - MountPoints2\{627f7d49-48fc-11df-be60-002618686c9d}\Shell - "" = AutoRun O33 - MountPoints2\{627f7d49-48fc-11df-be60-002618686c9d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{627f7d4b-48fc-11df-be60-002618686c9d}\Shell - "" = AutoRun O33 - MountPoints2\{627f7d4b-48fc-11df-be60-002618686c9d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bc73d099-4243-11df-bd65-002618686c9d}\Shell - "" = AutoRun O33 - MountPoints2\{bc73d099-4243-11df-bd65-002618686c9d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bc73d0bd-4243-11df-bd65-002618686c9d}\Shell - "" = AutoRun O33 - MountPoints2\{bc73d0bd-4243-11df-bd65-002618686c9d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bc73d0e4-4243-11df-bd65-002618686c9d}\Shell - "" = AutoRun O33 - MountPoints2\{bc73d0e4-4243-11df-bd65-002618686c9d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.06.16 12:21:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.06.16 04:20:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.06.15 22:45:01 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.06.15 19:17:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2011.06.15 19:08:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.06.15 19:08:42 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.06.15 19:08:42 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.06.15 19:08:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.06.15 19:08:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.06.15 19:08:41 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.06.15 19:08:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.06.15 19:08:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.06.15 19:08:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.06.15 19:08:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.06.15 19:08:40 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.06.15 19:08:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.06.15 19:08:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.06.15 19:08:39 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.06.15 19:03:54 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2011.06.15 19:03:54 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2011.06.15 19:03:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2011.06.15 19:03:54 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2011.06.15 19:03:54 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll [2011.06.15 19:03:53 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2011.06.15 19:03:52 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.06.15 19:03:52 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2011.06.15 19:03:52 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2011.06.15 19:03:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2011.06.15 19:03:51 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2011.06.15 19:03:51 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2011.06.15 19:03:51 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2011.06.15 19:03:50 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011.06.15 19:03:50 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe [2011.06.15 19:03:50 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2011.06.15 19:03:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2011.06.15 19:03:50 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2011.06.15 19:03:49 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.06.15 19:03:49 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2011.06.15 19:03:47 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2011.06.15 19:03:47 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2011.06.15 19:03:47 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe [2011.06.15 19:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2011.06.15 19:03:47 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2011.06.15 19:03:47 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe [2011.06.15 11:38:20 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2011.06.15 11:38:14 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.06.15 11:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.15 11:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.15 11:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.06.15 11:02:05 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.06.14 16:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.06.08 14:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2011.06.08 14:41:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\SystemRequirementsLab [2011.05.23 15:40:16 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\The Witcher [2011.05.23 15:40:16 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\The Witcher [2011.05.23 15:36:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\The Witcher [2011.05.18 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Witcher 2 [2011.05.18 15:32:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\The Witcher 2 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.16 13:04:08 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.06.16 13:04:08 | 000,617,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.06.16 13:04:08 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.06.16 13:04:08 | 000,125,824 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.06.16 13:04:08 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.06.16 13:03:59 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.16 12:59:51 | 000,052,885 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.06.16 12:59:51 | 000,052,885 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.06.16 12:59:26 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.16 12:59:26 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.16 12:59:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.16 12:58:58 | 000,378,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.06.16 12:58:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.16 12:56:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.06.16 12:47:30 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2011.06.16 12:45:31 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe [2011.06.16 12:40:17 | 000,184,832 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.15 20:05:22 | 000,015,608 | ---- | M] () -- C:\Users\Stefan\Desktop\OTL.zip [2011.06.15 20:04:40 | 000,018,375 | ---- | M] () -- C:\Users\Stefan\Desktop\Extras.zip [2011.06.15 19:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2011.06.15 11:38:14 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.15 11:02:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,025,912 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.22 21:20:35 | 000,000,221 | ---- | M] () -- C:\Users\Stefan\Desktop\The Witcher Enhanced Edition.url [2011.05.18 03:53:56 | 000,000,219 | ---- | M] () -- C:\Users\Stefan\Desktop\Portal 2.url [2011.05.17 19:49:18 | 000,000,221 | ---- | M] () -- C:\Users\Stefan\Desktop\The Witcher 2.url [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.16 12:47:30 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2011.06.16 12:45:31 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Desktop\Defogger.exe [2011.06.15 22:45:01 | 000,817,664 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2011.06.15 22:44:59 | 000,612,864 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2011.06.15 20:05:22 | 000,015,608 | ---- | C] () -- C:\Users\Stefan\Desktop\OTL.zip [2011.06.15 20:04:40 | 000,018,375 | ---- | C] () -- C:\Users\Stefan\Desktop\Extras.zip [2011.06.15 19:08:43 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2011.06.15 19:08:43 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2011.06.15 19:08:43 | 000,096,768 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2011.06.15 19:08:42 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2011.06.15 19:08:42 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2011.06.15 19:08:42 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll [2011.06.15 19:08:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\licmgr10.dll [2011.06.15 19:08:42 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2011.06.15 19:08:41 | 001,486,848 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2011.06.15 19:08:41 | 000,710,656 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2011.06.15 19:08:41 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll [2011.06.15 19:08:41 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe [2011.06.15 19:08:41 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll [2011.06.15 19:08:41 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll [2011.06.15 19:08:41 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe [2011.06.15 19:08:41 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.06.15 19:08:41 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.06.15 19:08:41 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe [2011.06.15 19:08:40 | 002,340,864 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2011.06.15 19:08:40 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2011.06.15 19:08:40 | 000,479,232 | ---- | C] () -- C:\Windows\SysNative\html.iec [2011.06.15 19:08:40 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2011.06.15 19:08:40 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll [2011.06.15 19:08:39 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl [2011.06.15 19:08:38 | 012,474,368 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2011.06.15 19:08:37 | 009,264,640 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2011.06.15 19:03:56 | 000,088,064 | ---- | C] () -- C:\Windows\SysNative\admparse.dll [2011.06.15 19:03:55 | 000,022,528 | ---- | C] () -- C:\Windows\SysNative\corpol.dll [2011.06.15 19:03:54 | 000,223,232 | ---- | C] () -- C:\Windows\SysNative\msls31.dll [2011.06.15 19:03:54 | 000,161,792 | ---- | C] () -- C:\Windows\SysNative\advpack.dll [2011.06.15 19:03:54 | 000,157,696 | ---- | C] () -- C:\Windows\SysNative\ieakeng.dll [2011.06.15 19:03:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\icardie.dll [2011.06.15 19:03:53 | 000,077,824 | ---- | C] () -- C:\Windows\SysNative\tdc.ocx [2011.06.15 19:03:52 | 000,125,952 | ---- | C] () -- C:\Windows\SysNative\inseng.dll [2011.06.15 19:03:52 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\wextract.exe [2011.06.15 19:03:52 | 000,063,488 | ---- | C] () -- C:\Windows\SysNative\pngfilt.dll [2011.06.15 19:03:52 | 000,052,736 | ---- | C] () -- C:\Windows\SysNative\imgutil.dll [2011.06.15 19:03:51 | 000,508,416 | ---- | C] () -- C:\Windows\SysNative\dxtmsft.dll [2011.06.15 19:03:51 | 000,481,280 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll [2011.06.15 19:03:51 | 000,318,464 | ---- | C] () -- C:\Windows\SysNative\dxtrans.dll [2011.06.15 19:03:50 | 000,304,640 | ---- | C] () -- C:\Windows\SysNative\webcheck.dll [2011.06.15 19:03:50 | 000,278,528 | ---- | C] () -- C:\Windows\SysNative\WinFXDocObj.exe [2011.06.15 19:03:50 | 000,271,872 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll [2011.06.15 19:03:50 | 000,241,664 | ---- | C] () -- C:\Windows\SysNative\msrating.dll [2011.06.15 19:03:50 | 000,163,840 | ---- | C] () -- C:\Windows\SysNative\ieakui.dll [2011.06.15 19:03:50 | 000,131,584 | ---- | C] () -- C:\Windows\SysNative\PDMSetup.exe [2011.06.15 19:03:50 | 000,129,024 | ---- | C] () -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2011.06.15 19:03:50 | 000,128,512 | ---- | C] () -- C:\Windows\SysNative\SetIEInstalledDate.exe [2011.06.15 19:03:50 | 000,125,440 | ---- | C] () -- C:\Windows\SysNative\SetDepNx.exe [2011.06.15 19:03:50 | 000,041,984 | ---- | C] () -- C:\Windows\SysNative\mshta.exe [2011.06.15 19:03:49 | 000,108,032 | ---- | C] () -- C:\Windows\SysNative\url.dll [2011.06.15 19:03:49 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\mshtmler.dll [2011.06.15 19:03:47 | 003,698,584 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dat [2011.06.15 19:03:47 | 000,193,536 | ---- | C] () -- C:\Windows\SysNative\iexpress.exe [2011.06.15 11:38:14 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.15 11:38:11 | 000,025,912 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.14 21:55:03 | 000,847,872 | ---- | C] () -- C:\Windows\SysNative\oleaut32.dll [2011.06.14 21:55:02 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2011.06.14 21:55:02 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys [2011.06.14 21:55:01 | 000,407,552 | ---- | C] () -- C:\Windows\SysNative\drivers\afd.sys [2011.06.14 21:55:00 | 000,274,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2011.06.14 21:55:00 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2011.06.14 21:55:00 | 000,105,984 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2011.06.14 21:54:58 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2011.06.14 21:54:52 | 000,097,792 | ---- | C] () -- C:\Windows\SysNative\drivers\dfsc.sys [2011.06.14 21:54:51 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2011.05.26 11:39:56 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.22 21:20:35 | 000,000,221 | ---- | C] () -- C:\Users\Stefan\Desktop\The Witcher Enhanced Edition.url [2011.05.18 03:53:56 | 000,000,219 | ---- | C] () -- C:\Users\Stefan\Desktop\Portal 2.url [2011.05.17 18:24:03 | 000,000,221 | ---- | C] () -- C:\Users\Stefan\Desktop\The Witcher 2.url [2010.10.20 12:19:08 | 000,000,732 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps64.dat [2010.06.09 04:12:34 | 000,218,808 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.06.09 04:12:29 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.05.01 05:31:02 | 000,000,680 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat [2009.11.22 18:54:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.06 04:44:44 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2009.10.05 07:00:48 | 000,184,832 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.05 06:41:12 | 000,052,885 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.10.05 06:34:33 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.10.05 06:34:33 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.10.05 06:09:59 | 000,052,885 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.09.16 14:32:39 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [1998.08.23 20:36:00 | 000,063,488 | ---- | C] () -- C:\Windows\SysWow64\Eztw32.dll ========== LOP Check ========== [2009.10.17 13:44:49 | 000,000,000 | -HSD | M] -- C:\Users\Stefan\AppData\Roaming\.# [2010.12.19 19:46:52 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\gtk-2.0 [2010.12.20 01:42:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\IrfanView [2010.06.18 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LolClient [2009.12.24 13:28:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LucasArts [2010.12.05 00:40:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\PMS [2011.04.25 18:37:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\The Creative Assembly [2011.02.06 22:15:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TS3Client [2011.06.15 03:33:50 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\uTorrent [2011.06.16 12:56:57 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.10.05 05:47:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.10.01 11:55:19 | 000,000,000 | -HSD | M] -- C:\Boot [2011.06.16 12:58:30 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.09.16 14:35:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.10.05 05:48:39 | 000,000,000 | ---D | M] -- C:\Intel [2010.06.10 04:51:35 | 000,000,000 | ---D | M] -- C:\NVIDIA [2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.06.16 12:23:20 | 000,000,000 | R--D | M] -- C:\Programme [2011.06.16 12:58:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.06.16 12:17:23 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.09.16 14:35:34 | 000,000,000 | -HSD | M] -- C:\Programme [2011.06.16 12:34:35 | 000,000,000 | ---D | M] -- C:\Riot Games [2010.10.19 14:31:57 | 000,000,000 | ---D | M] -- C:\sr [2011.06.16 13:04:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.10.01 22:58:04 | 000,000,000 | -HSD | M] -- C:\System.sav [2010.12.19 19:38:08 | 000,000,000 | R--D | M] -- C:\Users [2011.06.16 12:25:21 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe [2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe [2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe [2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] () MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Hab die von Dir angesprochenen Toolbars in der Systemsteuerung deinstalliert und sonst noch diversen Schund gleich mit dazu. Weiters hier, was ich früher total vergessen habe, der Defogger Log: defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:47 on 16/06/2011 (Stefan) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Gruss Stefan EDIT: Habe mittlerweilen zwei weitere Malwarebytes Scans gemacht und beide waren sauber. Ein kompletter Systemscan von Antivir hat mir dies jedoch zu Tage gefördert: The file 'C:\Users\Stefan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\37db3fe2-5dfba285' contained a virus or unwanted program 'JAVA/Dldr.Scuds.A' [virus] Action(s) taken: The file was moved to '4e5cf90d.qua'! The file 'C:\Users\Stefan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\42cc9baf-3f34983d' contained a virus or unwanted program 'JAVA/Fester.B.1' [virus] Action(s) taken: The file was moved to '4e5bf908.qua'! |
|
16.06.2011, 12:36
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Überleg dir gut, ob du in Zukunft weiterhin bei AntiVir bleiben willst. Die haben eine sehr fragwürdige Entscheidung getroffen, was nicht gerade seriös wirkt => http://www.trojaner-board.de/100374-...e-und-ask.html Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.01 19:36:21 | 000,726,248 | R--- | M] (BioWare) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.11.16 00:48:02 | 000,000,057 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4c9ff613-ae8f-11de-9558-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c9ff613-ae8f-11de-9558-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2008.05.01 19:36:21 | 000,726,248 | R--- | M] (BioWare)
O33 - MountPoints2\{627f7d49-48fc-11df-be60-002618686c9d}\Shell - "" = AutoRun
O33 - MountPoints2\{627f7d49-48fc-11df-be60-002618686c9d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{627f7d4b-48fc-11df-be60-002618686c9d}\Shell - "" = AutoRun
O33 - MountPoints2\{627f7d4b-48fc-11df-be60-002618686c9d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bc73d099-4243-11df-bd65-002618686c9d}\Shell - "" = AutoRun
O33 - MountPoints2\{bc73d099-4243-11df-bd65-002618686c9d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bc73d0bd-4243-11df-bd65-002618686c9d}\Shell - "" = AutoRun
O33 - MountPoints2\{bc73d0bd-4243-11df-bd65-002618686c9d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bc73d0e4-4243-11df-bd65-002618686c9d}\Shell - "" = AutoRun
O33 - MountPoints2\{bc73d0e4-4243-11df-bd65-002618686c9d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2009.10.17 13:44:49 | 000,000,000 | -HSD | M] -- C:\Users\Stefan\AppData\Roaming\.#
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. |
|
16.06.2011, 12:47
| #7 |
| | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. done. Hier der Log: Code:
ATTFilter ========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\autorun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c9ff613-ae8f-11de-9558-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c9ff613-ae8f-11de-9558-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c9ff613-ae8f-11de-9558-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c9ff613-ae8f-11de-9558-806e6f6e6963}\ not found.
File move failed. D:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{627f7d49-48fc-11df-be60-002618686c9d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627f7d49-48fc-11df-be60-002618686c9d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{627f7d49-48fc-11df-be60-002618686c9d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627f7d49-48fc-11df-be60-002618686c9d}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{627f7d4b-48fc-11df-be60-002618686c9d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627f7d4b-48fc-11df-be60-002618686c9d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{627f7d4b-48fc-11df-be60-002618686c9d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627f7d4b-48fc-11df-be60-002618686c9d}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc73d099-4243-11df-bd65-002618686c9d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc73d099-4243-11df-bd65-002618686c9d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc73d099-4243-11df-bd65-002618686c9d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc73d099-4243-11df-bd65-002618686c9d}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc73d0bd-4243-11df-bd65-002618686c9d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc73d0bd-4243-11df-bd65-002618686c9d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc73d0bd-4243-11df-bd65-002618686c9d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc73d0bd-4243-11df-bd65-002618686c9d}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc73d0e4-4243-11df-bd65-002618686c9d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc73d0e4-4243-11df-bd65-002618686c9d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc73d0e4-4243-11df-bd65-002618686c9d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc73d0e4-4243-11df-bd65-002618686c9d}\ not found.
File E:\AutoRun.exe not found.
C:\Users\Stefan\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.24.0 log created on 06162011_134142
Files\Folders moved on Reboot...
File move failed. D:\autorun.exe scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...
PPS: Danke für den Link Arne, Kaspersky liegt eh schon bereit. Geändert von cosinus (16.06.2011 um 12:54 Uhr) Grund: CODE- statt PHP-Tags |
|
16.06.2011, 12:53
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Bitte zum POsten der Logs keine PHP-Tags verwenden!! Nimm CODE-Tags! Hab das mal für dich ausgebügelt. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst oder Verküpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista- und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 13:04
| #9 |
| | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Sorry wegen den PhP... Hier nun der TDSS Report: Code:
ATTFilter 2011/06/16 14:00:30.0978 1048 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/16 14:00:31.0164 1048 ================================================================================
2011/06/16 14:00:31.0164 1048 SystemInfo:
2011/06/16 14:00:31.0164 1048
2011/06/16 14:00:31.0164 1048 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/16 14:00:31.0164 1048 Product type: Workstation
2011/06/16 14:00:31.0164 1048 ComputerName: STEFANSBABY
2011/06/16 14:00:31.0164 1048 UserName: Stefan
2011/06/16 14:00:31.0164 1048 Windows directory: C:\Windows
2011/06/16 14:00:31.0164 1048 System windows directory: C:\Windows
2011/06/16 14:00:31.0164 1048 Running under WOW64
2011/06/16 14:00:31.0165 1048 Processor architecture: Intel x64
2011/06/16 14:00:31.0165 1048 Number of processors: 8
2011/06/16 14:00:31.0165 1048 Page size: 0x1000
2011/06/16 14:00:31.0165 1048 Boot type: Normal boot
2011/06/16 14:00:31.0165 1048 ================================================================================
2011/06/16 14:00:32.0230 1048 Initialize success
2011/06/16 14:00:38.0661 2936 ================================================================================
2011/06/16 14:00:38.0661 2936 Scan started
2011/06/16 14:00:38.0661 2936 Mode: Manual;
2011/06/16 14:00:38.0661 2936 ================================================================================
2011/06/16 14:00:40.0049 2936 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
2011/06/16 14:00:40.0099 2936 ADIHdAudAddService (59aa63b5dcc9b99c25acc1bc5e9e6816) C:\Windows\system32\drivers\ADIHdAud.sys
2011/06/16 14:00:40.0147 2936 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/06/16 14:00:40.0198 2936 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/06/16 14:00:40.0245 2936 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/06/16 14:00:40.0288 2936 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/06/16 14:00:40.0400 2936 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
2011/06/16 14:00:40.0468 2936 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/06/16 14:00:40.0532 2936 ahcix64 (8f4121eb79c000f53331ba836eafd3d6) C:\Windows\system32\drivers\ahcix64.sys
2011/06/16 14:00:40.0567 2936 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/06/16 14:00:40.0607 2936 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/06/16 14:00:40.0633 2936 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/06/16 14:00:40.0668 2936 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/06/16 14:00:40.0731 2936 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/06/16 14:00:40.0780 2936 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/06/16 14:00:40.0825 2936 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/16 14:00:40.0855 2936 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/06/16 14:00:40.0892 2936 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/16 14:00:40.0942 2936 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/06/16 14:00:40.0996 2936 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/16 14:00:41.0027 2936 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/16 14:00:41.0055 2936 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/06/16 14:00:41.0093 2936 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/06/16 14:00:41.0131 2936 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/06/16 14:00:41.0179 2936 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/16 14:00:41.0206 2936 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/06/16 14:00:41.0253 2936 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/16 14:00:41.0286 2936 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/06/16 14:00:41.0325 2936 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/16 14:00:41.0370 2936 BTHPORT (422d812e231ec3a25f43a881061be5a0) C:\Windows\system32\Drivers\BTHport.sys
2011/06/16 14:00:41.0422 2936 BTHUSB (1c24adb844a910daa2e2732e83a8f3d4) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/16 14:00:41.0457 2936 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/16 14:00:41.0481 2936 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/16 14:00:41.0515 2936 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/16 14:00:41.0556 2936 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
2011/06/16 14:00:41.0611 2936 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/16 14:00:41.0631 2936 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/06/16 14:00:41.0648 2936 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/16 14:00:41.0904 2936 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/16 14:00:41.0952 2936 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
2011/06/16 14:00:41.0977 2936 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/06/16 14:00:42.0030 2936 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/06/16 14:00:42.0092 2936 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/16 14:00:42.0161 2936 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/06/16 14:00:42.0209 2936 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/06/16 14:00:42.0258 2936 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/06/16 14:00:42.0292 2936 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/06/16 14:00:42.0338 2936 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/06/16 14:00:42.0386 2936 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/06/16 14:00:42.0420 2936 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/16 14:00:42.0444 2936 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/06/16 14:00:42.0469 2936 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/06/16 14:00:42.0496 2936 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/16 14:00:42.0540 2936 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/06/16 14:00:42.0576 2936 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/16 14:00:42.0692 2936 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/16 14:00:42.0882 2936 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/06/16 14:00:42.0917 2936 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/16 14:00:42.0945 2936 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/06/16 14:00:42.0989 2936 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/16 14:00:43.0021 2936 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/16 14:00:43.0055 2936 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/06/16 14:00:43.0108 2936 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
2011/06/16 14:00:43.0185 2936 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/06/16 14:00:43.0242 2936 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/16 14:00:43.0326 2936 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\drivers\iastor.sys
2011/06/16 14:00:43.0373 2936 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/06/16 14:00:43.0410 2936 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/06/16 14:00:43.0456 2936 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/06/16 14:00:43.0483 2936 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/16 14:00:43.0531 2936 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/16 14:00:43.0581 2936 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/16 14:00:43.0614 2936 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/16 14:00:43.0647 2936 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/06/16 14:00:43.0675 2936 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/06/16 14:00:43.0712 2936 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/16 14:00:43.0742 2936 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/06/16 14:00:43.0769 2936 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/06/16 14:00:43.0799 2936 JGOGO (7ff7db8466da74da7ad64a55f31221f6) C:\Windows\system32\drivers\jgogo.sys
2011/06/16 14:00:43.0836 2936 JRAID (f8d19d891c60213fab6db93eef2da2a5) C:\Windows\system32\drivers\jraid.sys
2011/06/16 14:00:43.0867 2936 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/16 14:00:43.0883 2936 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/16 14:00:43.0936 2936 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/16 14:00:43.0966 2936 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/06/16 14:00:44.0011 2936 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/16 14:00:44.0056 2936 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/16 14:00:44.0087 2936 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/16 14:00:44.0130 2936 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/16 14:00:44.0150 2936 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/06/16 14:00:44.0182 2936 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/06/16 14:00:44.0223 2936 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/06/16 14:00:44.0260 2936 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/06/16 14:00:44.0291 2936 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/16 14:00:44.0310 2936 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/16 14:00:44.0344 2936 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/16 14:00:44.0361 2936 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/06/16 14:00:44.0393 2936 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/06/16 14:00:44.0429 2936 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/16 14:00:44.0463 2936 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/16 14:00:44.0483 2936 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/06/16 14:00:44.0596 2936 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/16 14:00:44.0631 2936 mrxsmb10 (c3c8ad9591db473690a743b69de829f4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/16 14:00:44.0661 2936 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/16 14:00:44.0693 2936 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/06/16 14:00:44.0729 2936 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/06/16 14:00:44.0768 2936 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/06/16 14:00:44.0794 2936 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/06/16 14:00:44.0825 2936 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/16 14:00:44.0851 2936 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/16 14:00:44.0869 2936 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/06/16 14:00:44.0906 2936 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/06/16 14:00:44.0938 2936 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/16 14:00:45.0021 2936 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/06/16 14:00:45.0077 2936 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/06/16 14:00:45.0096 2936 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/06/16 14:00:45.0131 2936 mv61xx (e884fd7fb31bc82041aab75be5c81eef) C:\Windows\system32\drivers\mv61xx.sys
2011/06/16 14:00:45.0170 2936 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/16 14:00:45.0209 2936 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
2011/06/16 14:00:45.0239 2936 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/16 14:00:45.0266 2936 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/16 14:00:45.0296 2936 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/16 14:00:45.0316 2936 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/06/16 14:00:45.0338 2936 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/16 14:00:45.0362 2936 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/16 14:00:45.0422 2936 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/06/16 14:00:45.0446 2936 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/06/16 14:00:45.0467 2936 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/16 14:00:45.0624 2936 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/06/16 14:00:45.0708 2936 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/06/16 14:00:46.0334 2936 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/16 14:00:46.0438 2936 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/06/16 14:00:46.0487 2936 nvrd64 (7ce4d9f3324e880720201b7cb779b644) C:\Windows\system32\drivers\nvrd64.sys
2011/06/16 14:00:46.0533 2936 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/06/16 14:00:46.0568 2936 nvstor64 (314dcf93e458d531146e1f5fa3e07f0c) C:\Windows\system32\drivers\nvstor64.sys
2011/06/16 14:00:46.0603 2936 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/06/16 14:00:46.0671 2936 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/16 14:00:46.0709 2936 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/06/16 14:00:46.0727 2936 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/06/16 14:00:46.0750 2936 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/06/16 14:00:46.0786 2936 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/06/16 14:00:46.0822 2936 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/06/16 14:00:46.0866 2936 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/06/16 14:00:46.0946 2936 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/16 14:00:46.0970 2936 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/06/16 14:00:47.0029 2936 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/16 14:00:47.0085 2936 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/06/16 14:00:47.0149 2936 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/06/16 14:00:47.0194 2936 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/16 14:00:47.0212 2936 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/16 14:00:47.0236 2936 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/16 14:00:47.0262 2936 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/16 14:00:47.0281 2936 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/16 14:00:47.0309 2936 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/16 14:00:47.0332 2936 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/16 14:00:47.0373 2936 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/06/16 14:00:47.0395 2936 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/16 14:00:47.0425 2936 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/06/16 14:00:47.0498 2936 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/16 14:00:47.0557 2936 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
2011/06/16 14:00:47.0592 2936 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/16 14:00:47.0626 2936 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/16 14:00:47.0684 2936 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/16 14:00:47.0719 2936 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/16 14:00:47.0752 2936 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/06/16 14:00:47.0779 2936 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/06/16 14:00:47.0806 2936 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/06/16 14:00:47.0967 2936 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/06/16 14:00:48.0035 2936 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/16 14:00:48.0061 2936 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/16 14:00:48.0079 2936 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/06/16 14:00:48.0118 2936 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/06/16 14:00:48.0149 2936 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/06/16 14:00:48.0183 2936 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/06/16 14:00:48.0215 2936 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/06/16 14:00:48.0283 2936 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
2011/06/16 14:00:48.0346 2936 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/16 14:00:48.0375 2936 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/16 14:00:48.0426 2936 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/16 14:00:48.0459 2936 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/06/16 14:00:48.0492 2936 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/06/16 14:00:48.0520 2936 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/06/16 14:00:48.0602 2936 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
2011/06/16 14:00:48.0668 2936 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/16 14:00:48.0697 2936 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/16 14:00:48.0733 2936 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/06/16 14:00:48.0757 2936 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/06/16 14:00:48.0791 2936 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/16 14:00:48.0814 2936 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/16 14:00:48.0866 2936 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/16 14:00:48.0883 2936 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/16 14:00:48.0922 2936 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/16 14:00:48.0951 2936 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/06/16 14:00:48.0986 2936 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/16 14:00:49.0015 2936 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/16 14:00:49.0049 2936 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/06/16 14:00:49.0083 2936 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/06/16 14:00:49.0105 2936 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/06/16 14:00:49.0143 2936 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/16 14:00:49.0189 2936 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/16 14:00:49.0227 2936 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/16 14:00:49.0267 2936 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/16 14:00:49.0291 2936 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/16 14:00:49.0327 2936 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/06/16 14:00:49.0350 2936 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/06/16 14:00:49.0387 2936 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/16 14:00:49.0405 2936 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/16 14:00:49.0440 2936 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/16 14:00:49.0473 2936 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/16 14:00:49.0490 2936 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/06/16 14:00:49.0521 2936 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/06/16 14:00:49.0539 2936 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/06/16 14:00:49.0574 2936 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/06/16 14:00:49.0601 2936 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/06/16 14:00:49.0647 2936 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/06/16 14:00:49.0685 2936 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/06/16 14:00:49.0725 2936 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 14:00:49.0742 2936 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 14:00:49.0777 2936 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/06/16 14:00:49.0818 2936 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/16 14:00:49.0894 2936 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/06/16 14:00:49.0970 2936 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/16 14:00:50.0034 2936 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/16 14:00:50.0074 2936 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/16 14:00:50.0157 2936 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/06/16 14:00:50.0197 2936 MBR (0x1B8) (45d5aeaa31fcdcc6a130bbf88c915990) \Device\Harddisk0\DR0
2011/06/16 14:00:50.0993 2936 ================================================================================
2011/06/16 14:00:50.0993 2936 Scan finished
2011/06/16 14:00:50.0993 2936 ================================================================================
2011/06/16 14:00:51.0001 3508 Detected object count: 0
2011/06/16 14:00:51.0001 3508 Actual detected object count: 0
2011/06/16 14:01:24.0085 4588 ================================================================================
2011/06/16 14:01:24.0085 4588 Scan started
2011/06/16 14:01:24.0085 4588 Mode: Manual;
2011/06/16 14:01:24.0085 4588 ================================================================================
2011/06/16 14:01:24.0999 4588 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
2011/06/16 14:01:25.0140 4588 ADIHdAudAddService (59aa63b5dcc9b99c25acc1bc5e9e6816) C:\Windows\system32\drivers\ADIHdAud.sys
2011/06/16 14:01:25.0183 4588 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/06/16 14:01:25.0440 4588 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/06/16 14:01:25.0661 4588 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/06/16 14:01:25.0893 4588 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/06/16 14:01:26.0167 4588 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
2011/06/16 14:01:26.0200 4588 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/06/16 14:01:26.0445 4588 ahcix64 (8f4121eb79c000f53331ba836eafd3d6) C:\Windows\system32\drivers\ahcix64.sys
2011/06/16 14:01:26.0674 4588 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/06/16 14:01:26.0906 4588 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/06/16 14:01:27.0115 4588 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/06/16 14:01:27.0158 4588 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/06/16 14:01:27.0388 4588 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/06/16 14:01:27.0628 4588 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/06/16 14:01:27.0849 4588 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/16 14:01:28.0056 4588 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/06/16 14:01:28.0111 4588 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/16 14:01:28.0208 4588 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/06/16 14:01:28.0503 4588 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/16 14:01:28.0741 4588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/16 14:01:28.0945 4588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/06/16 14:01:29.0066 4588 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/06/16 14:01:29.0104 4588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/06/16 14:01:29.0135 4588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/16 14:01:29.0151 4588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/06/16 14:01:29.0218 4588 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/16 14:01:29.0451 4588 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/06/16 14:01:29.0682 4588 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/16 14:01:30.0008 4588 BTHPORT (422d812e231ec3a25f43a881061be5a0) C:\Windows\system32\Drivers\BTHport.sys
2011/06/16 14:01:30.0112 4588 BTHUSB (1c24adb844a910daa2e2732e83a8f3d4) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/16 14:01:30.0147 4588 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/16 14:01:30.0212 4588 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/16 14:01:30.0446 4588 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/16 14:01:30.0716 4588 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
2011/06/16 14:01:30.0817 4588 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/16 14:01:30.0845 4588 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/06/16 14:01:30.0862 4588 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/16 14:01:30.0955 4588 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/16 14:01:31.0019 4588 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
2011/06/16 14:01:31.0038 4588 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/06/16 14:01:31.0077 4588 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/06/16 14:01:31.0132 4588 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/16 14:01:31.0186 4588 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/06/16 14:01:31.0236 4588 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/06/16 14:01:31.0452 4588 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/06/16 14:01:31.0481 4588 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/06/16 14:01:31.0526 4588 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/06/16 14:01:31.0559 4588 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/06/16 14:01:31.0584 4588 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/16 14:01:31.0619 4588 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/06/16 14:01:31.0650 4588 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/06/16 14:01:31.0677 4588 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/16 14:01:31.0708 4588 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/06/16 14:01:31.0724 4588 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/16 14:01:31.0756 4588 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/16 14:01:31.0838 4588 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/06/16 14:01:31.0864 4588 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/16 14:01:31.0878 4588 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/06/16 14:01:31.0920 4588 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/16 14:01:31.0936 4588 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/16 14:01:31.0969 4588 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/06/16 14:01:32.0022 4588 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
2011/06/16 14:01:32.0074 4588 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/06/16 14:01:32.0106 4588 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/16 14:01:32.0192 4588 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\drivers\iastor.sys
2011/06/16 14:01:32.0237 4588 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/06/16 14:01:32.0266 4588 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/06/16 14:01:32.0312 4588 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/06/16 14:01:32.0339 4588 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/16 14:01:32.0370 4588 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/16 14:01:32.0412 4588 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/16 14:01:32.0437 4588 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/16 14:01:32.0462 4588 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/06/16 14:01:32.0490 4588 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/06/16 14:01:32.0518 4588 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/16 14:01:32.0548 4588 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/06/16 14:01:32.0567 4588 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/06/16 14:01:32.0597 4588 JGOGO (7ff7db8466da74da7ad64a55f31221f6) C:\Windows\system32\drivers\jgogo.sys
2011/06/16 14:01:32.0625 4588 JRAID (f8d19d891c60213fab6db93eef2da2a5) C:\Windows\system32\drivers\jraid.sys
2011/06/16 14:01:32.0657 4588 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/16 14:01:32.0671 4588 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/16 14:01:32.0712 4588 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/16 14:01:32.0728 4588 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/06/16 14:01:32.0767 4588 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/16 14:01:32.0803 4588 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/16 14:01:32.0826 4588 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/16 14:01:32.0853 4588 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/16 14:01:32.0870 4588 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/06/16 14:01:32.0896 4588 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/06/16 14:01:32.0929 4588 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/06/16 14:01:32.0966 4588 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/06/16 14:01:32.0997 4588 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/16 14:01:33.0016 4588 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/16 14:01:33.0042 4588 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/16 14:01:33.0056 4588 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/06/16 14:01:33.0091 4588 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/06/16 14:01:33.0127 4588 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/16 14:01:33.0160 4588 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/16 14:01:33.0180 4588 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/06/16 14:01:33.0239 4588 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/16 14:01:33.0296 4588 mrxsmb10 (c3c8ad9591db473690a743b69de829f4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/16 14:01:33.0317 4588 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/16 14:01:33.0349 4588 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/06/16 14:01:33.0376 4588 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/06/16 14:01:33.0416 4588 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/06/16 14:01:33.0434 4588 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/06/16 14:01:33.0464 4588 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/16 14:01:33.0490 4588 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/16 14:01:33.0508 4588 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/06/16 14:01:33.0544 4588 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/06/16 14:01:33.0561 4588 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/16 14:01:33.0576 4588 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/06/16 14:01:33.0608 4588 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/06/16 14:01:33.0623 4588 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/06/16 14:01:33.0645 4588 mv61xx (e884fd7fb31bc82041aab75be5c81eef) C:\Windows\system32\drivers\mv61xx.sys
2011/06/16 14:01:33.0676 4588 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/16 14:01:33.0707 4588 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
2011/06/16 14:01:33.0723 4588 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/16 14:01:33.0747 4588 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/16 14:01:33.0769 4588 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/16 14:01:33.0794 4588 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/06/16 14:01:33.0810 4588 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/16 14:01:33.0834 4588 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/16 14:01:33.0886 4588 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/06/16 14:01:33.0903 4588 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/06/16 14:01:33.0920 4588 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/16 14:01:33.0973 4588 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/06/16 14:01:33.0998 4588 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/06/16 14:01:34.0404 4588 nvlddmkm (aaf5559039e99d0cc22e25255f3dc06e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/16 14:01:34.0476 4588 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/06/16 14:01:34.0502 4588 nvrd64 (7ce4d9f3324e880720201b7cb779b644) C:\Windows\system32\drivers\nvrd64.sys
2011/06/16 14:01:34.0531 4588 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/06/16 14:01:34.0566 4588 nvstor64 (314dcf93e458d531146e1f5fa3e07f0c) C:\Windows\system32\drivers\nvstor64.sys
2011/06/16 14:01:34.0601 4588 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/06/16 14:01:34.0669 4588 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/16 14:01:34.0707 4588 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/06/16 14:01:34.0722 4588 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/06/16 14:01:34.0743 4588 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/06/16 14:01:34.0768 4588 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/06/16 14:01:34.0804 4588 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/06/16 14:01:34.0848 4588 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/06/16 14:01:34.0911 4588 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/16 14:01:34.0935 4588 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/06/16 14:01:34.0977 4588 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/16 14:01:35.0034 4588 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/06/16 14:01:35.0072 4588 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/06/16 14:01:35.0109 4588 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/16 14:01:35.0124 4588 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/16 14:01:35.0159 4588 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/16 14:01:35.0185 4588 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/16 14:01:35.0201 4588 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/16 14:01:35.0224 4588 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/16 14:01:35.0241 4588 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/16 14:01:35.0280 4588 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/06/16 14:01:35.0295 4588 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/16 14:01:35.0390 4588 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/06/16 14:01:36.0129 4588 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/16 14:01:36.0330 4588 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
2011/06/16 14:01:37.0122 4588 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/16 14:01:37.0181 4588 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/16 14:01:37.0281 4588 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
2011/06/16 14:01:37.0849 4588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/16 14:01:38.0115 4588 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/06/16 14:01:38.0151 4588 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/06/16 14:01:38.0203 4588 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/06/16 14:01:38.0806 4588 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/06/16 14:01:39.0131 4588 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/16 14:01:39.0157 4588 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/16 14:01:39.0201 4588 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/06/16 14:01:39.0356 4588 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/06/16 14:01:39.0945 4588 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/06/16 14:01:40.0070 4588 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/06/16 14:01:40.0111 4588 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/06/16 14:01:40.0189 4588 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
2011/06/16 14:01:40.0287 4588 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/16 14:01:40.0964 4588 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/16 14:01:41.0160 4588 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/16 14:01:41.0204 4588 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/06/16 14:01:41.0245 4588 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/06/16 14:01:41.0748 4588 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/06/16 14:01:42.0149 4588 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
2011/06/16 14:01:42.0212 4588 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/16 14:01:42.0700 4588 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/16 14:01:43.0144 4588 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/06/16 14:01:43.0184 4588 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/06/16 14:01:43.0361 4588 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/16 14:01:43.0584 4588 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/16 14:01:43.0852 4588 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/16 14:01:44.0078 4588 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/16 14:01:44.0141 4588 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/16 14:01:44.0211 4588 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/06/16 14:01:44.0251 4588 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/16 14:01:44.0365 4588 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/16 14:01:44.0452 4588 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/06/16 14:01:44.0478 4588 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/06/16 14:01:44.0723 4588 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/06/16 14:01:44.0987 4588 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/16 14:01:45.0117 4588 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/16 14:01:45.0154 4588 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/16 14:01:45.0219 4588 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/16 14:01:45.0244 4588 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/16 14:01:45.0404 4588 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/06/16 14:01:45.0586 4588 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/06/16 14:01:45.0811 4588 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/16 14:01:46.0016 4588 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/16 14:01:46.0117 4588 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/16 14:01:46.0208 4588 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/16 14:01:46.0226 4588 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/06/16 14:01:46.0422 4588 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/06/16 14:01:46.0590 4588 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/06/16 14:01:46.0803 4588 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/06/16 14:01:46.0986 4588 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/06/16 14:01:47.0115 4588 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/06/16 14:01:47.0211 4588 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/06/16 14:01:47.0318 4588 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 14:01:47.0365 4588 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 14:01:47.0561 4588 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/06/16 14:01:47.0836 4588 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/16 14:01:48.0115 4588 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/06/16 14:01:48.0204 4588 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/16 14:01:48.0409 4588 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/16 14:01:48.0592 4588 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/16 14:01:48.0805 4588 yukonx64 (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/06/16 14:01:48.0864 4588 MBR (0x1B8) (45d5aeaa31fcdcc6a130bbf88c915990) \Device\Harddisk0\DR0
2011/06/16 14:01:50.0617 4588 ================================================================================
2011/06/16 14:01:50.0617 4588 Scan finished
2011/06/16 14:01:50.0617 4588 ================================================================================
2011/06/16 14:01:50.0624 4080 Detected object count: 0
2011/06/16 14:01:50.0624 4080 Actual detected object count: 0
|
|
16.06.2011, 13:28
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 13:55
| #11 |
| | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Hier der Cofi Log: Code:
ATTFilter ComboFix 11-06-15.04 - Stefan 16.06.2011 14:42:41.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1031.18.6134.4729 [GMT 2:00]
Running from: c:\users\Stefan\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IMAGE.EXE.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-16 12:49 . 2011-06-16 12:49 -------- d-----w- c:\users\Stefan\AppData\Local\temp
2011-06-16 12:49 . 2011-06-16 12:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-16 12:37 . 2011-06-16 12:38 -------- d-----w- C:\32788R22FWJFW
2011-06-16 11:41 . 2011-06-16 11:41 -------- d-----w- C:\_OTL
2011-06-16 02:20 . 2011-06-16 02:20 -------- d-----w- c:\windows\system32\EventProviders
2011-06-15 20:44 . 2010-03-05 14:32 612864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-15 20:44 . 2010-03-05 14:01 420352 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-15 17:03 . 2009-03-08 11:40 115712 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2011-06-15 09:38 . 2011-06-15 09:38 -------- d-----w- c:\users\Stefan\AppData\Roaming\Malwarebytes
2011-06-15 09:38 . 2011-06-15 09:38 -------- d-----w- c:\programdata\Malwarebytes
2011-06-15 09:38 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-15 09:38 . 2011-06-15 09:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-15 09:38 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-15 09:02 . 2011-06-15 09:02 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 19:55 . 2010-12-20 15:39 563200 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-14 19:55 . 2010-12-20 16:06 847872 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-14 19:55 . 2011-04-29 13:12 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-14 19:55 . 2011-04-29 13:12 144896 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-14 19:55 . 2011-04-21 13:42 407552 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-14 19:55 . 2011-04-29 13:11 135168 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-14 19:55 . 2011-04-29 13:11 274432 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-14 19:55 . 2011-04-29 13:11 105984 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-14 19:54 . 2011-05-18 13:24 2760704 ----a-w- c:\windows\system32\win32k.sys
2011-06-14 19:54 . 2011-05-02 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-14 19:54 . 2011-05-02 12:00 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-06-14 19:54 . 2011-04-14 14:45 97792 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-14 19:54 . 2011-05-02 16:35 975360 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-14 19:54 . 2011-05-02 15:58 738816 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-14 19:49 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7B0FE96-0ACA-444A-826E-6CE315DA0AE4}\mpengine.dll
2011-06-14 14:53 . 2011-06-14 14:53 -------- d-----w- c:\programdata\WindowsSearch
2011-06-08 12:41 . 2011-06-08 12:41 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-06-08 12:41 . 2011-06-08 12:41 -------- d-----w- c:\users\Stefan\SystemRequirementsLab
2011-05-26 09:39 . 2011-05-26 09:39 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-05-26 09:39 . 2011-05-26 09:39 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-26 09:39 . 2011-05-26 09:39 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-26 09:39 . 2011-05-26 09:39 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-05-26 09:39 . 2011-05-26 09:39 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-26 09:39 . 2011-05-26 09:39 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-26 09:39 . 2011-05-26 09:39 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-26 09:39 . 2011-05-26 09:39 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-26 09:39 . 2011-05-26 09:39 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-26 09:39 . 2011-05-26 09:39 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-23 13:40 . 2011-05-28 12:05 -------- d-----w- c:\users\Stefan\AppData\Local\The Witcher
2011-05-18 13:32 . 2011-05-18 13:32 -------- d-----w- c:\users\Stefan\AppData\Local\The Witcher 2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-20 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-04-15 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-08 136176]
R3 GPU-Z;GPU-Z;c:\users\Stefan\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-08 136176]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [2008-08-17 217088]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-06-07 19952]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 ahcix64;ahcix64;c:\windows\system32\drivers\ahcix64.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 21741690
*NewlyCreated* - 38861317
*Deregistered* - 21741690
*Deregistered* - 38861317
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-08 16:44]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-08 16:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" [2008-09-02 3858432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\05ec9n1r.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2485175412-1538001803-1044005978-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:d5,79,03,6e,22,b3,54,a7,36,89,30,62,35,77,43,25,ae,9d,95,6a,1f,
46,44,51,e6,9e,86,9f,e6,b5,f4,d8,80,05,d2,9f,5c,7b,16,91,1f,df,0d,90,3c,00,\
"rkeysecu"=hex:f2,8e,d7,53,c5,ec,71,a3,be,85,55,28,d8,7a,f0,2e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
Completion time: 2011-06-16 14:50:43
ComboFix-quarantined-files.txt 2011-06-16 12:50
.
Pre-Run: 11 Verzeichnis(se), 258.052.395.008 Bytes frei
Post-Run: 17 Verzeichnis(se), 259.461.959.680 Bytes frei
.
- - End Of File - - 6114CAB5B981BCAAD7EEF88E2E748A8E
|
|
16.06.2011, 14:01
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 14:05
| #13 |
| | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. So....auch erledigt: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: alienware
System Product Name: Area-51 X58
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 139):
0x02403000 \SystemRoot\system32\ntoskrnl.exe
0x0291B000 \SystemRoot\system32\hal.dll
0x00601000 \SystemRoot\system32\kdcom.dll
0x0060B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00638000 \SystemRoot\system32\PSHED.dll
0x0064C000 \SystemRoot\system32\CLFS.SYS
0x006A9000 \SystemRoot\system32\CI.dll
0x00801000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008DB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008E9000 \SystemRoot\system32\drivers\acpi.sys
0x0093F000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00948000 \SystemRoot\system32\drivers\msisadrv.sys
0x00952000 \SystemRoot\system32\drivers\pci.sys
0x00982000 \SystemRoot\System32\drivers\partmgr.sys
0x00997000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0099B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009A7000 \SystemRoot\system32\drivers\volmgr.sys
0x0075B000 \SystemRoot\System32\drivers\volmgrx.sys
0x009BB000 \SystemRoot\system32\drivers\pciide.sys
0x009C2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x009D2000 \SystemRoot\System32\drivers\mountmgr.sys
0x007C1000 \SystemRoot\system32\drivers\nvraid.sys
0x00A0E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00A3A000 \SystemRoot\system32\drivers\atapi.sys
0x00A42000 \SystemRoot\system32\drivers\ataport.SYS
0x00A66000 \SystemRoot\system32\drivers\mv61xx.sys
0x00AAA000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x00AD8000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B1E000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B32000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C0A000 \SystemRoot\system32\drivers\ndis.sys
0x00E0F000 \SystemRoot\system32\drivers\msrpc.sys
0x00E5F000 \SystemRoot\system32\drivers\NETIO.SYS
0x01001000 \SystemRoot\System32\drivers\tcpip.sys
0x01175000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138F000 \SystemRoot\system32\drivers\volsnap.sys
0x013D3000 \SystemRoot\System32\Drivers\spldr.sys
0x013DB000 \SystemRoot\System32\Drivers\mup.sys
0x011A1000 \SystemRoot\System32\drivers\ecache.sys
0x011CD000 \SystemRoot\system32\drivers\disk.sys
0x013F4000 \SystemRoot\system32\drivers\crcdisk.sys
0x00EB7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00EC4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x00ECD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03A0D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x04737000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x00EE0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04739000 \SystemRoot\System32\drivers\watchdog.sys
0x04748000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04754000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0479A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x047AB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02808000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x0286D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02889000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x0289B000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x028AB000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x028B3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x028BC000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x028F4000 \SystemRoot\system32\DRIVERS\storport.sys
0x02951000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0295E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02981000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0298D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x029BE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x029CE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x047BE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x029EC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x047D6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x047E4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x029FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00FBF000 \SystemRoot\system32\DRIVERS\ks.sys
0x00DCD000 \SystemRoot\system32\DRIVERS\circlass.sys
0x047F0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x00DDE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00BB9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x009E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0500F000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x05087000 \SystemRoot\system32\drivers\portcls.sys
0x050C2000 \SystemRoot\system32\drivers\drmk.sys
0x050E5000 \SystemRoot\system32\drivers\ksthunk.sys
0x050EB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x050F5000 \SystemRoot\System32\Drivers\Null.SYS
0x05108000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05110000 \SystemRoot\System32\drivers\vga.sys
0x0511E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x05143000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0514C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x05155000 \SystemRoot\System32\Drivers\Msfs.SYS
0x05160000 \SystemRoot\System32\Drivers\Npfs.SYS
0x05171000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0517A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x05197000 \SystemRoot\system32\DRIVERS\smb.sys
0x05202000 \SystemRoot\system32\drivers\afd.sys
0x0526E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x052B2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x052D0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x052DF000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x052FA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x05348000 \SystemRoot\system32\drivers\nsiproxy.sys
0x05354000 \SystemRoot\System32\Drivers\dfsc.sys
0x05371000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0537A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0538C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0538E000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x053AA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x053B5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x053C3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x053CF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x053D7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x053F3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x051B2000 \SystemRoot\System32\drivers\Dxapi.sys
0x051BE000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x051D1000 \SystemRoot\system32\drivers\luafv.sys
0x011E1000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x08E09000 \SystemRoot\system32\drivers\spsys.sys
0x08EA3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x08EB7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x08EEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x08EF6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08F0E000 \SystemRoot\system32\drivers\HTTP.sys
0x08FAD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08FD6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x007E4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0980C000 \SystemRoot\system32\drivers\mrxdav.sys
0x09833000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0985C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x098A5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x098C4000 \SystemRoot\System32\DRIVERS\srv2.sys
0x098F6000 \SystemRoot\System32\DRIVERS\srv.sys
0x09C06000 \SystemRoot\system32\drivers\peauth.sys
0x09CBC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09CC7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09D16000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77B60000 \Windows\System32\ntdll.dll
Processes (total 55):
0 System Idle Process
4 System
412 C:\Windows\System32\smss.exe
480 csrss.exe
548 C:\Windows\System32\wininit.exe
568 csrss.exe
604 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
732 C:\Windows\System32\winlogon.exe
828 C:\Windows\System32\svchost.exe
908 C:\Windows\System32\nvvsvc.exe
936 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
224 C:\Windows\System32\svchost.exe
304 C:\Windows\System32\svchost.exe
332 C:\Windows\System32\svchost.exe
484 C:\Windows\System32\audiodg.exe
708 C:\Windows\System32\svchost.exe
356 C:\Windows\System32\SLsvc.exe
1060 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\nvvsvc.exe
1456 C:\Windows\System32\taskeng.exe
1580 C:\Windows\System32\spoolsv.exe
1604 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1672 C:\Windows\System32\svchost.exe
2028 C:\Windows\System32\AEADISRV.EXE
1204 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1228 C:\Windows\System32\svchost.exe
420 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
2188 C:\Windows\SysWOW64\PnkBstrA.exe
2200 C:\Windows\System32\svchost.exe
2220 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2264 C:\Windows\System32\svchost.exe
2324 C:\Windows\System32\svchost.exe
2348 C:\Windows\System32\SearchIndexer.exe
2988 C:\Windows\System32\taskeng.exe
3028 C:\Windows\System32\dwm.exe
2392 C:\Windows\explorer.exe
2784 C:\Program Files (x86)\Google\Update\1.3.21.57\GoogleCrashHandler.exe
2416 C:\Program Files\Windows Defender\MSASCui.exe
820 C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
3452 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
3492 C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
3500 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4260 C:\Program Files\Windows Media Player\wmpnetwk.exe
3484 C:\Windows\System32\conime.exe
4408 C:\Windows\System32\notepad.exe
3328 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3992 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2884 taskeng.exe
2076 C:\Windows\System32\SearchProtocolHost.exe
4368 C:\Windows\System32\SearchFilterHost.exe
3948 C:\Users\Stefan\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST31000340AS, Rev: SD1A
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BA97A626DA5AA998115DE7893C5D69FF4DD2EC6E
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
|
|
16.06.2011, 14:15
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten. Hast Du noch andere Betriebssysteme außer Vista installiert? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 64-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2011, 15:04
| #15 |
| | TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. Also das kann jetzt etwas dauern da ich keine Rohlinge mehr zuhause habe. Aber ich habe die Recovery CD vom hersteller welche Alienware Respawn heisst.... dies ist aber eine komplette Systemrecovery.... weiss nicht ob das als backup reicht oder brauche ich hier explizit die Vista Recovery? |
|
| Themen zu TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden. |
| anti-malware, browser, dateien, file, firefox, gen, google, java/dldr.scuds.a, java/fester.b.1, malwarebytes, microsoft, neue, programme, recycle.bin, software, tr/kazy.24828, trojan, trojan.agent, trojan.spyeyes, vista, vista 64 bit |
![TR/Kazy.24828 [trojan] in file 'C:\Recycle.Bin\Recycle.Bin.exe. gefunden.](iconimages/plagegeister-aller-art-deren-bekaempfung/tr-kazy-24828-trojan-file-c-recycle-recycle-exe-gefunden_ltr.gif)
Hybrid-Darstellung
