|
Log-Analyse und Auswertung: Desktop schwarz, kein Zugriff auf Dateien von FestplatteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.07.2011, 15:33 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, kein Zugriff auf Dateien von Festplatte Mach nochmal einen OTL-Fix, ein paar Elemente hab ich bei der Vielzahl übersehen, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL [2011/05/28 20:07:22 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\kock [2011/06/22 14:36:00 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Wuyco [2011/05/28 20:07:23 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\xmldm [2011/06/28 19:23:29 | 000,000,000 | -H-D | M] -- C:\Users\rai\AppData\Roaming\Ysymyp :Commands [purity] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
04.07.2011, 16:28 | #17 |
| Desktop schwarz, kein Zugriff auf Dateien von Festplatte Hier ist das Log:
__________________========== OTL ========== C:\Users\rai\AppData\Roaming\kock folder moved successfully. C:\Users\rai\AppData\Roaming\Wuyco folder moved successfully. C:\Users\rai\AppData\Roaming\xmldm folder moved successfully. C:\Users\rai\AppData\Roaming\Ysymyp folder moved successfully. ========== COMMANDS ========== C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.25.0 log created on 07042011_172534 |
04.07.2011, 19:34 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, kein Zugriff auf Dateien von Festplatte Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
04.07.2011, 19:56 | #19 |
| Desktop schwarz, kein Zugriff auf Dateien von Festplatte Ich habe diesen Tool ausgeführt. Hier ist der Report: 2011/07/04 20:49:50.0023 1872 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21 2011/07/04 20:49:50.0275 1872 ================================================================================ 2011/07/04 20:49:50.0275 1872 SystemInfo: 2011/07/04 20:49:50.0275 1872 2011/07/04 20:49:50.0275 1872 OS Version: 6.1.7600 ServicePack: 0.0 2011/07/04 20:49:50.0275 1872 Product type: Workstation 2011/07/04 20:49:50.0275 1872 ComputerName: RAI-PC 2011/07/04 20:49:50.0275 1872 UserName: rai 2011/07/04 20:49:50.0276 1872 Windows directory: C:\windows 2011/07/04 20:49:50.0276 1872 System windows directory: C:\windows 2011/07/04 20:49:50.0276 1872 Processor architecture: Intel x86 2011/07/04 20:49:50.0276 1872 Number of processors: 2 2011/07/04 20:49:50.0276 1872 Page size: 0x1000 2011/07/04 20:49:50.0276 1872 Boot type: Normal boot 2011/07/04 20:49:50.0276 1872 ================================================================================ 2011/07/04 20:49:50.0868 1872 Initialize success 2011/07/04 20:49:53.0244 2912 ================================================================================ 2011/07/04 20:49:53.0245 2912 Scan started 2011/07/04 20:49:53.0245 2912 Mode: Manual; 2011/07/04 20:49:53.0245 2912 ================================================================================ 2011/07/04 20:49:54.0368 2912 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys 2011/07/04 20:49:54.0457 2912 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys 2011/07/04 20:49:54.0520 2912 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys 2011/07/04 20:49:54.0593 2912 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys 2011/07/04 20:49:54.0655 2912 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys 2011/07/04 20:49:54.0686 2912 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys 2011/07/04 20:49:54.0814 2912 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys 2011/07/04 20:49:54.0856 2912 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys 2011/07/04 20:49:54.0929 2912 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys 2011/07/04 20:49:54.0978 2912 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys 2011/07/04 20:49:55.0013 2912 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys 2011/07/04 20:49:55.0058 2912 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys 2011/07/04 20:49:55.0129 2912 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys 2011/07/04 20:49:55.0179 2912 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys 2011/07/04 20:49:55.0234 2912 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys 2011/07/04 20:49:55.0277 2912 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys 2011/07/04 20:49:55.0334 2912 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys 2011/07/04 20:49:55.0441 2912 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys 2011/07/04 20:49:55.0512 2912 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys 2011/07/04 20:49:55.0544 2912 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys 2011/07/04 20:49:55.0597 2912 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys 2011/07/04 20:49:55.0641 2912 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys 2011/07/04 20:49:55.0718 2912 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys 2011/07/04 20:49:55.0791 2912 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys 2011/07/04 20:49:55.0846 2912 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys 2011/07/04 20:49:55.0930 2912 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys 2011/07/04 20:49:55.0992 2912 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys 2011/07/04 20:49:56.0047 2912 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys 2011/07/04 20:49:56.0097 2912 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys 2011/07/04 20:49:56.0152 2912 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys 2011/07/04 20:49:56.0184 2912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys 2011/07/04 20:49:56.0234 2912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys 2011/07/04 20:49:56.0272 2912 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys 2011/07/04 20:49:56.0301 2912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys 2011/07/04 20:49:56.0329 2912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys 2011/07/04 20:49:56.0355 2912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys 2011/07/04 20:49:56.0382 2912 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys 2011/07/04 20:49:56.0433 2912 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys 2011/07/04 20:49:56.0509 2912 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys 2011/07/04 20:49:56.0559 2912 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys 2011/07/04 20:49:56.0602 2912 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys 2011/07/04 20:49:56.0655 2912 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys 2011/07/04 20:49:56.0681 2912 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys 2011/07/04 20:49:56.0727 2912 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys 2011/07/04 20:49:56.0777 2912 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys 2011/07/04 20:49:56.0840 2912 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys 2011/07/04 20:49:56.0887 2912 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys 2011/07/04 20:49:56.0950 2912 CryptOSD (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys 2011/07/04 20:49:57.0024 2912 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys 2011/07/04 20:49:57.0064 2912 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys 2011/07/04 20:49:57.0103 2912 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys 2011/07/04 20:49:57.0168 2912 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys 2011/07/04 20:49:57.0222 2912 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys 2011/07/04 20:49:57.0355 2912 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys 2011/07/04 20:49:57.0538 2912 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys 2011/07/04 20:49:57.0584 2912 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys 2011/07/04 20:49:57.0645 2912 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys 2011/07/04 20:49:57.0688 2912 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys 2011/07/04 20:49:57.0733 2912 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys 2011/07/04 20:49:57.0862 2912 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys 2011/07/04 20:49:57.0891 2912 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys 2011/07/04 20:49:57.0917 2912 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys 2011/07/04 20:49:57.0958 2912 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys 2011/07/04 20:49:58.0030 2912 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys 2011/07/04 20:49:58.0102 2912 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys 2011/07/04 20:49:58.0158 2912 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\windows\system32\FsUsbExDisk.SYS 2011/07/04 20:49:58.0203 2912 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys 2011/07/04 20:49:58.0265 2912 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys 2011/07/04 20:49:58.0328 2912 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys 2011/07/04 20:49:58.0402 2912 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 2011/07/04 20:49:58.0443 2912 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys 2011/07/04 20:49:58.0496 2912 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys 2011/07/04 20:49:58.0550 2912 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys 2011/07/04 20:49:58.0589 2912 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys 2011/07/04 20:49:58.0619 2912 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys 2011/07/04 20:49:58.0684 2912 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys 2011/07/04 20:49:58.0731 2912 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys 2011/07/04 20:49:58.0772 2912 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys 2011/07/04 20:49:58.0825 2912 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\windows\system32\DRIVERS\HPZid412.sys 2011/07/04 20:49:58.0877 2912 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\windows\system32\DRIVERS\HPZipr12.sys 2011/07/04 20:49:58.0916 2912 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\windows\system32\DRIVERS\HPZius12.sys 2011/07/04 20:49:58.0972 2912 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys 2011/07/04 20:49:59.0005 2912 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys 2011/07/04 20:49:59.0047 2912 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys 2011/07/04 20:49:59.0119 2912 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\windows\system32\DRIVERS\iaStor.sys 2011/07/04 20:49:59.0189 2912 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys 2011/07/04 20:49:59.0426 2912 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\windows\system32\DRIVERS\igdkmd32.sys 2011/07/04 20:49:59.0703 2912 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys 2011/07/04 20:49:59.0847 2912 IntcAzAudAddService (3202e26501e5e18c35dc2cc74709a704) C:\windows\system32\drivers\RTKVHDA.sys 2011/07/04 20:50:00.0007 2912 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\windows\system32\drivers\IntcHdmi.sys 2011/07/04 20:50:00.0067 2912 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys 2011/07/04 20:50:00.0119 2912 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys 2011/07/04 20:50:00.0186 2912 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys 2011/07/04 20:50:00.0238 2912 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys 2011/07/04 20:50:00.0289 2912 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys 2011/07/04 20:50:00.0377 2912 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys 2011/07/04 20:50:00.0414 2912 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys 2011/07/04 20:50:00.0451 2912 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys 2011/07/04 20:50:00.0503 2912 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys 2011/07/04 20:50:00.0563 2912 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys 2011/07/04 20:50:00.0603 2912 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys 2011/07/04 20:50:00.0652 2912 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys 2011/07/04 20:50:00.0728 2912 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys 2011/07/04 20:50:00.0799 2912 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys 2011/07/04 20:50:00.0848 2912 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys 2011/07/04 20:50:00.0882 2912 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys 2011/07/04 20:50:00.0917 2912 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys 2011/07/04 20:50:00.0963 2912 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys 2011/07/04 20:50:01.0080 2912 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\windows\system32\drivers\mbamswissarmy.sys 2011/07/04 20:50:01.0159 2912 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys 2011/07/04 20:50:01.0207 2912 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys 2011/07/04 20:50:01.0250 2912 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys 2011/07/04 20:50:01.0297 2912 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys 2011/07/04 20:50:01.0352 2912 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys 2011/07/04 20:50:01.0398 2912 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys 2011/07/04 20:50:01.0429 2912 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys 2011/07/04 20:50:01.0448 2912 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys 2011/07/04 20:50:01.0499 2912 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys 2011/07/04 20:50:01.0544 2912 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys 2011/07/04 20:50:01.0606 2912 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys 2011/07/04 20:50:01.0653 2912 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\windows\system32\DRIVERS\mrxsmb10.sys 2011/07/04 20:50:01.0695 2912 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys 2011/07/04 20:50:01.0740 2912 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys 2011/07/04 20:50:01.0774 2912 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys 2011/07/04 20:50:01.0831 2912 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys 2011/07/04 20:50:01.0865 2912 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys 2011/07/04 20:50:01.0894 2912 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys 2011/07/04 20:50:01.0954 2912 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys 2011/07/04 20:50:01.0989 2912 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys 2011/07/04 20:50:02.0020 2912 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys 2011/07/04 20:50:02.0061 2912 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys 2011/07/04 20:50:02.0098 2912 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys 2011/07/04 20:50:02.0137 2912 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys 2011/07/04 20:50:02.0164 2912 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys 2011/07/04 20:50:02.0205 2912 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys 2011/07/04 20:50:02.0292 2912 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys 2011/07/04 20:50:02.0394 2912 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys 2011/07/04 20:50:02.0428 2912 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys 2011/07/04 20:50:02.0490 2912 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys 2011/07/04 20:50:02.0534 2912 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys 2011/07/04 20:50:02.0562 2912 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys 2011/07/04 20:50:02.0601 2912 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys 2011/07/04 20:50:02.0630 2912 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys 2011/07/04 20:50:02.0666 2912 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys 2011/07/04 20:50:02.0740 2912 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys 2011/07/04 20:50:02.0784 2912 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys 2011/07/04 20:50:02.0817 2912 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys 2011/07/04 20:50:02.0886 2912 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys 2011/07/04 20:50:02.0950 2912 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys 2011/07/04 20:50:02.0994 2912 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys 2011/07/04 20:50:03.0047 2912 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys 2011/07/04 20:50:03.0086 2912 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys 2011/07/04 20:50:03.0132 2912 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys 2011/07/04 20:50:03.0192 2912 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys 2011/07/04 20:50:03.0222 2912 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys 2011/07/04 20:50:03.0259 2912 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys 2011/07/04 20:50:03.0348 2912 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys 2011/07/04 20:50:03.0386 2912 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys 2011/07/04 20:50:03.0417 2912 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys 2011/07/04 20:50:03.0458 2912 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys 2011/07/04 20:50:03.0520 2912 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys 2011/07/04 20:50:03.0656 2912 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys 2011/07/04 20:50:03.0677 2912 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys 2011/07/04 20:50:03.0722 2912 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys 2011/07/04 20:50:03.0773 2912 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys 2011/07/04 20:50:03.0817 2912 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys 2011/07/04 20:50:03.0857 2912 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys 2011/07/04 20:50:03.0889 2912 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys 2011/07/04 20:50:03.0952 2912 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys 2011/07/04 20:50:03.0989 2912 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys 2011/07/04 20:50:04.0040 2912 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys 2011/07/04 20:50:04.0092 2912 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys 2011/07/04 20:50:04.0143 2912 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys 2011/07/04 20:50:04.0185 2912 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys 2011/07/04 20:50:04.0218 2912 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys 2011/07/04 20:50:04.0260 2912 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys 2011/07/04 20:50:04.0283 2912 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys 2011/07/04 20:50:04.0324 2912 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys 2011/07/04 20:50:04.0383 2912 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys 2011/07/04 20:50:04.0471 2912 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys 2011/07/04 20:50:04.0507 2912 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys 2011/07/04 20:50:04.0565 2912 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys 2011/07/04 20:50:04.0612 2912 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys 2011/07/04 20:50:04.0654 2912 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys 2011/07/04 20:50:04.0721 2912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys 2011/07/04 20:50:04.0792 2912 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys 2011/07/04 20:50:04.0844 2912 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys 2011/07/04 20:50:04.0888 2912 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys 2011/07/04 20:50:04.0953 2912 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys 2011/07/04 20:50:04.0990 2912 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys 2011/07/04 20:50:05.0009 2912 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys 2011/07/04 20:50:05.0042 2912 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys 2011/07/04 20:50:05.0084 2912 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys 2011/07/04 20:50:05.0141 2912 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys 2011/07/04 20:50:05.0174 2912 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys 2011/07/04 20:50:05.0209 2912 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys 2011/07/04 20:50:05.0266 2912 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys 2011/07/04 20:50:05.0353 2912 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys 2011/07/04 20:50:05.0409 2912 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys 2011/07/04 20:50:05.0449 2912 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys 2011/07/04 20:50:05.0499 2912 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\windows\system32\DRIVERS\sscdbus.sys 2011/07/04 20:50:05.0550 2912 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\windows\system32\DRIVERS\sscdmdfl.sys 2011/07/04 20:50:05.0574 2912 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\windows\system32\DRIVERS\sscdmdm.sys 2011/07/04 20:50:05.0634 2912 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys 2011/07/04 20:50:05.0678 2912 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\windows\system32\DRIVERS\ss_bbus.sys 2011/07/04 20:50:05.0713 2912 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\windows\system32\DRIVERS\ss_bmdfl.sys 2011/07/04 20:50:05.0752 2912 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\windows\system32\DRIVERS\ss_bmdm.sys 2011/07/04 20:50:05.0811 2912 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys 2011/07/04 20:50:05.0862 2912 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys 2011/07/04 20:50:05.0935 2912 SynTP (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys 2011/07/04 20:50:06.0038 2912 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\drivers\tcpip.sys 2011/07/04 20:50:06.0109 2912 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\DRIVERS\tcpip.sys 2011/07/04 20:50:06.0172 2912 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys 2011/07/04 20:50:06.0217 2912 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys 2011/07/04 20:50:06.0252 2912 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys 2011/07/04 20:50:06.0280 2912 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys 2011/07/04 20:50:06.0308 2912 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys 2011/07/04 20:50:06.0386 2912 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys 2011/07/04 20:50:06.0515 2912 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 2011/07/04 20:50:06.0564 2912 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys 2011/07/04 20:50:06.0604 2912 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys 2011/07/04 20:50:06.0662 2912 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys 2011/07/04 20:50:06.0721 2912 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys 2011/07/04 20:50:06.0764 2912 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys 2011/07/04 20:50:06.0802 2912 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys 2011/07/04 20:50:06.0876 2912 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\windows\system32\Drivers\usbaapl.sys 2011/07/04 20:50:06.0936 2912 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys 2011/07/04 20:50:06.0984 2912 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys 2011/07/04 20:50:07.0027 2912 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys 2011/07/04 20:50:07.0071 2912 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys 2011/07/04 20:50:07.0137 2912 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys 2011/07/04 20:50:07.0190 2912 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys 2011/07/04 20:50:07.0240 2912 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys 2011/07/04 20:50:07.0290 2912 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys 2011/07/04 20:50:07.0324 2912 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS 2011/07/04 20:50:07.0373 2912 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\DRIVERS\usbuhci.sys 2011/07/04 20:50:07.0452 2912 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys 2011/07/04 20:50:07.0572 2912 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys 2011/07/04 20:50:07.0611 2912 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys 2011/07/04 20:50:07.0646 2912 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys 2011/07/04 20:50:07.0680 2912 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys 2011/07/04 20:50:07.0714 2912 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys 2011/07/04 20:50:07.0739 2912 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys 2011/07/04 20:50:07.0762 2912 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys 2011/07/04 20:50:07.0802 2912 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys 2011/07/04 20:50:07.0836 2912 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys 2011/07/04 20:50:07.0864 2912 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys 2011/07/04 20:50:07.0916 2912 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys 2011/07/04 20:50:07.0962 2912 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys 2011/07/04 20:50:08.0006 2912 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys 2011/07/04 20:50:08.0051 2912 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys 2011/07/04 20:50:08.0098 2912 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 2011/07/04 20:50:08.0119 2912 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys 2011/07/04 20:50:08.0199 2912 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys 2011/07/04 20:50:08.0240 2912 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys 2011/07/04 20:50:08.0330 2912 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys 2011/07/04 20:50:08.0382 2912 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys 2011/07/04 20:50:08.0481 2912 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys 2011/07/04 20:50:08.0538 2912 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys 2011/07/04 20:50:08.0608 2912 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys 2011/07/04 20:50:08.0673 2912 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys 2011/07/04 20:50:08.0717 2912 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys 2011/07/04 20:50:08.0808 2912 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys 2011/07/04 20:50:08.0870 2912 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0 2011/07/04 20:50:09.0100 2912 Boot (0x1200) (637be9c1deaf06a8e9c2e5089d1fc835) \Device\Harddisk0\DR0\Partition0 2011/07/04 20:50:09.0129 2912 Boot (0x1200) (63f2e75680beb7f9a897a49a82b0b510) \Device\Harddisk0\DR0\Partition1 2011/07/04 20:50:09.0163 2912 Boot (0x1200) (1fe05ceacc35091abb6084baefc9ed97) \Device\Harddisk0\DR0\Partition2 2011/07/04 20:50:09.0170 2912 ================================================================================ 2011/07/04 20:50:09.0170 2912 Scan finished 2011/07/04 20:50:09.0170 2912 ================================================================================ 2011/07/04 20:50:09.0187 2100 Detected object count: 0 2011/07/04 20:50:09.0187 2100 Actual detected object count: 0 Ich kann zwar auf meine Dokumente zugreifen, allerdings sind sie transparent (also versteckt). Sollte ich dann das Programm unhide anwenden? |
04.07.2011, 20:04 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, kein Zugriff auf Dateien von Festplatte Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
04.07.2011, 20:57 | #21 |
| Desktop schwarz, kein Zugriff auf Dateien von Festplatte Ich habe nach Anweisung combofix benutzt und hier ist das Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-07-03.04 - rai 04.07.2011 21:23:28.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2009.1356 [GMT 2:00] ausgeführt von:: c:\users\rai\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\judhfkashfi c:\judhfkashfi\config.bin c:\programdata\FullRemove.exe c:\users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC} c:\users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}\chrome.manifest c:\users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}\chrome\content\_cfg.js c:\users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}\chrome\content\overlay.xul c:\users\rai\AppData\Local\{39A08BE0-F3F7-4366-B319-8CCAD7DB14CC}\install.rdf c:\users\rai\AppData\Local\{3D0C7973-41D2-464F-85E6-FF11CBDF5673} c:\users\rai\AppData\Local\{3D0C7973-41D2-464F-85E6-FF11CBDF5673}\chrome\content\overlay.xul c:\users\rai\AppData\Local\{3D0C7973-41D2-464F-85E6-FF11CBDF5673}\install.rdf c:\users\rai\AppData\Roaming\Adobe\plugs c:\users\rai\AppData\Roaming\Adobe\shed C:\Washer2.rar c:\washer2.rar\951A317ADAC0DC6 . . ((((((((((((((((((((((( Dateien erstellt von 2011-06-04 bis 2011-07-04 )))))))))))))))))))))))))))))) . . 2011-07-04 19:30 . 2011-07-04 19:31 -------- d-----w- c:\users\rai\AppData\Local\temp 2011-07-04 19:30 . 2011-07-04 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-04 12:54 . 2011-07-04 12:54 -------- d-----w- C:\_OTL 2011-07-04 09:51 . 2011-07-04 09:51 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-07-01 09:08 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17AB8BC6-7F8E-4508-82D3-5340FC5E79BA}\mpengine.dll 2011-06-29 09:15 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-29 09:15 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll 2011-06-29 09:15 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll 2011-06-29 09:15 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-06-29 09:15 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll 2011-06-29 09:15 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll 2011-06-29 09:15 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-06-29 09:15 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-06-29 09:15 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-06-29 09:15 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-06-28 15:31 . 2011-06-28 15:31 -------- d-----w- c:\users\rai\AppData\Roaming\Malwarebytes 2011-06-28 15:31 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-28 15:31 . 2011-06-28 15:31 -------- d-----w- c:\programdata\Malwarebytes 2011-06-28 15:31 . 2011-06-28 15:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-28 15:31 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-25 08:02 . 2011-06-25 08:02 0 ---ha-w- c:\users\rai\AppData\Local\BIT3727.tmp 2011-06-25 07:30 . 2011-06-25 07:30 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-25 07:30 . 2011-06-25 07:30 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 22:07 . 2006-02-26 07:10 176128 ----a-w- c:\windows\system32\libcurl.dll 2011-06-23 22:07 . 2006-02-26 05:53 200704 ----a-w- c:\windows\system32\ssleay32.dll 2011-06-23 22:07 . 2006-02-26 05:52 1064960 ----a-w- c:\windows\system32\libeay32.dll 2011-06-23 22:07 . 2006-02-26 04:46 73728 ----a-w- c:\windows\system32\zlib1.dll 2011-06-20 17:18 . 2011-06-20 17:18 172032 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nixut.exe 2011-06-20 09:45 . 2011-06-20 09:45 -------- d-----w- c:\windows\Sun 2011-06-15 12:22 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 12:22 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 12:22 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 12:22 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 12:22 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 12:22 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 12:20 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 12:20 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-15 10:00 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-15 09:59 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-15 09:59 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 09:59 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 09:59 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-09 20:02 . 2011-06-09 20:02 0 ---ha-w- c:\users\rai\AppData\Local\BIT88E2.tmp 2011-06-05 09:08 . 2011-06-05 09:08 0 ---ha-w- c:\users\rai\AppData\Local\BIT2F4A.tmp . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-28 18:07 . 2011-05-28 18:07 112 ---ha-w- c:\users\rai\AppData\Roaming\srvblck2.tmp 2011-05-24 17:14 . 2010-09-17 17:59 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-19 14:00 . 2011-05-19 14:00 724 ----a-w- c:\windows\wacam.TMP 2011-05-19 14:00 . 2011-05-19 14:00 1409 ----a-w- c:\windows\Fonts\SToccata.fot 2011-05-05 13:29 . 2011-05-05 13:29 0 ---ha-w- c:\users\rai\AppData\Local\BIT9B58.tmp 2011-04-22 19:36 . 2011-05-25 20:14 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-22 17:04 . 2010-09-12 12:46 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-04-09 06:13 . 2011-05-11 10:01 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 10:01 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-26 09:59 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-06-25 07:30 . 2011-05-11 15:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-09-17 102400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-21 8092192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472] "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216] "APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312] "fsi"="c:\program files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe" [2009-09-09 9728] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-10 281768] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . c:\users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ nixut.exe [2011-6-20 172032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-25 136360] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008] S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://de.ask.com/?l=dis&o=15421 IE: Free YouTube Download - c:\users\rai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: hotmail.com Trusted Zone: live.com Trusted Zone: msn.com Trusted Zone: passport.com TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{76aeea42-e04a-4b62-83ab-df4b2be2541e} - (no file) URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fe0af0a0] "imagepath"="\??\c:\windows\TEMP\272F.tmp" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-07-04 21:37:12 ComboFix-quarantined-files.txt 2011-07-04 19:37 . Vor Suchlauf: 6 Verzeichnis(se), 32.963.964.928 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 33.324.097.536 Bytes frei . - - End Of File - - EB82136E3B0D859B946CD9BE34C0A8EA |
04.07.2011, 21:10 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, kein Zugriff auf Dateien von Festplatte Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File:: c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nixut.exe c:\windows\system32\ConduitEngine.tmp c:\users\rai\AppData\Roaming\srvblck2.tmp c:\users\rai\AppData\Local\BIT9B58.tmp c:\users\rai\AppData\Local\BIT3727.tmp c:\windows\TEMP\272F.tmp Registry:: [-HKEY_LOCAL_MACHINE\system\ControlSet001\services\fe0af0a0] 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
05.07.2011, 17:08 | #23 |
| Desktop schwarz, kein Zugriff auf Dateien von Festplatte Ich habe versucht das so durchzuführen, wie oben beschrieben. Allerdings ist der Laptop dabei abgestürzt. Bevor ich es nochmals durchführe, wollte ich sichergehen, ob ich es nochmal machen sollte oder nicht. |
06.07.2011, 08:42 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, kein Zugriff auf Dateien von Festplatte Ja bitte nochmal probieren. Genau die Anleitung umsetzen.
__________________ Logfiles bitte immer in CODE-Tags posten |
06.07.2011, 11:09 | #25 |
| Desktop schwarz, kein Zugriff auf Dateien von Festplatte Dieses Mal hats geklappt. Hier ist die Log-Datei: Combofix Logfile: Code:
ATTFilter ComboFix 11-07-06.01 - rai 06.07.2011 11:56:31.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.2009.1251 [GMT 2:00] ausgeführt von:: c:\users\rai\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\rai\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nixut.exe" "c:\users\rai\AppData\Local\BIT3727.tmp" "c:\users\rai\AppData\Local\BIT9B58.tmp" "c:\users\rai\AppData\Roaming\srvblck2.tmp" "c:\windows\system32\ConduitEngine.tmp" "c:\windows\TEMP\272F.tmp" . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Vorheriger Suchlauf ------- . c:\users\rai\AppData\Local\BIT3727.tmp c:\users\rai\AppData\Local\BIT9B58.tmp c:\users\rai\AppData\Roaming\srvblck2.tmp c:\windows\system32\ConduitEngine.tmp . . ((((((((((((((((((((((( Dateien erstellt von 2011-06-06 bis 2011-07-06 )))))))))))))))))))))))))))))) . . 2011-07-06 10:03 . 2011-07-06 10:03 -------- d-----w- c:\users\rai\AppData\Local\temp 2011-07-06 10:03 . 2011-07-06 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-05 16:09 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0D1D95B-38DA-4997-9C67-34DA2AFF4E7E}\mpengine.dll 2011-07-04 12:54 . 2011-07-04 12:54 -------- d-----w- C:\_OTL 2011-06-29 09:15 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-06-29 09:15 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll 2011-06-29 09:15 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll 2011-06-29 09:15 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll 2011-06-29 09:15 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll 2011-06-29 09:15 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll 2011-06-29 09:15 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll 2011-06-29 09:15 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-06-29 09:15 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-06-29 09:15 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-06-28 15:31 . 2011-06-28 15:31 -------- d-----w- c:\users\rai\AppData\Roaming\Malwarebytes 2011-06-28 15:31 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-28 15:31 . 2011-06-28 15:31 -------- d-----w- c:\programdata\Malwarebytes 2011-06-28 15:31 . 2011-06-28 15:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-28 15:31 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-25 07:30 . 2011-06-25 07:30 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-25 07:30 . 2011-06-25 07:30 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-23 22:07 . 2006-02-26 07:10 176128 ----a-w- c:\windows\system32\libcurl.dll 2011-06-23 22:07 . 2006-02-26 05:53 200704 ----a-w- c:\windows\system32\ssleay32.dll 2011-06-23 22:07 . 2006-02-26 05:52 1064960 ----a-w- c:\windows\system32\libeay32.dll 2011-06-23 22:07 . 2006-02-26 04:46 73728 ----a-w- c:\windows\system32\zlib1.dll 2011-06-20 17:18 . 2011-06-20 17:18 172032 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\nixut.exe 2011-06-20 09:45 . 2011-06-20 09:45 -------- d-----w- c:\windows\Sun 2011-06-15 12:22 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-15 12:22 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-15 12:22 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-15 12:22 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-15 12:22 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-15 12:22 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-15 12:20 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-15 12:20 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-15 10:00 . 2011-04-29 05:08 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-06-15 09:59 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-15 09:59 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-15 09:59 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-15 09:59 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-09 20:02 . 2011-06-09 20:02 0 ----a-w- c:\users\rai\AppData\Local\BIT88E2.tmp . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-05 09:08 . 2011-06-05 09:08 0 ----a-w- c:\users\rai\AppData\Local\BIT2F4A.tmp 2011-05-24 17:14 . 2010-09-17 17:59 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-19 14:00 . 2011-05-19 14:00 724 ----a-w- c:\windows\wacam.TMP 2011-05-19 14:00 . 2011-05-19 14:00 1409 ----a-w- c:\windows\Fonts\SToccata.fot 2011-04-22 19:36 . 2011-05-25 20:14 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-04-22 17:04 . 2010-09-12 12:46 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-04-09 06:13 . 2011-05-11 10:01 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 10:01 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 05:56 . 2011-05-26 09:59 123904 ----a-w- c:\windows\system32\poqexec.exe 2011-06-25 07:30 . 2011-05-11 15:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-09-17 102400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-21 8092192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472] "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-07-21 210216] "APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-10-20 13312] "fsi"="c:\program files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe" [2009-09-09 9728] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-10 281768] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656] . c:\users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ nixut.exe [2011-6-20 172032] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112] R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976] R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-25 136360] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472] S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008] S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2011-02-10 10064] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392] . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://de.ask.com/?l=dis&o=15421 IE: Free YouTube Download - c:\users\rai\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: hotmail.com Trusted Zone: live.com Trusted Zone: msn.com Trusted Zone: passport.com TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\rai\AppData\Roaming\Mozilla\Firefox\Profiles\8bhp6291.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2011-07-06 12:05:26 ComboFix-quarantined-files.txt 2011-07-06 10:05 ComboFix2.txt 2011-07-04 19:37 . Vor Suchlauf: 11 Verzeichnis(se), 34.121.138.176 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 33.927.884.800 Bytes frei . - - End Of File - - ABC2FACE9761917BDE1E34D187A0EDEB |
06.07.2011, 12:30 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, kein Zugriff auf Dateien von Festplatte Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
06.07.2011, 18:53 | #27 |
| Desktop schwarz, kein Zugriff auf Dateien von Festplatte Hier ist zunächst das Log von GMER, die anderen werde ich noch durchführen und anschließend hier posten. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover Rootkit scan 2011-07-06 19:49:32 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 Running: wgbwy0yn.exe; Driver: C:\Users\rai\AppData\Local\Temp\uwldrpow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 830868A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830A62F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} PAGE spsys.sys!?SPRevision@@3PADA + 4F90 91369000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 91369123 629 Bytes [45, 36, 91, FE, 05, 34, 45, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 91369399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F 913693FF 51 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 53C3 91369433 96 Bytes [35, 91, 85, C9, 7C, 18, 8D, ...] PAGE ... ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe[3392] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [752E5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe[3392] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [752E5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe[3392] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [752E5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) IAT C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe[3392] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [752E5E25] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44842864-796E-4255-8ECB-B14C4A961331} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44842864-796E-4255-8ECB-B14C4A961331} Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44842864-796E-4255-8ECB-B14C4A961331}@Path \Microsoft\Windows Defender\MP Scheduled Scan Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44842864-796E-4255-8ECB-B14C4A961331}@Hash 0xE8 0x55 0xF8 0xB8 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44842864-796E-4255-8ECB-B14C4A961331}@Triggers 0x15 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44842864-796E-4255-8ECB-B14C4A961331}@DynamicInfo 0x03 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {44842864-796E-4255-8ECB-B14C4A961331} ---- EOF - GMER 1.0.15 ---- |
06.07.2011, 19:18 | #28 |
| Desktop schwarz, kein Zugriff auf Dateien von Festplatte Log von OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 20:16:36 on 06.07.2011 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 5.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\windows\system32\DivXControlPanelApplet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\rai\AppData\Local\Temp\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys "FsUsbExDisk" (FsUsbExDisk) - ? - C:\windows\system32\FsUsbExDisk.SYS (File found, but it contains no detailed information) "MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbamswissarmy.sys "PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\windows\System32\DRIVERS\pccsmcfd.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - ? - (File not found | COM-object registry key not found) {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\windows\System32\uxtuneup.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )----- "application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll "application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll "application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll "application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll "application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll "application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll "application/x-myriad-music" - "Myriad Software." - C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corporation" - C:\windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\rai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "APLangApp" - "DoctorSoft" - "C:\Program Files\AnyPC Client\APLangApp.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "fsi" - ? - C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PDVD8LanguageShortcut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" "RemoteControl8" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" "UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "UpdatePDRShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" "UpdatePPShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" "UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP 8911 Status Monitor" - "Hewlett-Packard Co." - C:\windows\system32\hpinksts8911LM.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\windows\System32\uxtuneup.dll "@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe "FsUsbExService" (FsUsbExService) - "Teruten" - C:\windows\system32\FsUsbExService.Exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index |
06.07.2011, 19:21 | #29 |
| Desktop schwarz, kein Zugriff auf Dateien von Festplatte MBRCheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD. BIOS Manufacturer: Phoenix Technologies Ltd. System Manufacturer: SAMSUNG ELECTRONICS CO., LTD. System Product Name: R530/R730 Logical Drives Mask: 0x0000001c Kernel Drivers (total 185): 0x8303B000 \SystemRoot\system32\ntoskrnl.exe 0x83004000 \SystemRoot\system32\halmacpi.dll 0x80BB3000 \SystemRoot\system32\kdcom.dll 0x89403000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8947B000 \SystemRoot\system32\PSHED.dll 0x8948C000 \SystemRoot\system32\BOOTVID.dll 0x89494000 \SystemRoot\system32\CLFS.SYS 0x894D6000 \SystemRoot\system32\CI.dll 0x89581000 \SystemRoot\system32\drivers\Wdf01000.sys 0x895F2000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x89600000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x89648000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x89651000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x89659000 \SystemRoot\system32\DRIVERS\pci.sys 0x89683000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8968E000 \SystemRoot\System32\drivers\partmgr.sys 0x8969F000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x896A7000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x896B2000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x896C2000 \SystemRoot\System32\drivers\volmgrx.sys 0x8970D000 \SystemRoot\System32\drivers\mountmgr.sys 0x89723000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8980A000 \SystemRoot\system32\DRIVERS\atapi.sys 0x89813000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x89836000 \SystemRoot\system32\DRIVERS\msahci.sys 0x89840000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8984E000 \SystemRoot\system32\drivers\amdxata.sys 0x89857000 \SystemRoot\system32\drivers\fltmgr.sys 0x8988B000 \SystemRoot\system32\drivers\fileinfo.sys 0x8989C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x899CB000 \SystemRoot\System32\Drivers\msrpc.sys 0x899F6000 \SystemRoot\System32\Drivers\ksecdd.sys 0x89A09000 \SystemRoot\System32\Drivers\cng.sys 0x89A66000 \SystemRoot\System32\drivers\pcw.sys 0x89A74000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x89A7D000 \SystemRoot\system32\drivers\ndis.sys 0x89B34000 \SystemRoot\system32\drivers\NETIO.SYS 0x89B72000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x89B97000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x89BD6000 \SystemRoot\System32\Drivers\spldr.sys 0x89C29000 \SystemRoot\System32\drivers\rdyboost.sys 0x89C56000 \SystemRoot\System32\Drivers\mup.sys 0x89C66000 \SystemRoot\System32\drivers\hwpolicy.sys 0x89C6E000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x89CA0000 \SystemRoot\system32\DRIVERS\disk.sys 0x89CB1000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x89DCE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x89DED000 \SystemRoot\System32\Drivers\Null.SYS 0x89DF4000 \SystemRoot\System32\Drivers\Beep.SYS 0x89DFB000 \SystemRoot\System32\drivers\vga.sys 0x89E07000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x89E28000 \SystemRoot\System32\drivers\watchdog.sys 0x89E35000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x89E3D000 \SystemRoot\system32\drivers\rdpencdd.sys 0x89E45000 \SystemRoot\system32\drivers\rdprefmp.sys 0x89E4D000 \SystemRoot\System32\Drivers\Msfs.SYS 0x89E58000 \SystemRoot\System32\Drivers\Npfs.SYS 0x89E66000 \SystemRoot\System32\drivers\tcpip.sys 0x89FAF000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x89FE0000 \SystemRoot\system32\DRIVERS\tdx.sys 0x89C00000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x9380C000 \SystemRoot\system32\drivers\afd.sys 0x93866000 \SystemRoot\System32\DRIVERS\netbt.sys 0x93898000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x9389F000 \SystemRoot\system32\DRIVERS\pacer.sys 0x938BE000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x938CF000 \SystemRoot\system32\DRIVERS\netbios.sys 0x938DD000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x938F0000 \SystemRoot\system32\DRIVERS\termdd.sys 0x93900000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x93906000 \??\C:\windows\system32\Drivers\SABI.sys 0x9390E000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x9394F000 \SystemRoot\system32\drivers\nsiproxy.sys 0x93959000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x93963000 \SystemRoot\System32\drivers\discache.sys 0x9396F000 \SystemRoot\System32\Drivers\dfsc.sys 0x93987000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x93995000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x939BB000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x93C2E000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x9454B000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x94602000 \SystemRoot\System32\drivers\dxgmms1.sys 0x9463B000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x94646000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x94691000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x946A0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x946BF000 \SystemRoot\system32\DRIVERS\athr.sys 0x947EE000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x939DC000 \SystemRoot\system32\DRIVERS\yk62x86.sys 0x947F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x93C00000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x93C18000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x93A2D000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x93C25000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x93A64000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x93C27000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x93A71000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x93A83000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x93A90000 \SystemRoot\system32\DRIVERS\CryptOSD.sys 0x93AEE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x93B00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x93B18000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x93B23000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x93B45000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x93B5D000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x93B74000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x947FC000 \SystemRoot\system32\DRIVERS\swenum.sys 0x93B8B000 \SystemRoot\system32\DRIVERS\ks.sys 0x93BBF000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9902F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x99073000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x99084000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x99331000 \SystemRoot\system32\drivers\portcls.sys 0x99360000 \SystemRoot\system32\drivers\drmk.sys 0x99379000 \SystemRoot\system32\drivers\IntcHdmi.sys 0x96C20000 \SystemRoot\System32\win32k.sys 0x9939C000 \SystemRoot\System32\drivers\Dxapi.sys 0x993A6000 \SystemRoot\System32\Drivers\crashdmp.sys 0x89CD6000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x993B3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x993C4000 \SystemRoot\system32\DRIVERS\monitor.sys 0x993CF000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x99000000 \SystemRoot\System32\Drivers\usbvideo.sys 0x96E80000 \SystemRoot\System32\TSDDD.dll 0x96EB0000 \SystemRoot\System32\cdd.dll 0x93BCD000 \SystemRoot\system32\drivers\luafv.sys 0x993E6000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x89DB0000 \SystemRoot\system32\drivers\WudfPf.sys 0x93BE8000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x97037000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9707D000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9708D000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x970A0000 \SystemRoot\system32\drivers\HTTP.sys 0x97125000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9713E000 \SystemRoot\System32\drivers\mpsdrv.sys 0x97150000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x97173000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x971AE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x971E1000 \SystemRoot\system32\drivers\peauth.sys 0x97278000 \SystemRoot\System32\Drivers\secdrv.SYS 0x97282000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x972A3000 \SystemRoot\System32\drivers\tcpipreg.sys 0x972B0000 \SystemRoot\System32\DRIVERS\srv2.sys 0x972FF000 \SystemRoot\System32\DRIVERS\srv.sys 0x97351000 \??\C:\windows\system32\FsUsbExDisk.SYS 0x9735A000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 0x76F60000 \Windows\System32\ntdll.dll 0x47940000 \Windows\System32\smss.exe 0x771A0000 \Windows\System32\apisetschema.dll 0x00970000 \Windows\System32\autochk.exe 0x770E0000 \Windows\System32\rpcrt4.dll 0x76EB0000 \Windows\System32\msvcrt.dll 0x76E20000 \Windows\System32\oleaut32.dll 0x770C0000 \Windows\System32\sechost.dll 0x76DC0000 \Windows\System32\difxapi.dll 0x76C20000 \Windows\System32\setupapi.dll 0x76BA0000 \Windows\System32\comdlg32.dll 0x76B00000 \Windows\System32\advapi32.dll 0x76A30000 \Windows\System32\user32.dll 0x769E0000 \Windows\System32\Wldap32.dll 0x769A0000 \Windows\System32\ws2_32.dll 0x76860000 \Windows\System32\urlmon.dll 0x770B0000 \Windows\System32\psapi.dll 0x75C10000 \Windows\System32\shell32.dll 0x75B40000 \Windows\System32\msctf.dll 0x770A0000 \Windows\System32\lpk.dll 0x75B20000 \Windows\System32\imm32.dll 0x75B10000 \Windows\System32\normaliz.dll 0x75AE0000 \Windows\System32\imagehlp.dll 0x75A40000 \Windows\System32\usp10.dll 0x759F0000 \Windows\System32\gdi32.dll 0x759E0000 \Windows\System32\nsi.dll 0x75980000 \Windows\System32\shlwapi.dll 0x758F0000 \Windows\System32\clbcatq.dll 0x757F0000 \Windows\System32\wininet.dll 0x75710000 \Windows\System32\kernel32.dll 0x75510000 \Windows\System32\iertutil.dll 0x753B0000 \Windows\System32\ole32.dll 0x75320000 \Windows\System32\comctl32.dll 0x752F0000 \Windows\System32\wintrust.dll 0x752D0000 \Windows\System32\devobj.dll 0x751B0000 \Windows\System32\crypt32.dll 0x75180000 \Windows\System32\cfgmgr32.dll 0x75130000 \Windows\System32\KernelBase.dll 0x75120000 \Windows\System32\msasn1.dll Processes (total 65): 0 System Idle Process 4 SYSTEM 300 C:\Windows\System32\smss.exe 428 csrss.exe 484 C:\Windows\System32\wininit.exe 492 csrss.exe 540 C:\Windows\System32\services.exe 556 C:\Windows\System32\lsass.exe 564 C:\Windows\System32\lsm.exe 592 C:\Windows\System32\winlogon.exe 712 C:\Windows\System32\svchost.exe 808 C:\Windows\System32\svchost.exe 872 C:\Windows\System32\svchost.exe 936 C:\Windows\System32\svchost.exe 984 C:\Windows\System32\svchost.exe 1048 C:\Windows\System32\audiodg.exe 1112 C:\Windows\System32\svchost.exe 1328 C:\Windows\System32\svchost.exe 1516 C:\Windows\System32\spoolsv.exe 1560 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1580 C:\Windows\System32\svchost.exe 1748 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1776 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1828 C:\Windows\System32\FsUsbExService.Exe 1872 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1896 C:\Windows\System32\conhost.exe 1948 C:\Program Files\CyberLink\Shared files\RichVideo.exe 1988 C:\Windows\System32\svchost.exe 2028 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe 456 C:\Windows\System32\svchost.exe 824 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2168 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 2320 C:\Windows\System32\SearchIndexer.exe 2752 C:\Windows\System32\taskhost.exe 2804 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe 2812 C:\Windows\System32\taskeng.exe 2864 C:\Windows\System32\dwm.exe 2960 C:\Windows\explorer.exe 2980 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe 3036 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe 3044 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe 3140 C:\Windows\System32\igfxext.exe 3168 C:\Windows\System32\igfxsrvc.exe 3328 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3344 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3424 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe 3504 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe 3596 C:\Program Files\AnyPC Client\APLangApp.exe 3680 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3688 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 3796 C:\Windows\System32\hkcmd.exe 3912 C:\Windows\System32\igfxpers.exe 2564 C:\Windows\System32\svchost.exe 2888 C:\Windows\System32\svchost.exe 3484 C:\Program Files\Windows Media Player\wmpnetwk.exe 3160 C:\Program Files\Nero\Update\NASvc.exe 1908 C:\Windows\System32\wuauclt.exe 1716 C:\Windows\System32\svchost.exe 4180 C:\PROGRA~1\Samsung\SAMSUN~2\SUPNOT~1.EXE 4160 C:\Windows\System32\SearchProtocolHost.exe 3316 C:\Windows\System32\SearchFilterHost.exe 932 dllhost.exe 2108 dllhost.exe 4380 C:\Users\rai\Desktop\MBRCheck.exe 2832 C:\Windows\System32\conhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000016`d4a00000 (NTFS) PhysicalDrive0 Model Number: SAMSUNGHM250HI, Rev: 2AC101C4 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: |
06.07.2011, 20:32 | #30 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Desktop schwarz, kein Zugriff auf Dateien von FestplatteZitat:
Hast Du noch andere Betriebssysteme außer Win7 (32-Bit) installiert? Wenn nicht: Schau mal hier => RescueDisc-Win7-32-Bit Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten) Falls Du eine normale Win7-Installations-DVD (32-Bit) hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der dieser DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Desktop schwarz, kein Zugriff auf Dateien von Festplatte |
adware.funweb, backdoor.bot, dateien nicht sichtbar, desktop schwarz, jar_cache, kein zugriff, malware.trace, recycle.bin, rootkit.tdss, spyware.passwords.xgen, trojan.agent, trojan.agent.ge, trojan.agent.gen, trojan.agent.sz, trojan.agent.u, trojan.banker, trojan.downloader, trojan.dropper, trojan.fakealert, trojan.fakeav, trojan.hiloti.gen, trojan.spyeyes, trojan.wertrans, trojan.zbotr.gen |