| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/DesktopWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.03.2011, 18:04
| #1 |
 |  Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Hallo, kann seit dem Befall der Schadsoftware nicht mehr auf meine Dateien zugreifen. Die Ordner sind leer, der Desktop auch.. Malwarebyytes hat den Schädling hoffentlich schon entfernt, OTL logs hab ich auch. Bin zum ersten mal hier, bitte um Ratschläge wenn Infos fehlen oder ich hier falsch bin. Hier die Logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6170 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 26.03.2011 07:50:18 mbam-log-2011-03-26 (07-50-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 779367 Laufzeit: 9 Stunde(n), 15 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sSqKxkRRLjU (Trojan.FakeAlert) -> Value: sSqKxkRRLjU -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\ssqkxkrrlju.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\42524424.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. c:\Users\cm\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\LNKYLMAL\elxpywfuiljpymkm[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Ich glaube OTL sind zu groß für hier zu posten, es wäre mir lieber sie jemandem per email zu schicken oder als .zip vielleicht? Bin für alle Ratschläge offen und wäre froh wenn ich meine Kiste wieder zum funktionieren bringen würde. Viele Grüße Chris7000 |
|
29.03.2011, 19:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
29.03.2011, 20:01
| #3 |
| | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Danke schon mal für die Hilfe, noch ein paar Infos. Hab die Ordner über Systemsteuerung wieder sichtbar gemacht sie sind aber jetzt dunkel. Lasse gerade die unhide.exe über C: laufen. Systemwiederherstellung oft versucht, nie geklappt.
__________________Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6170 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 26.03.2011 07:50:18 mbam-log-2011-03-26 (07-50-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 779367 Laufzeit: 9 Stunde(n), 15 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sSqKxkRRLjU (Trojan.FakeAlert) -> Value: sSqKxkRRLjU -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\ssqkxkrrlju.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programdata\42524424.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. c:\Users\cm\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\LNKYLMAL\elxpywfuiljpymkm[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6170 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 26.03.2011 08:42:27 mbam-log-2011-03-26 (08-42-27).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 161374 Laufzeit: 16 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) unhide läuft noch.......................... |
|
29.03.2011, 20:12
| #4 |
| | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop unhide ist noch nicht fertig, die Ordner auf dem Desktop sehen aber wieder in Ordnung aus und werden auch nicht mehr als "leer" gekennzeichnet bei maus-over. |
|
29.03.2011, 20:12
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{84edab05-6edf-11de-ab21-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{84edab05-6edf-11de-ab21-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2011.03.26 15:08:42 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2011.03.25 19:03:17 | 000,000,392 | -H-- | M] () -- C:\ProgramData\42524424
[2011.03.25 18:58:48 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42524424r
[2011.03.25 18:58:48 | 000,000,080 | -H-- | M] () -- C:\ProgramData\~42524424
[2011.03.25 18:46:40 | 000,000,585 | -H-- | M] () -- C:\Users\cm\Desktop\Windows Recovery.lnk
[2011.03.25 18:47:02 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42524424r
[2011.03.25 18:46:56 | 000,000,080 | -H-- | C] () -- C:\ProgramData\~42524424
[2011.03.25 18:46:40 | 000,000,585 | -H-- | C] () -- C:\Users\cm\Desktop\Windows Recovery.lnk
[2011.03.25 18:46:35 | 000,000,392 | -H-- | C] () -- C:\ProgramData\42524424
[2009.02.14 14:25:18 | 000,087,608 | -H-- | C] () -- C:\Users\cm\AppData\Roaming\inst.exe
@Alternate Data Stream - 35 bytes -> C:\Windows\System32:a292a4c2.zreglib
@Alternate Data Stream - 24 bytes -> C:\Windows:B291B9267092432E
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.03.2011, 20:13
| #6 |
| | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Bei Alle Programme scheint auch wieder alles OK zu sein...................... |
|
29.03.2011, 20:14
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Nach der unhide bitte den o.g. OTL-Fix ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2011, 20:34
| #8 |
| | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Hi Arne, hier das log: C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84edab05-6edf-11de-ab21-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84edab05-6edf-11de-ab21-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84edab05-6edf-11de-ab21-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84edab05-6edf-11de-ab21-806e6f6e6963}\ not found. File G:\LaunchU3.exe -a not found. C:\Windows\S.dirmngr moved successfully. C:\ProgramData\42524424 moved successfully. C:\ProgramData\~42524424r moved successfully. C:\ProgramData\~42524424 moved successfully. C:\Users\cm\Desktop\Windows Recovery.lnk moved successfully. File C:\ProgramData\~42524424r not found. File C:\ProgramData\~42524424 not found. File C:\Users\cm\Desktop\Windows Recovery.lnk not found. File C:\ProgramData\42524424 not found. C:\Users\cm\AppData\Roaming\inst.exe moved successfully. ADS C:\Windows\System32:a292a4c2.zreglib deleted successfully. ADS C:\Windows:B291B9267092432E deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: cm ->Temp folder emptied: 877489677 bytes ->Temporary Internet Files folder emptied: 27711928 bytes ->Java cache emptied: 14076954 bytes ->FireFox cache emptied: 58124027 bytes ->Google Chrome cache emptied: 6796039 bytes ->Flash cache emptied: 11396 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1497894 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2458774 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 942,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03292011_211847 Files\Folders moved on Reboot... C:\Users\cm\AppData\Local\Temp\ehmsas.txt moved successfully. Registry entries deleted on Reboot... Gleich noch eine Frage, kann ich so eine drive by inst irgendwie vermeiden? Wenn ja wie? |
|
30.03.2011, 09:06
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/DesktopZitat:
"Zum Schutz vor ungewollten Drive-by-Downloads hilft es, immer die aktuelle Version des Browsers zu verwenden, sowie Plugins wie den Flash Player, sowie den Adobe Reader immer auf dem neuesten Stand zu halten. [11] Teilweise, insbesondere im kommerziellen Umfeld, werden diese Skriptsprachen auch auf Ebene der IT-Administration abgeschaltet oder gefiltert. Eine weitere Maßnahme besteht in Browser-Plugins, die Skripte jeweils nur nach Freigabe durch den Anwender zulassen, etwa NoScript oder FlashBlock für Firefox." Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (30.03.2011 um 09:13 Uhr) |
|
30.03.2011, 21:15
| #10 |
| | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Hallo, hier das cofi log: Combofix Logfile: Code:
ATTFilter ComboFix 11-03-29.06 - cm 30.03.2011 21:56:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3038.1790 [GMT 2:00]
ausgeführt von:: c:\cofi\ComboFix.exe
Benutzte Befehlsschalter :: ComboFix
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\My.ini
c:\windows\system32\bin
c:\windows\system32\bin\appletviewer.exe
c:\windows\system32\bin\apt.exe
c:\windows\system32\bin\beanreg.dll
c:\windows\system32\bin\extcheck.exe
c:\windows\system32\bin\HtmlConverter.exe
c:\windows\system32\bin\idlj.exe
c:\windows\system32\bin\jar.exe
c:\windows\system32\bin\jarsigner.exe
c:\windows\system32\bin\java-rmi.exe
c:\windows\system32\bin\java.exe
c:\windows\system32\bin\javac.exe
c:\windows\system32\bin\javadoc.exe
c:\windows\system32\bin\javah.exe
c:\windows\system32\bin\javap.exe
c:\windows\system32\bin\javaw.exe
c:\windows\system32\bin\javaws.exe
c:\windows\system32\bin\jconsole.exe
c:\windows\system32\bin\jdb.exe
c:\windows\system32\bin\jhat.exe
c:\windows\system32\bin\jinfo.exe
c:\windows\system32\bin\jli.dll
c:\windows\system32\bin\jmap.exe
c:\windows\system32\bin\jps.exe
c:\windows\system32\bin\jrunscript.exe
c:\windows\system32\bin\jstack.exe
c:\windows\system32\bin\jstat.exe
c:\windows\system32\bin\jstatd.exe
c:\windows\system32\bin\jvisualvm.exe
c:\windows\system32\bin\keytool.exe
c:\windows\system32\bin\kinit.exe
c:\windows\system32\bin\klist.exe
c:\windows\system32\bin\ktab.exe
c:\windows\system32\bin\msvcr71.dll
c:\windows\system32\bin\native2ascii.exe
c:\windows\system32\bin\orbd.exe
c:\windows\system32\bin\pack200.exe
c:\windows\system32\bin\packager.exe
c:\windows\system32\bin\policytool.exe
c:\windows\system32\bin\rmic.exe
c:\windows\system32\bin\rmid.exe
c:\windows\system32\bin\rmiregistry.exe
c:\windows\system32\bin\schemagen.exe
c:\windows\system32\bin\serialver.exe
c:\windows\system32\bin\servertool.exe
c:\windows\system32\bin\tnameserv.exe
c:\windows\system32\bin\unpack200.exe
c:\windows\system32\bin\wsgen.exe
c:\windows\system32\bin\wsimport.exe
c:\windows\system32\bin\xjc.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\system
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-28 bis 2011-03-30 ))))))))))))))))))))))))))))))
.
.
2016-10-01 20:59 . 2016-10-01 20:59 -------- d-----w- c:\programdata\SlySoft
2016-10-01 20:55 . 2010-06-04 21:09 -------- d-----w- c:\program files\SlySoft
2011-03-30 20:05 . 2011-03-30 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-29 21:22 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52AB7D94-A659-4C2B-9B56-71CA97D7A4F3}\mpengine.dll
2011-03-27 18:46 . 2011-03-18 17:56 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-27 18:46 . 2011-03-18 17:56 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-27 18:46 . 2011-03-18 17:56 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-27 18:46 . 2011-03-18 17:56 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-27 18:46 . 2011-03-18 17:56 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-27 18:46 . 2011-03-18 17:56 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-27 18:46 . 2011-03-18 17:56 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-27 18:46 . 2011-03-18 17:56 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-27 18:46 . 2011-03-18 17:56 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-27 18:46 . 2011-03-18 17:56 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-26 17:15 . 2011-03-26 17:15 -------- d-----w- c:\users\cm\frc
2011-03-26 14:15 . 2002-02-18 17:40 6200 ----a-w- c:\windows\system32\INT13EXT.VXD
2011-03-26 13:17 . 2011-03-29 20:09 -------- d-----w- c:\users\cm\AppData\Roaming\GHISLER
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-03-25 18:59 . 2011-03-25 18:59 -------- d-----w- c:\users\cm\AppData\Roaming\Malwarebytes
2011-03-25 18:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-25 18:59 . 2011-03-25 18:59 -------- d-----w- c:\programdata\Malwarebytes
2011-03-25 18:59 . 2011-03-25 18:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 18:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 20:06 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 20:06 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 20:06 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-16 20:16 . 2011-01-29 16:00 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-03-16 20:16 . 2011-01-29 16:00 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2011-03-16 20:16 . 2011-01-29 16:00 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-03-09 17:45 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 17:45 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 17:45 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 17:45 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 17:45 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:45 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 19:56 . 2010-10-10 13:15 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 17:11 . 2009-10-03 13:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-31 01:01 . 2011-02-20 18:46 87340080 ----a-w- c:\users\cm\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
2011-01-29 22:16 . 2011-01-29 22:16 30056 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-01-29 16:00 . 2011-02-20 18:54 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-01-29 16:00 . 2011-01-29 16:00 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-01-29 16:00 . 2011-01-29 16:00 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-01-29 16:00 . 2011-01-29 16:00 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-01-29 16:00 . 2011-01-29 16:00 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-01-29 16:00 . 2011-01-29 16:00 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-01-29 16:00 . 2011-01-29 16:00 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-01-29 16:00 . 2011-01-29 16:00 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-01-29 16:00 . 2011-01-29 16:00 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-01-29 16:00 . 2011-01-29 16:00 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-01-29 16:00 . 2011-01-29 16:00 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-01-29 16:00 . 2011-01-29 16:00 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-01-29 16:00 . 2011-01-29 16:00 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-01-29 16:00 . 2011-01-29 16:00 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-01-29 16:00 . 2011-01-29 16:00 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-01-29 16:00 . 2011-01-29 16:00 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-01-29 16:00 . 2011-01-29 16:00 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-01-29 16:00 . 2011-01-29 16:00 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-01-29 16:00 . 2011-01-29 16:00 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-01-29 16:00 . 2011-01-29 16:00 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-01-29 16:00 . 2011-01-29 16:00 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-01-25 20:15 . 2008-12-21 10:16 3063561 ----a-w- c:\programdata\MobileTV.exe
2011-01-20 16:37 . 2011-02-10 08:14 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 08:14 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 08:14 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 08:14 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-10 08:14 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 08:14 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-10 08:14 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 08:14 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 08:14 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 08:14 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 08:14 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 08:14 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04 . 2011-02-10 08:14 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28 . 2011-02-10 08:14 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 08:14 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 08:14 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 08:14 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 08:14 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 08:14 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 08:14 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 08:14 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 08:14 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 08:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 08:14 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 08:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-10 08:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 08:12 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-03 08:38 . 2011-02-20 18:55 136680 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-01-03 08:38 . 2011-02-20 18:55 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-01-03 08:38 . 2011-02-20 18:55 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-01-03 08:38 . 2011-02-20 18:55 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-01-03 08:38 . 2011-02-20 18:55 121192 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-01-03 08:38 . 2011-02-20 18:55 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-01-03 08:38 . 2011-02-20 18:55 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2010-12-31 13:57 . 2011-02-10 08:15 2039808 ----a-w- c:\windows\system32\win32k.sys
2011-03-18 17:56 . 2011-03-27 18:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-06-30 11:44 . 2008-08-07 19:02 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-02-01 4828792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"avira update"="c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe" [2010-11-04 516353]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-02-01 15:12 4828792 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-03-12 13:51 663552 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 20:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 20:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 12:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]
R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [2009-04-21 12800]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2010/06/05 22:44];c:\program files\HP\QuickPlay\000.fcl [2009-01-12 14:50 87536]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 Apache2.2;Apache2.2;d:\work\xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-06 217088]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-06-09 2368]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-09-06 36640]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\cm\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\cm\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\cm\AppData\Roaming\Mozilla\Firefox\Profiles\m6j957hu.default\
FF - prefs.js: browser.startup.homepage - freenet.de - E-Mail, Singles, Nachrichten & Services
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-03-30 22:05
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.0.6002 Disk: TOSHIBA_MK3252GSX rev.LV011C -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 625142446 (+0): user != kernel
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-03-30 22:10:20
ComboFix-quarantined-files.txt 2011-03-30 20:10
.
Vor Suchlauf: 18 Verzeichnis(se), 49.438.863.360 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 49.350.377.472 Bytes frei
.
- - End Of File - - 590DD44DEC81574CF6CB443C505FD1D0
Viele Grüße |
|
31.03.2011, 12:36
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/DesktopZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.04.2011, 23:06
| #12 |
| | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Ich hoffe so ist es besser: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-01.01 - cm 01.04.2011 23:41:44.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3038.1813 [GMT 2:00]
ausgeführt von:: c:\users\cm\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-01 bis 2011-04-01 ))))))))))))))))))))))))))))))
.
.
2016-10-01 20:59 . 2016-10-01 20:59 -------- d-----w- c:\programdata\SlySoft
2016-10-01 20:55 . 2010-06-04 21:09 -------- d-----w- c:\program files\SlySoft
2011-04-01 21:56 . 2011-04-01 21:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-01 20:56 . 2011-04-01 21:15 -------- d-----w- C:\cofi
2011-04-01 17:46 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C19BC1D-EF03-44D8-AC60-0E2B1691AB71}\mpengine.dll
2011-03-31 19:55 . 2011-03-31 19:55 -------- d-----w- c:\users\Superhelden
2011-03-30 19:52 . 2011-03-30 20:10 -------- d-----w- C:\ComboFix
2011-03-27 18:46 . 2011-03-18 17:56 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-27 18:46 . 2011-03-18 17:56 728024 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-27 18:46 . 2011-03-18 17:56 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-03-27 18:46 . 2011-03-18 17:56 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-03-27 18:46 . 2011-03-18 17:56 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-03-27 18:46 . 2011-03-18 17:56 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-27 18:46 . 2011-03-18 17:56 142296 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-03-27 18:46 . 2011-03-18 17:56 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-27 18:46 . 2011-03-18 17:56 1975768 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-27 18:46 . 2011-03-18 17:56 1893336 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-26 17:15 . 2011-03-26 17:15 -------- d-----w- c:\users\cm\frc
2011-03-26 14:15 . 2002-02-18 17:40 6200 ----a-w- c:\windows\system32\INT13EXT.VXD
2011-03-26 13:17 . 2011-03-29 20:09 -------- d-----w- c:\users\cm\AppData\Roaming\GHISLER
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF
2011-03-26 13:17 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF
2011-03-25 18:59 . 2011-03-25 18:59 -------- d-----w- c:\users\cm\AppData\Roaming\Malwarebytes
2011-03-25 18:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-25 18:59 . 2011-03-25 18:59 -------- d-----w- c:\programdata\Malwarebytes
2011-03-25 18:59 . 2011-03-25 18:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-25 18:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-23 20:06 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 20:06 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 20:06 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-16 20:16 . 2011-01-29 16:00 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-03-16 20:16 . 2011-01-29 16:00 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2011-03-16 20:16 . 2011-01-29 16:00 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-03-09 17:45 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 17:45 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 17:45 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 17:45 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 17:45 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 17:45 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 19:56 . 2010-10-10 13:15 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 17:11 . 2009-10-03 13:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-31 01:01 . 2011-02-20 18:46 87340080 ----a-w- c:\users\cm\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
2011-01-29 22:16 . 2011-01-29 22:16 30056 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-01-29 16:00 . 2011-02-20 18:54 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-01-29 16:00 . 2011-01-29 16:00 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2011-01-29 16:00 . 2011-01-29 16:00 325552 ----a-w- c:\windows\MASetupCaller.dll
2011-01-29 16:00 . 2011-01-29 16:00 30568 ----a-w- c:\windows\MusiccityDownload.exe
2011-01-29 16:00 . 2011-01-29 16:00 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-01-29 16:00 . 2011-01-29 16:00 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-01-29 16:00 . 2011-01-29 16:00 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-01-29 16:00 . 2011-01-29 16:00 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-01-29 16:00 . 2011-01-29 16:00 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-01-29 16:00 . 2011-01-29 16:00 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-01-29 16:00 . 2011-01-29 16:00 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-01-29 16:00 . 2011-01-29 16:00 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-01-29 16:00 . 2011-01-29 16:00 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-01-29 16:00 . 2011-01-29 16:00 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-01-29 16:00 . 2011-01-29 16:00 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-01-29 16:00 . 2011-01-29 16:00 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-01-29 16:00 . 2011-01-29 16:00 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-01-29 16:00 . 2011-01-29 16:00 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-01-29 16:00 . 2011-01-29 16:00 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-01-29 16:00 . 2011-01-29 16:00 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-01-29 16:00 . 2011-01-29 16:00 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-01-29 16:00 . 2011-01-29 16:00 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-01-25 20:15 . 2008-12-21 10:16 3063561 ----a-w- c:\programdata\MobileTV.exe
2011-01-20 16:37 . 2011-02-10 08:14 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 08:14 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 08:14 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 08:14 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-10 08:14 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 08:14 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-10 08:14 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 08:14 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 08:14 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 08:14 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 08:14 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 08:14 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04 . 2011-02-10 08:14 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28 . 2011-02-10 08:14 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 08:14 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 08:14 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 08:14 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 08:14 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 08:14 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 08:14 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 08:14 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 08:14 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 08:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 08:14 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 08:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-08 08:47 . 2011-02-10 08:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 08:12 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-03 08:38 . 2011-02-20 18:55 136680 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-01-03 08:38 . 2011-02-20 18:55 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-01-03 08:38 . 2011-02-20 18:55 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-01-03 08:38 . 2011-02-20 18:55 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-01-03 08:38 . 2011-02-20 18:55 121192 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-01-03 08:38 . 2011-02-20 18:55 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-01-03 08:38 . 2011-02-20 18:55 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-03-18 17:56 . 2011-03-27 18:46 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-06-30 11:44 . 2008-08-07 19:02 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-02-01 4828792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"avira update"="c:\\Program Files\\Avira\\AntiVir Desktop\\update.exe" [2010-11-04 516353]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-02-01 15:12 4828792 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2007-03-12 13:51 663552 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2007-01-29 20:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2007-01-29 20:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-02-01 12:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2010-07-28 242176]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2009-12-30 114688]
R3 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R3 b57nd60x;Broadcom NetXtreme-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [2009-04-21 12800]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};Power Control [2010/06/05 22:44];c:\program files\HP\QuickPlay\000.fcl [2009-01-12 14:50 87536]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 Apache2.2;Apache2.2;d:\work\xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-09-06 217088]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-06-09 2368]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\cm\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\cm\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\cm\AppData\Roaming\Mozilla\Firefox\Profiles\m6j957hu.default\
FF - prefs.js: browser.startup.homepage - freenet.de - E-Mail, Singles, Nachrichten & Services
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-01 23:56
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover
Windows 6.0.6002 Disk: TOSHIBA_MK3252GSX rev.LV011C -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 625142446 (+0): user != kernel
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-02 00:01:07
ComboFix-quarantined-files.txt 2011-04-01 22:01
ComboFix2.txt 2011-04-01 21:15
ComboFix3.txt 2011-03-30 20:10
.
Vor Suchlauf: 21 Verzeichnis(se), 48.513.511.424 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 48.393.584.640 Bytes frei
.
- - End Of File - - 083D280A4FFCE196A5E4DE6BD94111D7
Viele Grüße |
|
02.04.2011, 13:48
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2011, 20:29
| #14 |
| | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Hier die logs: 2011/04/04 21:19:42.0950 2896 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/04 21:19:43.0274 2896 ================================================================================ 2011/04/04 21:19:43.0274 2896 SystemInfo: 2011/04/04 21:19:43.0274 2896 2011/04/04 21:19:43.0274 2896 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/04 21:19:43.0274 2896 Product type: Workstation 2011/04/04 21:19:43.0275 2896 ComputerName: HP-MACHINE 2011/04/04 21:19:43.0275 2896 UserName: cm 2011/04/04 21:19:43.0275 2896 Windows directory: C:\Windows 2011/04/04 21:19:43.0275 2896 System windows directory: C:\Windows 2011/04/04 21:19:43.0275 2896 Processor architecture: Intel x86 2011/04/04 21:19:43.0275 2896 Number of processors: 2 2011/04/04 21:19:43.0275 2896 Page size: 0x1000 2011/04/04 21:19:43.0275 2896 Boot type: Normal boot 2011/04/04 21:19:43.0275 2896 ================================================================================ 2011/04/04 21:19:44.0456 2896 Initialize success 2011/04/04 21:19:52.0368 1452 ================================================================================ 2011/04/04 21:19:52.0368 1452 Scan started 2011/04/04 21:19:52.0368 1452 Mode: Manual; 2011/04/04 21:19:52.0368 1452 ================================================================================ 2011/04/04 21:19:53.0612 1452 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 2011/04/04 21:19:53.0660 1452 Accelerometer (aef9ee4451d5c46370142cb06d0f3591) C:\Windows\system32\DRIVERS\Accelerometer.sys 2011/04/04 21:19:53.0782 1452 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/04 21:19:53.0935 1452 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys 2011/04/04 21:19:54.0026 1452 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/04/04 21:19:54.0131 1452 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/04/04 21:19:54.0177 1452 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/04/04 21:19:54.0227 1452 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/04/04 21:19:54.0384 1452 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/04 21:19:54.0459 1452 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/04/04 21:19:54.0738 1452 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/04 21:19:54.0932 1452 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/04/04 21:19:55.0089 1452 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/04/04 21:19:55.0121 1452 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/04/04 21:19:55.0156 1452 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/04/04 21:19:55.0280 1452 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/04/04 21:19:55.0471 1452 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\Windows\system32\Drivers\AnyDVD.sys 2011/04/04 21:19:55.0641 1452 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/04/04 21:19:55.0680 1452 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/04/04 21:19:55.0815 1452 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/04 21:19:55.0861 1452 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/04/04 21:19:56.0001 1452 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 2011/04/04 21:19:56.0048 1452 AVerAF15 (69a7ce53ffa89e0116faf5369384bbe5) C:\Windows\system32\Drivers\AVerAF15.sys 2011/04/04 21:19:56.0185 1452 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/04 21:19:56.0297 1452 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/04 21:19:56.0420 1452 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/04 21:19:56.0587 1452 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/04/04 21:19:56.0731 1452 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/04 21:19:56.0790 1452 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/04/04 21:19:56.0913 1452 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/04 21:19:56.0974 1452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/04 21:19:57.0079 1452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/04 21:19:57.0137 1452 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/04 21:19:57.0253 1452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/04 21:19:57.0297 1452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/04 21:19:57.0329 1452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/04 21:19:57.0443 1452 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/04 21:19:57.0512 1452 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/04 21:19:57.0627 1452 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/04 21:19:57.0707 1452 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 2011/04/04 21:19:57.0821 1452 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/04 21:19:57.0895 1452 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys 2011/04/04 21:19:57.0993 1452 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys 2011/04/04 21:19:58.0042 1452 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/04/04 21:19:58.0259 1452 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/04 21:19:58.0337 1452 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/04 21:19:58.0459 1452 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 2011/04/04 21:19:58.0549 1452 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/04 21:19:58.0687 1452 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/04 21:19:58.0735 1452 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/04/04 21:19:58.0859 1452 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/04 21:19:58.0903 1452 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/04/04 21:19:58.0935 1452 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/04/04 21:19:59.0059 1452 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/04 21:19:59.0228 1452 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys 2011/04/04 21:19:59.0399 1452 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/04 21:19:59.0567 1452 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/04 21:19:59.0629 1452 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/04 21:19:59.0771 1452 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/04 21:19:59.0970 1452 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/04 21:20:00.0057 1452 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys 2011/04/04 21:20:00.0203 1452 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/04/04 21:20:00.0340 1452 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys 2011/04/04 21:20:00.0535 1452 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/04/04 21:20:00.0644 1452 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/04 21:20:00.0771 1452 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/04 21:20:00.0853 1452 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/04 21:20:00.0970 1452 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/04 21:20:01.0021 1452 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/04 21:20:01.0075 1452 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/04 21:20:01.0171 1452 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/04 21:20:01.0295 1452 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS 2011/04/04 21:20:01.0408 1452 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/04 21:20:01.0469 1452 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/04 21:20:01.0593 1452 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2011/04/04 21:20:01.0669 1452 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 2011/04/04 21:20:01.0758 1452 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/04 21:20:01.0847 1452 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys 2011/04/04 21:20:01.0931 1452 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 2011/04/04 21:20:02.0028 1452 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/04 21:20:02.0126 1452 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/04/04 21:20:02.0200 1452 hpdskflt (64637b65c90df48c94bb9346afb3ac61) C:\Windows\system32\DRIVERS\hpdskflt.sys 2011/04/04 21:20:02.0290 1452 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 2011/04/04 21:20:02.0314 1452 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys 2011/04/04 21:20:02.0467 1452 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/04/04 21:20:02.0538 1452 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/04/04 21:20:02.0707 1452 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/04/04 21:20:02.0760 1452 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/04/04 21:20:02.0883 1452 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/04 21:20:02.0935 1452 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/04/04 21:20:03.0062 1452 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/04 21:20:03.0126 1452 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/04 21:20:03.0235 1452 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/04 21:20:03.0310 1452 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/04 21:20:03.0440 1452 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/04 21:20:03.0503 1452 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/04 21:20:03.0632 1452 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/04 21:20:03.0696 1452 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/04/04 21:20:03.0760 1452 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/04 21:20:03.0862 1452 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/04 21:20:03.0909 1452 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/04 21:20:03.0946 1452 JMCR (dedb6cc1b166928a8f3f68def1766db0) C:\Windows\system32\DRIVERS\jmcr.sys 2011/04/04 21:20:04.0040 1452 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/04 21:20:04.0131 1452 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/04 21:20:04.0255 1452 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/04 21:20:04.0350 1452 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/04 21:20:04.0465 1452 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/04 21:20:04.0519 1452 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/04 21:20:04.0572 1452 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/04 21:20:04.0639 1452 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/04 21:20:04.0708 1452 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys 2011/04/04 21:20:04.0827 1452 mdf15 (7ad11a5b5ea3bb3093a24c85e653ce54) C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys 2011/04/04 21:20:04.0944 1452 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/04/04 21:20:05.0013 1452 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/04/04 21:20:05.0141 1452 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/04 21:20:05.0210 1452 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/04 21:20:05.0308 1452 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/04 21:20:05.0337 1452 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/04 21:20:05.0374 1452 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/04 21:20:05.0485 1452 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/04/04 21:20:05.0559 1452 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/04 21:20:05.0645 1452 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/04 21:20:05.0707 1452 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/04 21:20:05.0802 1452 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/04 21:20:05.0889 1452 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/04 21:20:05.0948 1452 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/04 21:20:06.0096 1452 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 2011/04/04 21:20:06.0149 1452 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/04/04 21:20:06.0294 1452 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 2011/04/04 21:20:06.0350 1452 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/04 21:20:06.0471 1452 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/04 21:20:06.0558 1452 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/04 21:20:06.0656 1452 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/04 21:20:06.0702 1452 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/04 21:20:06.0813 1452 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/04 21:20:06.0868 1452 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/04 21:20:06.0901 1452 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/04 21:20:07.0014 1452 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/04 21:20:07.0120 1452 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/04 21:20:07.0267 1452 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/04/04 21:20:07.0342 1452 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/04 21:20:07.0433 1452 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/04 21:20:07.0532 1452 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/04 21:20:07.0643 1452 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/04 21:20:07.0685 1452 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/04 21:20:07.0756 1452 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/04 21:20:07.0999 1452 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/04/04 21:20:08.0200 1452 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/04 21:20:08.0265 1452 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/04 21:20:08.0378 1452 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/04 21:20:08.0501 1452 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/04 21:20:08.0646 1452 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/04 21:20:08.0676 1452 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/04 21:20:08.0758 1452 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys 2011/04/04 21:20:08.0882 1452 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys 2011/04/04 21:20:09.0191 1452 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/04 21:20:09.0544 1452 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/04/04 21:20:09.0580 1452 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/04/04 21:20:09.0618 1452 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/04/04 21:20:09.0788 1452 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/04 21:20:09.0936 1452 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 2011/04/04 21:20:09.0991 1452 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/04 21:20:10.0132 1452 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 2011/04/04 21:20:10.0197 1452 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/04 21:20:10.0326 1452 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/04/04 21:20:10.0367 1452 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/04 21:20:10.0401 1452 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 2011/04/04 21:20:10.0554 1452 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/04 21:20:10.0711 1452 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\Windows\system32\drivers\pfc.sys 2011/04/04 21:20:10.0763 1452 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/04 21:20:10.0792 1452 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/04/04 21:20:10.0935 1452 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/04 21:20:11.0008 1452 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/04/04 21:20:11.0122 1452 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/04 21:20:11.0205 1452 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/04 21:20:11.0319 1452 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/04 21:20:11.0350 1452 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/04 21:20:11.0423 1452 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/04 21:20:11.0543 1452 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/04 21:20:11.0604 1452 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/04 21:20:11.0666 1452 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/04 21:20:11.0773 1452 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/04/04 21:20:11.0802 1452 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/04 21:20:11.0871 1452 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/04 21:20:11.0966 1452 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/04 21:20:12.0101 1452 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/04 21:20:12.0178 1452 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/04/04 21:20:12.0272 1452 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/04 21:20:12.0374 1452 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 2011/04/04 21:20:12.0484 1452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/04 21:20:12.0568 1452 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/04 21:20:12.0620 1452 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2011/04/04 21:20:12.0740 1452 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/04 21:20:12.0806 1452 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/04/04 21:20:12.0832 1452 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/04 21:20:12.0865 1452 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/04 21:20:12.0977 1452 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/04 21:20:13.0050 1452 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/04/04 21:20:13.0082 1452 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/04/04 21:20:13.0121 1452 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/04/04 21:20:13.0240 1452 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/04 21:20:13.0320 1452 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/04 21:20:13.0379 1452 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys 2011/04/04 21:20:13.0498 1452 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/04 21:20:13.0587 1452 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/04 21:20:13.0730 1452 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys 2011/04/04 21:20:14.0252 1452 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys 2011/04/04 21:20:14.0364 1452 ssadmdm (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys 2011/04/04 21:20:14.0502 1452 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys 2011/04/04 21:20:14.0595 1452 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys 2011/04/04 21:20:14.0684 1452 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys 2011/04/04 21:20:14.0745 1452 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/04 21:20:14.0937 1452 STHDA (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys 2011/04/04 21:20:15.0066 1452 SVKP (f05028b163b92c302a74409d683ac9b0) C:\Windows\system32\SVKP.sys 2011/04/04 21:20:15.0147 1452 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/04 21:20:15.0187 1452 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/04 21:20:15.0246 1452 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/04 21:20:15.0273 1452 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/04 21:20:15.0389 1452 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/04 21:20:15.0534 1452 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/04/04 21:20:15.0618 1452 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/04 21:20:15.0730 1452 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/04 21:20:15.0782 1452 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/04 21:20:15.0843 1452 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/04 21:20:15.0929 1452 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/04 21:20:15.0986 1452 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/04 21:20:16.0081 1452 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys 2011/04/04 21:20:16.0171 1452 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/04 21:20:16.0251 1452 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/04 21:20:16.0340 1452 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/04 21:20:16.0380 1452 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/04/04 21:20:16.0448 1452 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/04 21:20:16.0540 1452 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/04 21:20:16.0594 1452 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/04/04 21:20:16.0665 1452 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/04 21:20:16.0725 1452 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/04 21:20:16.0749 1452 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/04 21:20:16.0795 1452 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/04 21:20:16.0876 1452 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/04 21:20:16.0967 1452 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/04 21:20:17.0008 1452 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/04 21:20:17.0092 1452 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys 2011/04/04 21:20:17.0187 1452 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/04 21:20:17.0287 1452 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/04 21:20:17.0380 1452 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/04 21:20:17.0416 1452 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/04 21:20:17.0510 1452 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/04 21:20:17.0613 1452 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/04 21:20:17.0685 1452 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/04 21:20:17.0719 1452 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/04/04 21:20:17.0799 1452 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/04/04 21:20:17.0838 1452 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/04/04 21:20:17.0902 1452 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/04 21:20:18.0006 1452 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/04 21:20:18.0115 1452 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/04 21:20:18.0211 1452 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/04/04 21:20:18.0287 1452 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/04 21:20:18.0325 1452 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/04 21:20:18.0350 1452 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/04 21:20:18.0455 1452 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/04/04 21:20:18.0519 1452 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/04 21:20:18.0636 1452 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/04/04 21:20:18.0835 1452 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/04 21:20:18.0935 1452 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/04 21:20:19.0048 1452 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/04 21:20:19.0147 1452 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/04 21:20:19.0386 1452 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\HP\QuickPlay\000.fcl 2011/04/04 21:20:19.0919 1452 ================================================================================ 2011/04/04 21:20:19.0919 1452 Scan finished 2011/04/04 21:20:19.0919 1452 ================================================================================ Norman TDSS Cleaner Version 2.0.2 Copyright © 1990 - 2010, Norman ASA. Built 2010/11/12 12:32:24 Scan started: 2011/04/04 21:22:30 Running pre-scan cleanup routine: Operating System: Microsoft Windows Vista 6.0.6002 Service Pack 2 Logged on user: hp-machine\cm Scanning kernel... Scan complete Norman TDSS Cleaner Version 2.0.2 Copyright © 1990 - 2010, Norman ASA. Built 2010/11/12 12:32:24 Scan started: 2011/04/04 21:22:30 Running pre-scan cleanup routine: Operating System: Microsoft Windows Vista 6.0.6002 Service Pack 2 Logged on user: hp-machine\cm Scanning kernel... Scan complete Viele Grüße |
|
04.04.2011, 20:30
| #15 |
| | Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop Es waren keine Treffer nach den Scans.................. |
|
| Themen zu Nach Windows Recovery Befall kein Zugriff mehr auf Dateisystem/Desktop |
| anti-malware, appdata, befall, dateien, desktop, disabletaskmgr, email, explorer, falsch, files, funktionieren, infos, kein zugriff, kis, leer, microsoft, nicht mehr, ordner, pum.hijack.taskmanager, recovery, schädling, service, system, trojan.fakealert, version, windows, windows recovery entfernen, zugriff |
Linear-Darstellung
