| |
| |||||||
Log-Analyse und Auswertung: http://www.searchqu.com/406Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.12.2011, 12:34
| #1 | |||
 |  http://www.searchqu.com/406 Hallo liebe Helfer, ich habe ein Problem mit hxxp://www.searchqu.com/406. Diese Toolbar schiebt sich immer vor meine Startseite (ich benutze Internetexplorer). In dem Forum habe ich gelesen, dass dieses Problem bereits bei anderen Personen auftrat, dass jedoch jeder eine eigene Herangehensweise benötigt, daher also mein eigener thread. Folgende Schritte habe ich bereits unternommen: Scans mit - Antivir (hat nichts ergeben) - Malwarebytes (hat nichts ergeben) - ESET online scanner (hat die Toolbar zweimal als Virus erkannt) (Leider weiß ich nicht wo ich die Logfiles von ESET finden kann..) Ich würde mich sehr freuen, wenn mir jemand helfen kann und bedanke mich schonmal an dieser Stelle! Marie Hier nun die Logfiles: OTL.txt / Extras.txt / Gmer.txt Zitat:
Zitat:
Zitat:
|
|
04.01.2012, 20:11
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | http://www.searchqu.com/406Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
05.01.2012, 13:56
| #3 |
| | http://www.searchqu.com/406 Vielen Dank fuer die Antwort!!
__________________Ich habe einen Vollscan mit Malwarebytes durchgeführt, hier die neueste Logdatei: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.05.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 r2d2 :: R2D2-PC [Administrator] 05.01.2012 10:02:40 mbam-log-2012-01-05 (10-02-40).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 259391 Laufzeit: 1 Stunde(n), 56 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) und zwei weitere (ältere) Logdateien: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.28.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 r2d2 :: R2D2-PC [Administrator] 28.12.2011 16:35:35 mbam-log-2011-12-28 (16-35-35).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 257879 Laufzeit: 1 Stunde(n), 13 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8373
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
15.12.2011 01:21:56
mbam-log-2011-12-15 (01-21-55).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 50225
Laufzeit: 9 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9bd535041426c447911b66374135d0c1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-05 12:44:32
# local_time=2012-01-05 01:44:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 7060651 7060651 0 0
# compatibility_mode=5893 16776574 100 94 671197 77393045 0 0
# compatibility_mode=8192 67108863 100 0 671677 671677 0 0
# scanned=107130
# found=0
# cleaned=0
# scan_time=5618
Vielen Dank!! Marie |
|
05.01.2012, 15:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.searchqu.com/406 Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.01.2012, 00:05
| #5 |
| | http://www.searchqu.com/406 hier der Inhalt aus OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2012 23:47:25 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\r2d2\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 65,58% Memory free 3,75 Gb Paging File | 2,73 Gb Available in Paging File | 72,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,18 Gb Total Space | 6,55 Gb Free Space | 19,16% Space Free | Partition Type: NTFS Drive D: | 114,87 Gb Total Space | 39,72 Gb Free Space | 34,58% Space Free | Partition Type: NTFS Computer Name: R2D2-PC | User Name: r2d2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\r2d2\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc) DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 73 C9 1E 39 AE CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011.04.27 21:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\r2d2\AppData\Roaming\mozilla\Extensions [2011.05.25 17:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\r2d2\AppData\Roaming\mozilla\Firefox\Profiles\caajkjnv.default\extensions [2011.05.25 17:07:40 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\r2d2\AppData\Roaming\mozilla\Firefox\Profiles\caajkjnv.default\extensions\toolbar@web.de [2011.04.27 21:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\r2d2\AppData\Roaming\mozilla\Firefox\Profiles\z7c24n61.default\extensions O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Ecosia Class) - {7E783154-F54B-4af6-8C01-0A3E744B5DC8} - C:\Programme\Ecosia\ecosia.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Device Doctor Toolbar) - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Device Doctor Toolbar) - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ecosia Search) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Programme\Ecosia\ecosia.dll () O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Device Doctor Toolbar) - {BB6D9528-45F5-4C75-91C9-93290710EC4C} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [EPSON Stylus DX4000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found O4 - Startup: C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137F667C-F7D2-4666-A9CB-99049F78250D}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\Shell - "" = AutoRun O33 - MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.30 11:41:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\r2d2\Desktop\OTL.exe [2011.12.28 18:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.20 15:29:39 | 000,000,000 | ---D | C] -- C:\Users\r2d2\Desktop\Neuer Ordner (6) [2011.12.19 14:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb [2011.12.19 14:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\1und1Softwareaktualisierung [2011.12.19 14:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE Toolbar [2011.12.15 01:11:17 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Roaming\Malwarebytes [2011.12.15 01:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.15 01:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.15 01:11:05 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.15 01:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.14 14:59:23 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Local\Ilivid Player [2011.12.14 14:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid [2011.12.14 14:58:01 | 000,000,000 | ---D | C] -- C:\Users\r2d2\AppData\Local\PackageAware [2007.01.28 02:08:40 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.05 23:45:16 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 23:45:16 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.05 23:40:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.05 23:39:57 | 1509,101,568 | -HS- | M] () -- C:\hiberfil.sys [2011.12.30 11:55:25 | 000,302,592 | ---- | M] () -- C:\Users\r2d2\Desktop\kh9mwn0g.exe [2011.12.30 11:41:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\r2d2\Desktop\OTL.exe [2011.12.30 11:38:53 | 000,050,477 | ---- | M] () -- C:\Users\r2d2\Desktop\Defogger.exe [2011.12.30 11:35:02 | 000,000,000 | ---- | M] () -- C:\Users\r2d2\defogger_reenable [2011.12.20 15:29:44 | 000,272,352 | ---- | M] () -- C:\Users\r2d2\Desktop\001.jpg [2011.12.18 01:16:35 | 000,418,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.13 11:28:19 | 000,748,454 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.13 11:28:19 | 000,710,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.13 11:28:19 | 000,165,922 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.13 11:28:19 | 000,142,304 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.13 11:24:25 | 000,437,332 | ---- | M] () -- C:\Users\r2d2\Desktop\RLONZG.pdf [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.09 00:00:09 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.08 16:58:56 | 000,000,993 | ---- | M] () -- C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.30 11:55:25 | 000,302,592 | ---- | C] () -- C:\Users\r2d2\Desktop\kh9mwn0g.exe [2011.12.30 11:38:53 | 000,050,477 | ---- | C] () -- C:\Users\r2d2\Desktop\Defogger.exe [2011.12.30 11:35:02 | 000,000,000 | ---- | C] () -- C:\Users\r2d2\defogger_reenable [2011.12.20 15:29:44 | 000,272,352 | ---- | C] () -- C:\Users\r2d2\Desktop\001.jpg [2011.12.13 11:24:25 | 000,437,332 | ---- | C] () -- C:\Users\r2d2\Desktop\RLONZG.pdf [2011.07.04 13:46:47 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.07.04 13:43:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.05 13:39:03 | 000,994,622 | ---- | C] () -- C:\Users\r2d2\AppData\Local\Inspiration.chm [2010.11.08 22:39:28 | 000,000,008 | ---- | C] () -- C:\Windows\wilex.ini [2010.08.22 22:31:22 | 000,003,584 | ---- | C] () -- C:\Users\r2d2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.08 19:49:10 | 000,008,704 | ---- | C] () -- C:\Windows\System32\CNMVS79.DLL [2010.06.29 23:39:12 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.04.21 18:24:51 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI [2010.04.07 16:24:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.07.14 09:47:43 | 000,748,454 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,165,922 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,418,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,710,296 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,142,304 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1998.10.10 23:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll ========== LOP Check ========== [2010.10.19 11:12:30 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\across [2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\DeviceDoctorSoftware [2012.01.05 23:41:01 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Dropbox [2011.05.22 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Inspiration Software [2011.11.30 23:36:27 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.10.19 11:12:30 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\across [2011.08.30 14:20:10 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Adobe [2011.12.04 13:16:21 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Apple Computer [2010.04.06 16:02:14 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Avant Profiles [2011.10.15 18:54:28 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Avira [2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\DeviceDoctorSoftware [2012.01.05 23:41:01 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Dropbox [2010.04.06 23:22:21 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Google [2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\hpqLog [2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Identities [2011.05.22 13:20:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Inspiration Software [2010.04.06 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Macromedia [2011.12.15 01:11:17 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Malwarebytes [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Media Center Programs [2011.07.18 14:42:28 | 000,000,000 | --SD | M] -- C:\Users\r2d2\AppData\Roaming\Microsoft [2011.04.27 21:00:13 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Mozilla [2010.05.10 20:55:06 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Nero [2011.11.17 23:00:36 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\Skype [2011.11.17 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\r2d2\AppData\Roaming\skypePM < %APPDATA%\*.exe /s > [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.12.05 20:18:12 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: NVSTOR32.SYS > [2009.08.04 16:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sataraid\nvstor32.sys [2009.08.04 16:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sataraid\nvstor32.sys [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sata_ide\nvstor32.sys [2009.08.04 16:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sata_ide\nvstor32.sys < MD5 for: SCECLI.DLL > [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > < End of report > [/code] und weiterhin vielen Dank!! |
|
06.01.2012, 13:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.searchqu.com/406 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\URLSearchHook: {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 73 C9 1E 39 AE CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ecosia Class) - {7E783154-F54B-4af6-8C01-0A3E744B5DC8} - C:\Programme\Ecosia\ecosia.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Device Doctor Toolbar) - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Device Doctor Toolbar) - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ecosia Search) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Programme\Ecosia\ecosia.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Device Doctor Toolbar) - {BB6D9528-45F5-4C75-91C9-93290710EC4C} - C:\Programme\Device_Doctor\tbDev2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\Shell - "" = AutoRun
O33 - MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
:Files
C:\Programme\ConduitEngine
C:\Programme\Ask*
C:\Programme\Ecosia
C:\Program Files\WEB.DE Toolbar
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> http://www.searchqu.com/406 |
|
06.01.2012, 19:00
| #7 |
| | http://www.searchqu.com/406 hier das gewünschte Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bb6d9528-45f5-4c75-91c9-93290710ec4c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb6d9528-45f5-4c75-91c9-93290710ec4c}\ deleted successfully.
C:\Programme\Device_Doctor\tbDev2.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bb6d9528-45f5-4c75-91c9-93290710ec4c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb6d9528-45f5-4c75-91c9-93290710ec4c}\ not found.
File C:\Programme\Device_Doctor\tbDev2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E783154-F54B-4af6-8C01-0A3E744B5DC8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E783154-F54B-4af6-8C01-0A3E744B5DC8}\ deleted successfully.
C:\Programme\Ecosia\ecosia.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb6d9528-45f5-4c75-91c9-93290710ec4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb6d9528-45f5-4c75-91c9-93290710ec4c}\ not found.
File C:\Programme\Device_Doctor\tbDev2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ deleted successfully.
File WebPrint\Toolband.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bb6d9528-45f5-4c75-91c9-93290710ec4c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb6d9528-45f5-4c75-91c9-93290710ec4c}\ not found.
File C:\Programme\Device_Doctor\tbDev2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493}\ deleted successfully.
File C:\Programme\Ecosia\ecosia.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BB6D9528-45F5-4C75-91C9-93290710EC4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB6D9528-45F5-4C75-91C9-93290710EC4C}\ not found.
File C:\Programme\Device_Doctor\tbDev2.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85dcc1a1-5dc2-11df-a7e3-001b247c126f}\ not found.
File F:\LaunchU3.exe -a not found.
========== FILES ==========
File\Folder C:\Programme\ConduitEngine not found.
File\Folder C:\Programme\Ask* not found.
File\Folder C:\Programme\Ecosia not found.
C:\Program Files\WEB.DE Toolbar\IE\Resources folder moved successfully.
C:\Program Files\WEB.DE Toolbar\IE folder moved successfully.
C:\Program Files\WEB.DE Toolbar folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
User: r2d2
->Temp folder emptied: 102093239 bytes
->Temporary Internet Files folder emptied: 1435362308 bytes
->FireFox cache emptied: 19090418 bytes
->Flash cache emptied: 123682 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66393981 bytes
RecycleBin emptied: 634669 bytes
Total Files Cleaned = 1.549,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01062012_184641
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Immernoch herzlichen Dank natürlich |
|
06.01.2012, 19:41
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.searchqu.com/406 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 20:17
| #9 |
| | http://www.searchqu.com/406 hier nun das Logfile von TDSS-Killer: Code:
ATTFilter 20:10:55.0800 1868 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:10:55.0956 1868 ============================================================
20:10:55.0956 1868 Current date / time: 2012/01/06 20:10:55.0956
20:10:55.0956 1868 SystemInfo:
20:10:55.0956 1868
20:10:55.0956 1868 OS Version: 6.1.7601 ServicePack: 1.0
20:10:55.0956 1868 Product type: Workstation
20:10:55.0956 1868 ComputerName: R2D2-PC
20:10:55.0956 1868 UserName: r2d2
20:10:55.0956 1868 Windows directory: C:\Windows
20:10:55.0956 1868 System windows directory: C:\Windows
20:10:55.0956 1868 Processor architecture: Intel x86
20:10:55.0956 1868 Number of processors: 2
20:10:55.0956 1868 Page size: 0x1000
20:10:55.0956 1868 Boot type: Normal boot
20:10:55.0956 1868 ============================================================
20:10:57.0377 1868 Initialize success
20:11:40.0495 3108 ============================================================
20:11:40.0495 3108 Scan started
20:11:40.0495 3108 Mode: Manual; SigCheck; TDLFS;
20:11:40.0495 3108 ============================================================
20:11:41.0462 3108 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:11:41.0556 3108 1394ohci - ok
20:11:41.0618 3108 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:11:41.0649 3108 ACPI - ok
20:11:41.0759 3108 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:11:41.0852 3108 AcpiPmi - ok
20:11:41.0915 3108 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:11:41.0961 3108 adp94xx - ok
20:11:42.0055 3108 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:11:42.0086 3108 adpahci - ok
20:11:42.0117 3108 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:11:42.0133 3108 adpu320 - ok
20:11:42.0211 3108 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:11:42.0273 3108 AFD - ok
20:11:42.0383 3108 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:11:42.0429 3108 agp440 - ok
20:11:42.0461 3108 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:11:42.0492 3108 aic78xx - ok
20:11:42.0539 3108 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:11:42.0554 3108 aliide - ok
20:11:42.0648 3108 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:11:42.0663 3108 amdagp - ok
20:11:42.0695 3108 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:11:42.0710 3108 amdide - ok
20:11:42.0757 3108 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:11:42.0804 3108 AmdK8 - ok
20:11:42.0929 3108 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:11:42.0991 3108 AmdPPM - ok
20:11:43.0038 3108 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:11:43.0069 3108 amdsata - ok
20:11:43.0116 3108 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:11:43.0147 3108 amdsbs - ok
20:11:43.0225 3108 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:11:43.0241 3108 amdxata - ok
20:11:43.0350 3108 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:11:43.0506 3108 AppID - ok
20:11:43.0677 3108 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:11:43.0693 3108 arc - ok
20:11:43.0740 3108 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:11:43.0755 3108 arcsas - ok
20:11:43.0818 3108 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:43.0927 3108 AsyncMac - ok
20:11:44.0036 3108 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:11:44.0067 3108 atapi - ok
20:11:44.0145 3108 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
20:11:44.0208 3108 avgntflt - ok
20:11:44.0317 3108 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
20:11:44.0348 3108 avipbb - ok
20:11:44.0411 3108 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
20:11:44.0457 3108 avkmgr - ok
20:11:44.0520 3108 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:11:44.0598 3108 b06bdrv - ok
20:11:44.0691 3108 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:11:44.0723 3108 b57nd60x - ok
20:11:44.0801 3108 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:11:44.0863 3108 BCM43XX - ok
20:11:45.0050 3108 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:11:45.0097 3108 Beep - ok
20:11:45.0144 3108 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:11:45.0159 3108 blbdrive - ok
20:11:45.0284 3108 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:11:45.0331 3108 bowser - ok
20:11:45.0362 3108 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:11:45.0393 3108 BrFiltLo - ok
20:11:45.0425 3108 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:11:45.0456 3108 BrFiltUp - ok
20:11:45.0581 3108 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:11:45.0674 3108 Brserid - ok
20:11:45.0705 3108 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:11:45.0737 3108 BrSerWdm - ok
20:11:45.0830 3108 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:11:45.0861 3108 BrUsbMdm - ok
20:11:45.0893 3108 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:11:45.0924 3108 BrUsbSer - ok
20:11:45.0971 3108 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:11:46.0017 3108 BTHMODEM - ok
20:11:46.0127 3108 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:11:46.0189 3108 cdfs - ok
20:11:46.0236 3108 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
20:11:46.0283 3108 cdrom - ok
20:11:46.0392 3108 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:11:46.0470 3108 circlass - ok
20:11:46.0517 3108 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:11:46.0532 3108 CLFS - ok
20:11:46.0673 3108 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:11:46.0704 3108 CmBatt - ok
20:11:46.0735 3108 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:11:46.0751 3108 cmdide - ok
20:11:46.0782 3108 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
20:11:46.0829 3108 CNG - ok
20:11:46.0860 3108 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:11:46.0891 3108 Compbatt - ok
20:11:47.0000 3108 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:11:47.0031 3108 CompositeBus - ok
20:11:47.0094 3108 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:11:47.0109 3108 crcdisk - ok
20:11:47.0250 3108 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:11:47.0343 3108 CSC - ok
20:11:47.0406 3108 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
20:11:47.0437 3108 CVirtA - ok
20:11:47.0562 3108 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
20:11:47.0609 3108 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
20:11:47.0609 3108 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
20:11:47.0671 3108 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:11:47.0733 3108 DfsC - ok
20:11:47.0843 3108 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:11:47.0921 3108 discache - ok
20:11:47.0967 3108 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:11:47.0983 3108 Disk - ok
20:11:48.0045 3108 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
20:11:48.0061 3108 DNE - ok
20:11:48.0155 3108 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:11:48.0186 3108 drmkaud - ok
20:11:48.0233 3108 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:11:48.0295 3108 DXGKrnl - ok
20:11:48.0342 3108 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:11:48.0373 3108 E1G60 - ok
20:11:48.0638 3108 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:11:48.0747 3108 ebdrv - ok
20:11:48.0935 3108 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:11:49.0013 3108 elxstor - ok
20:11:49.0075 3108 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:11:49.0106 3108 ErrDev - ok
20:11:49.0310 3108 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:11:49.0419 3108 exfat - ok
20:11:49.0450 3108 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:11:49.0513 3108 fastfat - ok
20:11:49.0622 3108 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:11:49.0653 3108 fdc - ok
20:11:49.0700 3108 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:11:49.0716 3108 FileInfo - ok
20:11:49.0747 3108 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:11:49.0809 3108 Filetrace - ok
20:11:49.0856 3108 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:11:49.0903 3108 flpydisk - ok
20:11:49.0981 3108 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:11:50.0012 3108 FltMgr - ok
20:11:50.0059 3108 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:11:50.0090 3108 FsDepends - ok
20:11:50.0247 3108 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:11:50.0263 3108 Fs_Rec - ok
20:11:50.0356 3108 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:11:50.0387 3108 fvevol - ok
20:11:50.0481 3108 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:11:50.0497 3108 gagp30kx - ok
20:11:50.0543 3108 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:11:50.0559 3108 GEARAspiWDM - ok
20:11:50.0653 3108 HBtnKey (7dad592a4d28092d584cfb4deef1373d) C:\Windows\system32\DRIVERS\cpqbttn.sys
20:11:50.0684 3108 HBtnKey - ok
20:11:50.0746 3108 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:11:50.0793 3108 hcw85cir - ok
20:11:50.0918 3108 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
20:11:50.0980 3108 HdAudAddService - ok
20:11:51.0027 3108 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:11:51.0058 3108 HDAudBus - ok
20:11:51.0105 3108 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:11:51.0136 3108 HidBatt - ok
20:11:51.0199 3108 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:11:51.0245 3108 HidBth - ok
20:11:51.0292 3108 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:11:51.0323 3108 HidIr - ok
20:11:51.0401 3108 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
20:11:51.0433 3108 HidUsb - ok
20:11:51.0526 3108 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:11:51.0542 3108 HpSAMD - ok
20:11:51.0620 3108 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:11:51.0698 3108 HTTP - ok
20:11:51.0760 3108 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:11:51.0776 3108 hwpolicy - ok
20:11:51.0838 3108 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:11:51.0901 3108 i8042prt - ok
20:11:51.0947 3108 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:11:51.0994 3108 iaStorV - ok
20:11:52.0057 3108 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:11:52.0072 3108 iirsp - ok
20:11:52.0166 3108 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:11:52.0197 3108 intelide - ok
20:11:52.0244 3108 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:11:52.0275 3108 intelppm - ok
20:11:52.0291 3108 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:52.0353 3108 IpFilterDriver - ok
20:11:52.0415 3108 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:11:52.0525 3108 IPMIDRV - ok
20:11:52.0618 3108 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:11:52.0681 3108 IPNAT - ok
20:11:52.0727 3108 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:11:52.0805 3108 IRENUM - ok
20:11:52.0930 3108 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:11:52.0961 3108 isapnp - ok
20:11:53.0008 3108 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:11:53.0039 3108 iScsiPrt - ok
20:11:53.0071 3108 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:11:53.0102 3108 kbdclass - ok
20:11:53.0117 3108 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:11:53.0149 3108 kbdhid - ok
20:11:53.0258 3108 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
20:11:53.0289 3108 kbfiltr - ok
20:11:53.0336 3108 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
20:11:53.0367 3108 KSecDD - ok
20:11:53.0398 3108 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
20:11:53.0429 3108 KSecPkg - ok
20:11:53.0539 3108 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:11:53.0601 3108 lltdio - ok
20:11:53.0648 3108 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:11:53.0679 3108 LSI_FC - ok
20:11:53.0710 3108 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:11:53.0726 3108 LSI_SAS - ok
20:11:53.0773 3108 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:11:53.0804 3108 LSI_SAS2 - ok
20:11:53.0882 3108 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:11:53.0897 3108 LSI_SCSI - ok
20:11:53.0944 3108 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:11:54.0053 3108 luafv - ok
20:11:54.0100 3108 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:11:54.0131 3108 megasas - ok
20:11:54.0319 3108 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:11:54.0365 3108 MegaSR - ok
20:11:54.0412 3108 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:11:54.0459 3108 Modem - ok
20:11:54.0506 3108 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:11:54.0537 3108 monitor - ok
20:11:54.0646 3108 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
20:11:54.0677 3108 mouclass - ok
20:11:54.0724 3108 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:11:54.0755 3108 mouhid - ok
20:11:54.0802 3108 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:11:54.0818 3108 mountmgr - ok
20:11:54.0927 3108 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:11:54.0958 3108 mpio - ok
20:11:54.0989 3108 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:11:55.0052 3108 mpsdrv - ok
20:11:55.0114 3108 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:11:55.0145 3108 MRxDAV - ok
20:11:55.0255 3108 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:55.0318 3108 mrxsmb - ok
20:11:55.0443 3108 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:55.0490 3108 mrxsmb10 - ok
20:11:55.0599 3108 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:55.0661 3108 mrxsmb20 - ok
20:11:55.0708 3108 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:11:55.0739 3108 msahci - ok
20:11:55.0786 3108 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:11:55.0802 3108 msdsm - ok
20:11:55.0926 3108 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:11:55.0958 3108 Msfs - ok
20:11:55.0989 3108 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:11:56.0036 3108 mshidkmdf - ok
20:11:56.0082 3108 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:11:56.0098 3108 msisadrv - ok
20:11:56.0349 3108 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:11:56.0427 3108 MSKSSRV - ok
20:11:56.0551 3108 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:56.0614 3108 MSPCLOCK - ok
20:11:56.0661 3108 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:11:56.0692 3108 MSPQM - ok
20:11:56.0723 3108 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:11:56.0770 3108 MsRPC - ok
20:11:56.0988 3108 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:11:57.0019 3108 mssmbios - ok
20:11:57.0300 3108 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:11:57.0394 3108 MSTEE - ok
20:11:57.0612 3108 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:11:57.0659 3108 MTConfig - ok
20:11:57.0690 3108 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:11:57.0721 3108 Mup - ok
20:11:57.0877 3108 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:11:57.0924 3108 NativeWifiP - ok
20:11:57.0987 3108 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:11:58.0018 3108 NDIS - ok
20:11:58.0127 3108 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:11:58.0174 3108 NdisCap - ok
20:11:58.0189 3108 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:58.0236 3108 NdisTapi - ok
20:11:58.0299 3108 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:58.0377 3108 Ndisuio - ok
20:11:58.0470 3108 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:58.0517 3108 NdisWan - ok
20:11:58.0579 3108 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:11:58.0626 3108 NDProxy - ok
20:11:58.0720 3108 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:11:58.0813 3108 NetBIOS - ok
20:11:58.0845 3108 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:11:58.0923 3108 NetBT - ok
20:11:59.0063 3108 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:11:59.0079 3108 nfrd960 - ok
20:11:59.0110 3108 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:11:59.0157 3108 Npfs - ok
20:11:59.0188 3108 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:11:59.0250 3108 nsiproxy - ok
20:11:59.0328 3108 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:11:59.0437 3108 Ntfs - ok
20:11:59.0531 3108 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:11:59.0593 3108 Null - ok
20:11:59.0656 3108 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
20:11:59.0687 3108 NVENETFD - ok
20:12:00.0061 3108 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:12:00.0732 3108 nvlddmkm - ok
20:12:00.0888 3108 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:12:00.0919 3108 nvraid - ok
20:12:00.0966 3108 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:12:00.0997 3108 nvstor - ok
20:12:01.0029 3108 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:12:01.0060 3108 nv_agp - ok
20:12:01.0185 3108 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:12:01.0231 3108 ohci1394 - ok
20:12:01.0325 3108 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:12:01.0404 3108 Parport - ok
20:12:01.0513 3108 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:12:01.0560 3108 partmgr - ok
20:12:01.0607 3108 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:12:01.0622 3108 Parvdm - ok
20:12:01.0654 3108 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:12:01.0685 3108 pci - ok
20:12:01.0716 3108 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:12:01.0732 3108 pciide - ok
20:12:01.0778 3108 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:12:01.0810 3108 pcmcia - ok
20:12:01.0872 3108 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:12:01.0903 3108 pcw - ok
20:12:01.0950 3108 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:12:02.0028 3108 PEAUTH - ok
20:12:02.0340 3108 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:12:02.0449 3108 PptpMiniport - ok
20:12:02.0621 3108 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:12:02.0683 3108 Processor - ok
20:12:02.0917 3108 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:12:03.0026 3108 Psched - ok
20:12:03.0432 3108 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:12:03.0510 3108 ql2300 - ok
20:12:03.0682 3108 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:12:03.0713 3108 ql40xx - ok
20:12:03.0760 3108 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:12:03.0775 3108 QWAVEdrv - ok
20:12:03.0806 3108 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:12:03.0853 3108 RasAcd - ok
20:12:03.0962 3108 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:12:04.0025 3108 RasAgileVpn - ok
20:12:04.0056 3108 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:12:04.0103 3108 Rasl2tp - ok
20:12:04.0274 3108 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:12:04.0337 3108 RasPppoe - ok
20:12:04.0384 3108 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:12:04.0430 3108 RasSstp - ok
20:12:04.0493 3108 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:12:04.0555 3108 rdbss - ok
20:12:04.0711 3108 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:12:04.0789 3108 rdpbus - ok
20:12:04.0852 3108 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:12:04.0898 3108 RDPCDD - ok
20:12:05.0054 3108 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:12:05.0132 3108 RDPDR - ok
20:12:05.0195 3108 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:12:05.0273 3108 RDPENCDD - ok
20:12:05.0413 3108 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:12:05.0444 3108 RDPREFMP - ok
20:12:05.0507 3108 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
20:12:05.0554 3108 RdpVideoMiniport - ok
20:12:05.0678 3108 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
20:12:05.0756 3108 RDPWD - ok
20:12:05.0834 3108 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:12:05.0866 3108 rdyboost - ok
20:12:05.0975 3108 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:12:06.0006 3108 rimmptsk - ok
20:12:06.0037 3108 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:12:06.0084 3108 rimsptsk - ok
20:12:06.0115 3108 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:12:06.0178 3108 rismxdp - ok
20:12:06.0287 3108 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:12:06.0396 3108 rspndr - ok
20:12:06.0583 3108 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:12:06.0630 3108 s3cap - ok
20:12:06.0864 3108 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:12:06.0895 3108 sbp2port - ok
20:12:06.0958 3108 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:12:07.0004 3108 scfilter - ok
20:12:07.0145 3108 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
20:12:07.0192 3108 sdbus - ok
20:12:07.0254 3108 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:12:07.0316 3108 secdrv - ok
20:12:07.0426 3108 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:12:07.0457 3108 Serenum - ok
20:12:07.0488 3108 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:12:07.0519 3108 Serial - ok
20:12:07.0597 3108 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:12:07.0628 3108 sermouse - ok
20:12:07.0816 3108 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:12:07.0909 3108 sffdisk - ok
20:12:08.0003 3108 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:12:08.0034 3108 sffp_mmc - ok
20:12:08.0096 3108 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:12:08.0143 3108 sffp_sd - ok
20:12:08.0174 3108 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:12:08.0221 3108 sfloppy - ok
20:12:08.0315 3108 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:12:08.0330 3108 sisagp - ok
20:12:08.0362 3108 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:12:08.0393 3108 SiSRaid2 - ok
20:12:08.0424 3108 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:12:08.0471 3108 SiSRaid4 - ok
20:12:08.0611 3108 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:12:08.0705 3108 Smb - ok
20:12:08.0830 3108 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:12:08.0861 3108 spldr - ok
20:12:09.0142 3108 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:12:09.0220 3108 srv - ok
20:12:09.0266 3108 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:12:09.0298 3108 srv2 - ok
20:12:09.0438 3108 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:12:09.0485 3108 SrvHsfHDA - ok
20:12:09.0547 3108 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:12:09.0625 3108 SrvHsfV92 - ok
20:12:09.0968 3108 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:12:10.0015 3108 SrvHsfWinac - ok
20:12:10.0156 3108 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:12:10.0202 3108 srvnet - ok
20:12:10.0280 3108 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:12:10.0296 3108 ssmdrv - ok
20:12:10.0343 3108 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:12:10.0358 3108 stexstor - ok
20:12:10.0577 3108 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:12:10.0639 3108 storflt - ok
20:12:10.0686 3108 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:12:10.0717 3108 storvsc - ok
20:12:10.0967 3108 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:12:10.0998 3108 swenum - ok
20:12:11.0170 3108 Synth3dVsc - ok
20:12:11.0466 3108 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:12:11.0544 3108 Tcpip - ok
20:12:11.0950 3108 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:12:11.0981 3108 TCPIP6 - ok
20:12:12.0215 3108 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:12:12.0324 3108 tcpipreg - ok
20:12:12.0527 3108 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:12:12.0574 3108 TDPIPE - ok
20:12:12.0605 3108 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
20:12:12.0698 3108 TDTCP - ok
20:12:12.0901 3108 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:12:12.0964 3108 tdx - ok
20:12:12.0995 3108 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:12:13.0010 3108 TermDD - ok
20:12:13.0135 3108 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:12:13.0182 3108 tssecsrv - ok
20:12:13.0244 3108 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:12:13.0322 3108 TsUsbFlt - ok
20:12:13.0400 3108 tsusbhub - ok
20:12:13.0478 3108 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:12:13.0525 3108 tunnel - ok
20:12:13.0572 3108 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:12:13.0588 3108 uagp35 - ok
20:12:13.0697 3108 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:12:13.0775 3108 udfs - ok
20:12:13.0837 3108 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:12:13.0853 3108 uliagpkx - ok
20:12:13.0962 3108 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
20:12:13.0993 3108 umbus - ok
20:12:14.0040 3108 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:12:14.0056 3108 UmPass - ok
20:12:14.0102 3108 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:12:14.0149 3108 usbccgp - ok
20:12:14.0243 3108 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:12:14.0290 3108 usbcir - ok
20:12:14.0336 3108 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
20:12:14.0383 3108 usbehci - ok
20:12:14.0430 3108 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:12:14.0477 3108 usbhub - ok
20:12:14.0570 3108 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
20:12:14.0633 3108 usbohci - ok
20:12:14.0711 3108 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:12:14.0742 3108 usbprint - ok
20:12:14.0851 3108 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:12:14.0898 3108 usbscan - ok
20:12:14.0929 3108 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:12:14.0976 3108 USBSTOR - ok
20:12:15.0007 3108 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
20:12:15.0038 3108 usbuhci - ok
20:12:15.0148 3108 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
20:12:15.0226 3108 usbvideo - ok
20:12:15.0304 3108 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:12:15.0319 3108 vdrvroot - ok
20:12:15.0428 3108 vflt (b149fc750a51d272a25e0adc7f52dbfd) C:\Windows\system32\DRIVERS\vfilter.sys
20:12:15.0444 3108 vflt ( UnsignedFile.Multi.Generic ) - warning
20:12:15.0444 3108 vflt - detected UnsignedFile.Multi.Generic (1)
20:12:15.0491 3108 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:12:15.0522 3108 vga - ok
20:12:15.0569 3108 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:12:15.0600 3108 VgaSave - ok
20:12:15.0694 3108 VGPU - ok
20:12:15.0756 3108 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:12:15.0787 3108 vhdmp - ok
20:12:15.0818 3108 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:12:15.0850 3108 viaagp - ok
20:12:15.0896 3108 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:12:15.0928 3108 ViaC7 - ok
20:12:16.0021 3108 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:12:16.0037 3108 viaide - ok
20:12:16.0068 3108 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:12:16.0099 3108 vmbus - ok
20:12:16.0146 3108 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:12:16.0177 3108 VMBusHID - ok
20:12:16.0271 3108 vnet (1b13a6a5253e7f046728980ccb59c0b7) C:\Windows\system32\DRIVERS\virtualnet.sys
20:12:16.0302 3108 vnet ( UnsignedFile.Multi.Generic ) - warning
20:12:16.0302 3108 vnet - detected UnsignedFile.Multi.Generic (1)
20:12:16.0364 3108 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:12:16.0396 3108 volmgr - ok
20:12:16.0442 3108 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:12:16.0474 3108 volmgrx - ok
20:12:16.0583 3108 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:12:16.0614 3108 volsnap - ok
20:12:16.0676 3108 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:12:16.0708 3108 vsmraid - ok
20:12:16.0754 3108 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:12:16.0786 3108 vwifibus - ok
20:12:16.0879 3108 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:12:16.0926 3108 vwififlt - ok
20:12:16.0973 3108 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:12:17.0004 3108 vwifimp - ok
20:12:17.0035 3108 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:12:17.0066 3108 WacomPen - ok
20:12:17.0176 3108 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:17.0207 3108 WANARP - ok
20:12:17.0222 3108 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:17.0254 3108 Wanarpv6 - ok
20:12:17.0347 3108 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:12:17.0363 3108 Wd - ok
20:12:17.0394 3108 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:12:17.0441 3108 Wdf01000 - ok
20:12:17.0550 3108 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:12:17.0612 3108 WfpLwf - ok
20:12:17.0659 3108 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:12:17.0675 3108 WIMMount - ok
20:12:17.0768 3108 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
20:12:17.0800 3108 WinUsb - ok
20:12:17.0909 3108 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:12:17.0940 3108 WmiAcpi - ok
20:12:18.0018 3108 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:12:18.0080 3108 ws2ifsl - ok
20:12:18.0143 3108 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:12:18.0190 3108 WudfPf - ok
20:12:18.0299 3108 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:12:18.0377 3108 WUDFRd - ok
20:12:18.0455 3108 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:12:18.0548 3108 \Device\Harddisk0\DR0 - ok
20:12:18.0548 3108 Boot (0x1200) (4640129a2970f0da9582022052d59212) \Device\Harddisk0\DR0\Partition0
20:12:18.0564 3108 \Device\Harddisk0\DR0\Partition0 - ok
20:12:18.0595 3108 Boot (0x1200) (bf6eeca050e8f1a7a5bddcb6d936d0da) \Device\Harddisk0\DR0\Partition1
20:12:18.0595 3108 \Device\Harddisk0\DR0\Partition1 - ok
20:12:18.0595 3108 ============================================================
20:12:18.0595 3108 Scan finished
20:12:18.0595 3108 ============================================================
20:12:18.0611 5204 Detected object count: 3
20:12:18.0611 5204 Actual detected object count: 3
20:12:33.0743 5204 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:33.0743 5204 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:33.0743 5204 vflt ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:33.0743 5204 vflt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:33.0743 5204 vnet ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:33.0743 5204 vnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
Vielen Dank und Gruß! |
|
06.01.2012, 20:18
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.searchqu.com/406 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.01.2012, 21:05
| #11 |
| | http://www.searchqu.com/406 hier das Logfile von ComboFix: Code:
ATTFilter ComboFix 12-01-06.01 - r2d2 06.01.2012 20:42:40.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.1919.1006 [GMT 1:00]
ausgeführt von:: c:\users\r2d2\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-06 bis 2012-01-06 ))))))))))))))))))))))))))))))
.
.
2012-01-06 19:02 . 2012-01-06 19:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0AE9A23-C556-49B2-9479-C3F2539B62D6}\offreg.dll
2012-01-06 17:46 . 2012-01-06 17:46 -------- d-----w- C:\_OTL
2012-01-06 17:42 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0AE9A23-C556-49B2-9479-C3F2539B62D6}\mpengine.dll
2011-12-28 17:36 . 2011-12-28 17:36 -------- d-----w- c:\program files\ESET
2011-12-19 13:34 . 2011-12-28 12:50 -------- d-----w- c:\program files\1und1Softwareaktualisierung
2011-12-19 13:34 . 2011-12-19 13:34 -------- d-----w- c:\programdata\UUdb
2011-12-17 20:28 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 20:28 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-17 20:27 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-17 20:27 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-17 20:27 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-17 20:27 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 00:11 . 2011-12-15 00:11 -------- d-----w- c:\users\r2d2\AppData\Roaming\Malwarebytes
2011-12-15 00:11 . 2011-12-15 00:11 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 00:11 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-15 00:11 . 2011-12-28 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-14 13:59 . 2011-12-14 13:59 -------- d-----w- c:\users\r2d2\AppData\Local\Ilivid Player
2011-12-14 13:58 . 2011-12-14 23:49 -------- d-----w- c:\program files\iLivid
2011-12-14 13:58 . 2011-12-14 13:58 -------- d-----w- c:\users\r2d2\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 23:00 . 2011-10-15 17:53 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-03 22:45 . 2011-12-03 22:45 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2011-11-15 13:29 . 2009-10-14 02:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-13 16:12 . 2011-05-21 11:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-15 17:53 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-15 17:53 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
.
c:\users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-10 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 17920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 13824]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-10 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 45336635
*Deregistered* - 45336635
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-06 21:01:06
ComboFix-quarantined-files.txt 2012-01-06 20:01
.
Vor Suchlauf: 7.319.490.560 Bytes frei
Nach Suchlauf: 7.225.589.760 Bytes frei
.
- - End Of File - - CE30FEB233B865CBBE5249A84EE4F27D
|
|
06.01.2012, 21:19
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.searchqu.com/406 Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\windows\system32\drivers\rdvgkmd.sys
Driver::
VGPU
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.01.2012, 07:00
| #13 |
| | http://www.searchqu.com/406 hier das Logfile: Code:
ATTFilter ComboFix 12-01-06.01 - r2d2 07.01.2012 6:30.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.1919.1132 [GMT 1:00]
ausgeführt von:: c:\users\r2d2\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\r2d2\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\rdvgkmd.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_VGPU
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-07 bis 2012-01-07 ))))))))))))))))))))))))))))))
.
.
2012-01-06 17:46 . 2012-01-06 17:46 -------- d-----w- C:\_OTL
2012-01-06 17:42 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0AE9A23-C556-49B2-9479-C3F2539B62D6}\mpengine.dll
2011-12-28 17:36 . 2011-12-28 17:36 -------- d-----w- c:\program files\ESET
2011-12-19 13:34 . 2011-12-28 12:50 -------- d-----w- c:\program files\1und1Softwareaktualisierung
2011-12-19 13:34 . 2011-12-19 13:34 -------- d-----w- c:\programdata\UUdb
2011-12-17 20:28 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 20:28 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-17 20:27 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-17 20:27 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-17 20:27 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-17 20:27 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 00:11 . 2011-12-15 00:11 -------- d-----w- c:\users\r2d2\AppData\Roaming\Malwarebytes
2011-12-15 00:11 . 2011-12-15 00:11 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 00:11 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-15 00:11 . 2011-12-28 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-14 13:59 . 2011-12-14 13:59 -------- d-----w- c:\users\r2d2\AppData\Local\Ilivid Player
2011-12-14 13:58 . 2011-12-14 23:49 -------- d-----w- c:\program files\iLivid
2011-12-14 13:58 . 2011-12-14 13:58 -------- d-----w- c:\users\r2d2\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 23:00 . 2011-10-15 17:53 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-03 22:45 . 2011-12-03 22:45 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2011-11-15 13:29 . 2009-10-14 02:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-13 16:12 . 2011-05-21 11:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-15 17:53 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-15 17:53 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-06_19.52.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-15 12:14 . 2012-01-07 05:16 44636 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-01-07 05:43 46694 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-15 11:01 . 2012-01-06 20:10 16104 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1466394205-3318947197-1888764071-1000_UserData.bin
- 2010-02-15 11:01 . 2012-01-06 19:02 16104 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1466394205-3318947197-1888764071-1000_UserData.bin
- 2012-01-06 19:00 . 2012-01-06 19:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-07 05:14 . 2012-01-07 05:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-06 19:00 . 2012-01-06 19:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-07 05:14 . 2012-01-07 05:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:47 . 2012-01-06 18:11 397516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-01-06 20:14 397516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-27 20:19 . 2012-01-06 20:07 1363964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1466394205-3318947197-1888764071-1000-12288.dat
- 2011-04-27 20:19 . 2011-12-19 13:47 1363964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1466394205-3318947197-1888764071-1000-12288.dat
+ 2011-04-27 20:07 . 2012-01-06 20:14 35866369 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1466394205-3318947197-1888764071-1000-4096.dat
- 2011-04-27 20:07 . 2012-01-06 18:11 35866369 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1466394205-3318947197-1888764071-1000-4096.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
.
c:\users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-10 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 17920]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 13824]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-10 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL =
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(240)
c:\users\r2d2\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Audible\Bin\AAXSDKWin.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-07 06:51:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-01-07 05:51
ComboFix2.txt 2012-01-06 20:01
.
Vor Suchlauf: 7.261.306.880 Bytes frei
Nach Suchlauf: 7.065.235.456 Bytes frei
.
- - End Of File - - 0D2F0CF4D7E5890174AFAF98E6A51905
Wünsche schönen Tag!! |
|
07.01.2012, 15:05
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | http://www.searchqu.com/406 Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2012, 22:05
| #15 |
| | http://www.searchqu.com/406 hier nun die Logs von GMER und OSAM (ich hoffe, dass ich da alles richtig durchgeführt habe): Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-07 20:23:44
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 TOSHIBA_MK1637GSX rev.DL032C
Running: 6rkqgmz6.exe; Driver: C:\Users\r2d2\AppData\Local\Temp\kxldrpob.sys
---- System - GMER 1.0.15 ----
SSDT 90748CAE ZwCreateSection
SSDT 90748CB8 ZwRequestWaitReplyPort
SSDT 90748CB3 ZwSetContextThread
SSDT 90748CBD ZwSetSecurityObject
SSDT 90748CC2 ZwSystemDebugControl
SSDT 90748C4F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C4E369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C87D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C8EEAC 4 Bytes [AE, 8C, 74, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C8F24C 4 Bytes [B3, 8C, 74, 90] {MOV BL, 0x8c; JZ 0xffffffffffffff94}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C8F2C8 4 Bytes [BD, 8C, 74, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82C8F31C 4 Bytes [C2, 8C, 74, 90] {RET 0x748c; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82C8F324 4 Bytes [4F, 8C, 74, 90]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x9141D340, 0x3EE217, 0xE8000020]
.text autochk.exe 004111D1 3 Bytes [44, 12, 41]
.text autochk.exe 004111D5 2 Bytes [8D, 49]
.text autochk.exe 004111D8 3 Bytes [3B, 12, 41] {CMP EDX, [EDX]; INC ECX}
.text autochk.exe 004111DC 3 Bytes [28, 12, 41] {SUB [EDX], DL; INC ECX}
.text autochk.exe 004111E0 3 Bytes [20, 12, 41] {AND [EDX], DL; INC ECX}
.text ...
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\rundll32.exe[1180] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1180] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1180] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1180] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74722437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74705600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747056BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747224B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74718514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74714CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7471506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74715144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74716671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7471826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747187BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7471901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7471E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74714BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3188] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3188] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3188] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3188] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3484] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [759CFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000056 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:31:41 on 08.01.2012 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys (File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\r2d2\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "Shrew Soft Lightweight Filter" (vflt) - "Shrew Soft Inc" - C:\Windows\System32\DRIVERS\vfilter.sys "Shrew Soft Virtual Adapter" (vnet) - "Shrew Soft Inc" - C:\Windows\System32\DRIVERS\virtualnet.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys (File not found) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - "Audible, Inc." - C:\Program Files\Audible\Bin\AudibleExt.dll {DE147C25-5683-49A7-B9BB-FB6B9E00B0C9} "CrossShellExMain Class" - "Across Systems GmbH" - C:\Program Files\Common Files\Across\crossShellEx.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - ? - (File not found | COM-object registry key not found) {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - ? - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (File not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "{67DABFBF-D0AB-41FA-9C46-CC0F21721616}" - ? - (File not found | COM-object registry key not found) / hxxp://download.divx.com/player/DivXBrowserPlugin.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\r2d2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\r2d2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "WirelessAssistant" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDF-XChange4" - "Tracker Software Products Ltd." - C:\Windows\system32\pxc40pm.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "SQL Server (ACROSS)" (MSSQL$ACROSS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe "SQL Server Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru und die aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-08 21:40:40
-----------------------------
21:40:40.225 OS Version: Windows 6.1.7601 Service Pack 1
21:40:40.225 Number of processors: 2 586 0x4802
21:40:40.225 ComputerName: R2D2-PC UserName: r2d2
21:40:51.317 Initialize success
21:46:45.184 AVAST engine defs: 12010801
21:47:07.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
21:47:07.492 Disk 0 Vendor: TOSHIBA_MK1637GSX DL032C Size: 152627MB BusType: 3
21:47:07.507 Disk 0 MBR read successfully
21:47:07.523 Disk 0 MBR scan
21:47:07.538 Disk 0 Windows 7 default MBR code
21:47:07.554 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 35000 MB offset 63
21:47:07.554 Disk 0 Partition - 00 0F Extended LBA 117624 MB offset 71682030
21:47:07.585 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 117624 MB offset 71682093
21:47:07.601 Disk 0 scanning sectors +312576705
21:47:07.679 Disk 0 scanning C:\Windows\system32\drivers
21:47:23.653 Service scanning
21:47:28.255 Modules scanning
21:47:40.298 Disk 0 trace - called modules:
21:47:40.314 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
21:47:40.330 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859865e0]
21:47:40.330 3 CLASSPNP.SYS[8897759e] -> nt!IofCallDriver -> [0x854fa918]
21:47:40.345 5 ACPI.sys[833bf3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x854fd030]
21:47:41.344 AVAST engine scan C:\Windows
21:47:46.398 File: C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]
21:47:48.223 AVAST engine scan C:\Windows\system32
21:51:23.476 AVAST engine scan C:\Windows\system32\drivers
21:51:37.236 AVAST engine scan C:\Users\r2d2
21:56:37.368 AVAST engine scan C:\ProgramData
21:58:00.579 Scan finished successfully
21:59:00.655 Disk 0 MBR has been saved successfully to "C:\Users\r2d2\Desktop\MBR.dat"
21:59:00.670 The log file has been saved successfully to "C:\Users\r2d2\Desktop\aswMBR.txt"
|
|
| Themen zu http://www.searchqu.com/406 |
| adobe, antivir, avg, avira, bho, bonjour, canon, conduit, defender, driver genius, error, excel.exe, explorer, fehler, firefox, flash player, format, helper, host.exe, http://www.searchqu.com/406 entfernen (internetexplorer), iexplore.exe, install.exe, langs, locker, microsoft office word, nvidia, office 2007, personen, problem, registry, rundll, sched.exe, security, security update, senden, server, software, taskhost.exe, version=1.0, virus, webcheck, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
