| |
| |||||||
Log-Analyse und Auswertung: Javavirus? Ich bin mir nicht sicher!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.04.2011, 20:39
| #1 |
 |  Javavirus? Ich bin mir nicht sicher! Guten Abend liebe Leute, folgendes Problem: warebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5044 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 08.04.2011 21:24:27 mbam-log-2011-04-08 (21-24-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 225175 Laufzeit: 23 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{11899d98-ac90-da3c-7d6b-d9068c9702c3} (Trojan.Dropper) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Kevin\AppData\Roaming\Iwuxtu\opwe.exe (Trojan.Dropper) -> No action taken. C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\33c155d3-44d23f00 (Trojan.Dropper) -> No action taken. Was mach ich nun?  Direkt Formatieren?  Ich such schon seit Stunden nach ner Lösung aber ich komme einfach nicht weiter! Ich hoffe ihr könnt mir helfen. Schon mal Vielen lieben Dank an euch! Gruß Kevin |
|
09.04.2011, 10:24
| #2 |
| | Javavirus? Ich bin mir nicht sicher! Der OTL Scan falls er euch was nützt =) :OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 09.04.2011 11:16:23 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kevin\Desktop An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 73,93 Gb Free Space | 75,78% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 348,97 Gb Free Space | 94,80% Space Free | Partition Type: NTFS Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Program Files\ICQ7.2\ICQ7.4\ICQ.exe (ICQ, LLC.) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Vtune\TBPANEL.exe () PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (QCMerced) -- C:\Windows\System32\drivers\lvcm.sys () DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 1C 83 DD 83 7A CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.01.12 19:08:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.03.30 23:10:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.04.08 15:22:49 | 000,000,000 | ---D | M] [2010.11.02 13:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions [2011.04.09 11:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\yh0ddx82.default\extensions [2011.03.29 11:17:11 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\yh0ddx82.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [{11899D98-AC90-DA3C-7D6B-D9068C9702C3}] C:\Users\Kevin\AppData\Roaming\Iwuxtu\opwe.exe () O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - D:\Program Files\ICQ7.2\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - D:\Program Files\ICQ7.2\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.09 11:15:25 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe [2011.04.09 11:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.04.09 11:01:45 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.04.09 01:21:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{A69B16C4-2615-453E-9A87-CB3D946F8C27} [2011.04.08 20:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.04.08 20:09:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Simply Super Software [2011.04.08 20:08:54 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2011.04.08 19:30:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Uqinve [2011.04.08 19:30:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Iwuxtu [2011.04.08 15:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.04.08 15:22:49 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.08 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{53B64EF5-E3A7-46F9-90BE-E6EEBC37FFF8} [2011.04.07 23:49:51 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{22A6BBCE-9EC9-43C6-B2F7-77D82F803105} [2011.04.07 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{DF2D22D4-8049-4A85-9564-84838B51808F} [2011.04.06 23:48:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{97F1C110-F388-4B59-B9B1-BF59140DD1A3} [2011.04.06 09:39:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{2BE6AE38-2CD9-49D5-B0A5-51061E9255D6} [2011.04.05 12:08:47 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{BD2A8E5B-2AB8-4A24-9CE5-2C3BA80FCCE8} [2011.04.05 09:18:18 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CasinoClub [2011.04.05 09:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CasinoClub [2011.04.04 10:37:29 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{216B1530-7B76-4AD5-8646-B3A524B79BF8} [2011.04.03 15:31:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{485F533B-C346-4D58-B69F-CDC357275FFE} [2011.04.02 10:12:01 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{6877AD41-2FE3-4E0B-99C5-71E07095BC54} [2011.04.01 22:06:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{BBA688CE-5EF0-4448-8410-8FBC2CA71228} [2011.04.01 10:05:57 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{C630D8EE-02F5-4CC1-A83F-F1FBC5D5636F} [2011.03.31 21:06:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{C6D6D966-DD6B-41B9-B86B-E93721FDD907} [2011.03.31 09:05:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{5C0C2D55-EAB3-4905-94F7-FE7BF474C9D5} [2011.03.30 10:35:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{43F690AC-FB74-412B-946D-9467C77E8D93} [2011.03.29 22:34:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{42BE7B07-681D-4989-97D4-A37A22FF84A2} [2011.03.29 10:34:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{1D077972-A842-407B-A24B-D60B9B8A2C6A} [2011.03.29 10:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.03.28 22:33:28 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{554703FD-B1C0-43FD-A7E5-D3FBB88A4253} [2011.03.28 10:33:05 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{5B297F2E-9111-4B15-AB8C-CA9FCA3663E6} [2011.03.27 12:13:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{75C2DD7A-244E-4296-909E-B8B4207FFB40} [2011.03.26 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{2314DDE0-D67F-47EE-9496-2E9C0385174D} [2011.03.25 11:35:19 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{AFC2D6A2-A2F3-4392-A96B-C6FAFFE551B6} [2011.03.24 23:34:56 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{0C74DF1D-CCA7-4F21-A9C1-874FF81D638E} [2011.03.24 11:29:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{CD60794A-379B-4EC7-868A-7DA4DFEC3AF1} [2011.03.23 23:28:46 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{3BB4280A-D517-457F-BF94-0EB05C5D53BE} [2011.03.23 11:28:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{F4A66CFD-D138-4F8F-855A-19AE2859D70E} [2011.03.22 23:27:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{92916D16-17BF-483B-9FF3-B3CDC9D72540} [2011.03.22 11:09:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{277DAF39-8C80-4030-ABFB-D608984F65E9} [2011.03.21 13:05:04 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{FE7C4AAE-C972-477A-A497-EAE26E193F34} [2011.03.21 01:04:30 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{F69C7B00-FC38-418E-84A0-51F6F7F84F54} [2011.03.20 13:04:07 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{3796BF11-8614-4718-85BC-9A4FDA7BFA50} [2011.03.19 11:54:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{E54667A9-790F-4886-AEB9-A778041C493F} [2011.03.18 23:29:34 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{1DD9067F-8303-4E38-8E73-242C860CE67C} [2011.03.18 11:29:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{4E8A8E2E-26B2-4376-A0EE-6F092FE4F4A3} [2011.03.17 11:56:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{190CEFB0-B9B4-44B8-8CEC-A28AFFAAA1E1} [2011.03.16 11:34:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{3031D5C8-484F-44A3-8450-25467953BD48} [2011.03.15 23:34:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{5B25DE53-F92A-4368-A558-958A3779FBA8} [2011.03.15 11:33:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{11FE18B9-0D6D-4909-B216-EFCFB8969A16} [2011.03.14 13:05:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{A85D6531-6C75-416B-A6E0-431C335A52AB} [2011.03.14 00:01:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{836399A1-0361-48D8-AFA5-B038E380391F} [2011.03.12 12:15:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{22F5B7EC-776E-4286-9D4B-C64FAAF5A7B9} [2011.03.11 14:52:04 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{886D6D9E-DAF4-46EA-B936-CB93D02695A0} [2011.03.10 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{4FE790F8-807D-4FFD-9A93-BB2A85C57711} ========== Files - Modified Within 30 Days ========== [2011.04.09 11:15:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe [2011.04.09 11:04:40 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\kjobyqh.sys [2011.04.09 11:01:46 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.09 10:46:17 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.09 10:46:17 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.09 10:43:15 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.09 10:43:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.09 10:43:15 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.09 10:43:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.09 10:38:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.09 10:38:56 | 2383,761,408 | -HS- | M] () -- C:\hiberfil.sys [2011.04.08 20:04:10 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.03.29 10:09:03 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk [2011.03.16 16:19:29 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys ========== Files Created - No Company Name ========== [2011.04.09 11:04:40 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\kjobyqh.sys [2011.04.09 11:01:46 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.08 20:08:54 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2011.04.08 20:08:54 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2011.04.08 20:08:54 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2011.04.08 20:08:53 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2011.03.29 10:09:03 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk [2011.02.15 18:10:07 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.02.04 19:00:04 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin [2011.01.16 22:46:25 | 000,003,584 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.16 01:11:07 | 000,000,760 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\setup_ldm.iss [2011.01.12 19:05:17 | 000,245,209 | ---- | C] () -- C:\Windows\hpoins19.dat [2011.01.12 19:05:17 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2010.11.18 22:57:00 | 000,053,248 | R--- | C] () -- C:\Windows\System32\InstMed.exe [2010.11.18 22:56:59 | 000,006,812 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.11.18 22:56:55 | 000,585,824 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys [2010.11.02 13:29:43 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.07.14 10:47:43 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,410,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2007.10.11 19:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.04.2011 11:16:23 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kevin\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 73,93 Gb Free Space | 75,78% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 348,97 Gb Free Space | 94,80% Space Free | Partition Type: NTFS
Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E4EDFCB-DC4D-4339-AB85-A8444E85D37B}" = 2600
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{302AC480-43D2-11D5-A818-00500435FC18}" = Gothic_Patch
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5730CAAC-9368-4813-9D3C-7D1AB5F0A154}" = ABBYY ScanTo Office 1.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F215D53-6560-4E65-B268-3358508C6D6D}" = 2600Trb
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4B0C5D-035C-4643-B80F-AFF81534D117}" = 2600_Help
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CasinoClub" = CasinoClub
"CCleaner" = CCleaner
"ControlCenter_is1" = ControlCenter
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Gothic 1_is1" = Gothic 1
"Gothic-Patch 1.07c" = Gothic-Patch 1.07c
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MySSID_is1" = Vtune 7.12
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"Shop for HP Supplies" = Shop for HP Supplies
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.03.2011 16:01:53 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "d:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 31.03.2011 07:44:52 | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.4095,
Zeitstempel: 0x4d852c62 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
Zeitstempel: 0x4cc7ab44 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000469e0 ID des fehlerhaften
Prozesses: 0xddc Startzeit der fehlerhaften Anwendung: 0x01cbef96febc5abc Pfad der
fehlerhaften Anwendung: D:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 49bffcfa-5b8c-11e0-927f-6c626d6070f4
Error - 01.04.2011 06:46:16 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "d:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.04.2011 08:06:01 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "d:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 08.04.2011 08:37:21 | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "d:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 08.04.2011 13:53:43 | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3508.1109,
Zeitstempel: 0x4cda7240 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x08b38c03 ID des fehlerhaften
Prozesses: 0xef8 Startzeit der fehlerhaften Anwendung: 0x01cbf5def94c54ee Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Live\Messenger\msnmsgr.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 248c825d-6209-11e0-9942-6c626d6070f4
Error - 08.04.2011 14:55:22 | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001f63 ID des fehlerhaften Prozesses:
0x1700 Startzeit der fehlerhaften Anwendung: 0x01cbf61e6ba323b3 Pfad der fehlerhaften
Anwendung: D:\Trojancheck 6\tc6.exe Pfad des fehlerhaften Moduls: D:\Trojancheck
6\tc6.exe Berichtskennung: c14499e9-6211-11e0-99fb-6c626d6070f4
Error - 08.04.2011 14:57:56 | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
0x2a425e19 Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
0x2a425e19 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001f6c ID des fehlerhaften Prozesses:
0xe74 Startzeit der fehlerhaften Anwendung: 0x01cbf61e84f1a0ff Pfad der fehlerhaften
Anwendung: D:\Trojancheck 6\tc6.exe Pfad des fehlerhaften Moduls: D:\Trojancheck
6\tc6.exe Berichtskennung: 1ccdf2c8-6212-11e0-99fb-6c626d6070f4
Error - 08.04.2011 14:57:58 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm tc6.exe, Version 6.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1700 Startzeit:
01cbf61e6ba323b3 Endzeit: 2 Anwendungspfad: D:\Trojancheck 6\tc6.exe Berichts-ID:
1ccba8d0-6212-11e0-99fb-6c626d6070f4
Error - 08.04.2011 14:59:19 | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = Programm tc6.exe, Version 6.0.0.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e74 Startzeit:
01cbf61e84f1a0ff Endzeit: 3 Anwendungspfad: D:\Trojancheck 6\tc6.exe Berichts-ID: 4c72149d-6212-11e0-99fb-6c626d6070f4
[ System Events ]
Error - 21.03.2011 05:57:06 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01 sfsync02
Error - 21.03.2011 16:07:55 | Computer Name = Kevin-PC | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
Error - 21.03.2011 16:07:59 | Computer Name = Kevin-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 21.03.2011 16:08:22 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01 sfsync02
Error - 22.03.2011 05:08:31 | Computer Name = Kevin-PC | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
Error - 22.03.2011 05:08:35 | Computer Name = Kevin-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 22.03.2011 05:08:57 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01 sfsync02
Error - 22.03.2011 09:27:16 | Computer Name = Kevin-PC | Source = Application Popup | ID = 875
Description = Treiber sfsync02.sys konnte nicht geladen werden.
Error - 22.03.2011 09:27:21 | Computer Name = Kevin-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
Error - 22.03.2011 09:27:41 | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01 sfsync02
< End of report >
Ich hoffe immernoch auf Hilfe oder soll ich diese 2 Datein einfach löschen? Gruß Kevin |
|
09.04.2011, 17:17
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Javavirus? Ich bin mir nicht sicher!Zitat:
Klick so oft auf den Updatebutton, bis keine neuen Signaturen mehr gefunden werden. Darüber wird dir auch eine neue Version des Programms installiert.
__________________ |
|
09.04.2011, 18:05
| #4 |
| | Javavirus? Ich bin mir nicht sicher! Erst mal Danke das sich einer die Mühe macht, mir zu helfen!  Sooo und hier das müsste aber jetzt das richtige sein: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6320 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09.04.2011 19:04:00 mbam-log-2011-04-09 (19-03-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 226096 Laufzeit: 22 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{11899D98-AC90-DA3C-7D6B-D9068C9702C3} (Trojan.ZbotR.Gen) -> Value: {11899D98-AC90-DA3C-7D6B-D9068C9702C3} -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Kevin\AppData\LocalLow\Sun\Java\deployment\cache\6.0\19\33c155d3-44d23f00 (Trojan.Dropper) -> No action taken. |
|
09.04.2011, 18:18
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Javavirus? Ich bin mir nicht sicher! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [{11899D98-AC90-DA3C-7D6B-D9068C9702C3}] C:\Users\Kevin\AppData\Roaming\Iwuxtu\opwe.exe ()
[2011.04.08 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{53B64EF5-E3A7-46F9-90BE-E6EEBC37FFF8}
[2011.04.07 23:49:51 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{22A6BBCE-9EC9-43C6-B2F7-77D82F803105}
[2011.04.07 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{DF2D22D4-8049-4A85-9564-84838B51808F}
[2011.04.06 23:48:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{97F1C110-F388-4B59-B9B1-BF59140DD1A3}
[2011.04.06 09:39:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{2BE6AE38-2CD9-49D5-B0A5-51061E9255D6}
[2011.04.05 12:08:47 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{BD2A8E5B-2AB8-4A24-9CE5-2C3BA80FCCE8}
[2011.04.04 10:37:29 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{216B1530-7B76-4AD5-8646-B3A524B79BF8}
[2011.04.03 15:31:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{485F533B-C346-4D58-B69F-CDC357275FFE}
[2011.04.02 10:12:01 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{6877AD41-2FE3-4E0B-99C5-71E07095BC54}
[2011.04.01 22:06:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{BBA688CE-5EF0-4448-8410-8FBC2CA71228}
[2011.04.01 10:05:57 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{C630D8EE-02F5-4CC1-A83F-F1FBC5D5636F}
[2011.03.31 21:06:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{C6D6D966-DD6B-41B9-B86B-E93721FDD907}
[2011.03.31 09:05:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{5C0C2D55-EAB3-4905-94F7-FE7BF474C9D5}
[2011.03.30 10:35:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{43F690AC-FB74-412B-946D-9467C77E8D93}
[2011.03.29 22:34:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{42BE7B07-681D-4989-97D4-A37A22FF84A2}
[2011.03.29 10:34:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{1D077972-A842-407B-A24B-D60B9B8A2C6A}
[2011.03.28 22:33:28 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{554703FD-B1C0-43FD-A7E5-D3FBB88A4253}
[2011.03.28 10:33:05 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{5B297F2E-9111-4B15-AB8C-CA9FCA3663E6}
[2011.03.27 12:13:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{75C2DD7A-244E-4296-909E-B8B4207FFB40}
[2011.03.26 14:28:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{2314DDE0-D67F-47EE-9496-2E9C0385174D}
[2011.03.25 11:35:19 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{AFC2D6A2-A2F3-4392-A96B-C6FAFFE551B6}
[2011.03.24 23:34:56 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{0C74DF1D-CCA7-4F21-A9C1-874FF81D638E}
[2011.03.24 11:29:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{CD60794A-379B-4EC7-868A-7DA4DFEC3AF1}
[2011.03.23 23:28:46 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{3BB4280A-D517-457F-BF94-0EB05C5D53BE}
[2011.03.23 11:28:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{F4A66CFD-D138-4F8F-855A-19AE2859D70E}
[2011.03.22 23:27:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{92916D16-17BF-483B-9FF3-B3CDC9D72540}
[2011.03.22 11:09:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{277DAF39-8C80-4030-ABFB-D608984F65E9}
[2011.03.21 13:05:04 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{FE7C4AAE-C972-477A-A497-EAE26E193F34}
[2011.03.21 01:04:30 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{F69C7B00-FC38-418E-84A0-51F6F7F84F54}
[2011.03.20 13:04:07 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{3796BF11-8614-4718-85BC-9A4FDA7BFA50}
[2011.03.19 11:54:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{E54667A9-790F-4886-AEB9-A778041C493F}
[2011.03.18 23:29:34 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{1DD9067F-8303-4E38-8E73-242C860CE67C}
[2011.03.18 11:29:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{4E8A8E2E-26B2-4376-A0EE-6F092FE4F4A3}
[2011.03.17 11:56:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{190CEFB0-B9B4-44B8-8CEC-A28AFFAAA1E1}
[2011.03.16 11:34:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{3031D5C8-484F-44A3-8450-25467953BD48}
[2011.03.15 23:34:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{5B25DE53-F92A-4368-A558-958A3779FBA8}
[2011.03.15 11:33:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{11FE18B9-0D6D-4909-B216-EFCFB8969A16}
[2011.03.14 13:05:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{A85D6531-6C75-416B-A6E0-431C335A52AB}
[2011.03.14 00:01:22 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{836399A1-0361-48D8-AFA5-B038E380391F}
[2011.03.12 12:15:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{22F5B7EC-776E-4286-9D4B-C64FAAF5A7B9}
[2011.03.11 14:52:04 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{886D6D9E-DAF4-46EA-B936-CB93D02695A0}
[2011.03.10 17:30:15 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{4FE790F8-807D-4FFD-9A93-BB2A85C57711}
[2011.04.08 19:30:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Uqinve
[2011.04.08 19:30:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Iwuxtu
[2011.04.09 01:21:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{A69B16C4-2615-453E-9A87-CB3D946F8C27}
[2011.04.08 20:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.04.09 11:04:40 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\kjobyqh.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.04.2011, 18:07
| #6 |
| | Javavirus? Ich bin mir nicht sicher! Hallo Cosinus Sorry mein Internet ging ne zeitlang nicht, ging nicht eher. Jedenfalls hab ich das nun gemacht, hier das Logfile: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{11899D98-AC90-DA3C-7D6B-D9068C9702C3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11899D98-AC90-DA3C-7D6B-D9068C9702C3}\ not found. File C:\Users\Kevin\AppData\Roaming\Iwuxtu\opwe.exe not found. C:\Users\Kevin\AppData\Local\{53B64EF5-E3A7-46F9-90BE-E6EEBC37FFF8} folder moved successfully. C:\Users\Kevin\AppData\Local\{22A6BBCE-9EC9-43C6-B2F7-77D82F803105} folder moved successfully. C:\Users\Kevin\AppData\Local\{DF2D22D4-8049-4A85-9564-84838B51808F} folder moved successfully. C:\Users\Kevin\AppData\Local\{97F1C110-F388-4B59-B9B1-BF59140DD1A3} folder moved successfully. C:\Users\Kevin\AppData\Local\{2BE6AE38-2CD9-49D5-B0A5-51061E9255D6} folder moved successfully. C:\Users\Kevin\AppData\Local\{BD2A8E5B-2AB8-4A24-9CE5-2C3BA80FCCE8} folder moved successfully. C:\Users\Kevin\AppData\Local\{216B1530-7B76-4AD5-8646-B3A524B79BF8} folder moved successfully. C:\Users\Kevin\AppData\Local\{485F533B-C346-4D58-B69F-CDC357275FFE} folder moved successfully. C:\Users\Kevin\AppData\Local\{6877AD41-2FE3-4E0B-99C5-71E07095BC54} folder moved successfully. C:\Users\Kevin\AppData\Local\{BBA688CE-5EF0-4448-8410-8FBC2CA71228} folder moved successfully. C:\Users\Kevin\AppData\Local\{C630D8EE-02F5-4CC1-A83F-F1FBC5D5636F} folder moved successfully. C:\Users\Kevin\AppData\Local\{C6D6D966-DD6B-41B9-B86B-E93721FDD907} folder moved successfully. C:\Users\Kevin\AppData\Local\{5C0C2D55-EAB3-4905-94F7-FE7BF474C9D5} folder moved successfully. C:\Users\Kevin\AppData\Local\{43F690AC-FB74-412B-946D-9467C77E8D93} folder moved successfully. C:\Users\Kevin\AppData\Local\{42BE7B07-681D-4989-97D4-A37A22FF84A2} folder moved successfully. C:\Users\Kevin\AppData\Local\{1D077972-A842-407B-A24B-D60B9B8A2C6A} folder moved successfully. C:\Users\Kevin\AppData\Local\{554703FD-B1C0-43FD-A7E5-D3FBB88A4253} folder moved successfully. C:\Users\Kevin\AppData\Local\{5B297F2E-9111-4B15-AB8C-CA9FCA3663E6} folder moved successfully. C:\Users\Kevin\AppData\Local\{75C2DD7A-244E-4296-909E-B8B4207FFB40} folder moved successfully. C:\Users\Kevin\AppData\Local\{2314DDE0-D67F-47EE-9496-2E9C0385174D} folder moved successfully. C:\Users\Kevin\AppData\Local\{AFC2D6A2-A2F3-4392-A96B-C6FAFFE551B6} folder moved successfully. C:\Users\Kevin\AppData\Local\{0C74DF1D-CCA7-4F21-A9C1-874FF81D638E} folder moved successfully. C:\Users\Kevin\AppData\Local\{CD60794A-379B-4EC7-868A-7DA4DFEC3AF1} folder moved successfully. C:\Users\Kevin\AppData\Local\{3BB4280A-D517-457F-BF94-0EB05C5D53BE} folder moved successfully. C:\Users\Kevin\AppData\Local\{F4A66CFD-D138-4F8F-855A-19AE2859D70E} folder moved successfully. C:\Users\Kevin\AppData\Local\{92916D16-17BF-483B-9FF3-B3CDC9D72540} folder moved successfully. C:\Users\Kevin\AppData\Local\{277DAF39-8C80-4030-ABFB-D608984F65E9} folder moved successfully. C:\Users\Kevin\AppData\Local\{FE7C4AAE-C972-477A-A497-EAE26E193F34} folder moved successfully. C:\Users\Kevin\AppData\Local\{F69C7B00-FC38-418E-84A0-51F6F7F84F54} folder moved successfully. C:\Users\Kevin\AppData\Local\{3796BF11-8614-4718-85BC-9A4FDA7BFA50} folder moved successfully. C:\Users\Kevin\AppData\Local\{E54667A9-790F-4886-AEB9-A778041C493F} folder moved successfully. C:\Users\Kevin\AppData\Local\{1DD9067F-8303-4E38-8E73-242C860CE67C} folder moved successfully. C:\Users\Kevin\AppData\Local\{4E8A8E2E-26B2-4376-A0EE-6F092FE4F4A3} folder moved successfully. C:\Users\Kevin\AppData\Local\{190CEFB0-B9B4-44B8-8CEC-A28AFFAAA1E1} folder moved successfully. C:\Users\Kevin\AppData\Local\{3031D5C8-484F-44A3-8450-25467953BD48} folder moved successfully. C:\Users\Kevin\AppData\Local\{5B25DE53-F92A-4368-A558-958A3779FBA8} folder moved successfully. C:\Users\Kevin\AppData\Local\{11FE18B9-0D6D-4909-B216-EFCFB8969A16} folder moved successfully. C:\Users\Kevin\AppData\Local\{A85D6531-6C75-416B-A6E0-431C335A52AB} folder moved successfully. C:\Users\Kevin\AppData\Local\{836399A1-0361-48D8-AFA5-B038E380391F} folder moved successfully. C:\Users\Kevin\AppData\Local\{22F5B7EC-776E-4286-9D4B-C64FAAF5A7B9} folder moved successfully. C:\Users\Kevin\AppData\Local\{886D6D9E-DAF4-46EA-B936-CB93D02695A0} folder moved successfully. C:\Users\Kevin\AppData\Local\{4FE790F8-807D-4FFD-9A93-BB2A85C57711} folder moved successfully. C:\Users\Kevin\AppData\Roaming\Uqinve folder moved successfully. C:\Users\Kevin\AppData\Roaming\Iwuxtu folder moved successfully. C:\Users\Kevin\AppData\Local\{A69B16C4-2615-453E-9A87-CB3D946F8C27} folder moved successfully. C:\ProgramData\TEMP folder moved successfully. File C:\Windows\System32\drivers\kjobyqh.sys not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes Mfg Kevin |
|
10.04.2011, 19:57
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Javavirus? Ich bin mir nicht sicher! Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2011, 09:03
| #8 |
| | Javavirus? Ich bin mir nicht sicher! Guten Morgeen! Hier ist der Log: 2011/04/11 10:01:03.0982 6132 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/11 10:01:04.0263 6132 ================================================================================ 2011/04/11 10:01:04.0263 6132 SystemInfo: 2011/04/11 10:01:04.0263 6132 2011/04/11 10:01:04.0263 6132 OS Version: 6.1.7600 ServicePack: 0.0 2011/04/11 10:01:04.0263 6132 Product type: Workstation 2011/04/11 10:01:04.0263 6132 ComputerName: KEVIN-PC 2011/04/11 10:01:04.0263 6132 UserName: Kevin 2011/04/11 10:01:04.0263 6132 Windows directory: C:\Windows 2011/04/11 10:01:04.0263 6132 System windows directory: C:\Windows 2011/04/11 10:01:04.0263 6132 Processor architecture: Intel x86 2011/04/11 10:01:04.0263 6132 Number of processors: 4 2011/04/11 10:01:04.0263 6132 Page size: 0x1000 2011/04/11 10:01:04.0263 6132 Boot type: Normal boot 2011/04/11 10:01:04.0263 6132 ================================================================================ 2011/04/11 10:01:04.0482 6132 Initialize success 2011/04/11 10:01:08.0881 2732 ================================================================================ 2011/04/11 10:01:08.0881 2732 Scan started 2011/04/11 10:01:08.0881 2732 Mode: Manual; 2011/04/11 10:01:08.0881 2732 ================================================================================ 2011/04/11 10:01:10.0659 2732 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/04/11 10:01:10.0706 2732 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/04/11 10:01:10.0737 2732 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/04/11 10:01:10.0768 2732 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/04/11 10:01:10.0846 2732 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/04/11 10:01:10.0878 2732 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/04/11 10:01:10.0924 2732 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/04/11 10:01:10.0956 2732 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/04/11 10:01:10.0987 2732 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/04/11 10:01:11.0127 2732 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/04/11 10:01:11.0143 2732 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/04/11 10:01:11.0190 2732 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/04/11 10:01:11.0236 2732 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/04/11 10:01:11.0346 2732 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/04/11 10:01:11.0377 2732 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/04/11 10:01:11.0424 2732 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/04/11 10:01:11.0455 2732 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/04/11 10:01:11.0533 2732 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/04/11 10:01:11.0642 2732 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/04/11 10:01:11.0704 2732 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/04/11 10:01:11.0767 2732 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/11 10:01:11.0814 2732 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/04/11 10:01:11.0907 2732 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/11 10:01:11.0985 2732 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/11 10:01:12.0048 2732 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/04/11 10:01:12.0157 2732 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/11 10:01:12.0344 2732 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/04/11 10:01:12.0391 2732 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/04/11 10:01:12.0406 2732 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/11 10:01:12.0453 2732 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/04/11 10:01:12.0469 2732 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/04/11 10:01:12.0500 2732 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/04/11 10:01:12.0531 2732 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/04/11 10:01:12.0594 2732 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/04/11 10:01:12.0656 2732 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/04/11 10:01:12.0687 2732 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/11 10:01:12.0765 2732 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/11 10:01:12.0952 2732 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/11 10:01:13.0030 2732 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/04/11 10:01:13.0140 2732 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/04/11 10:01:13.0249 2732 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/11 10:01:13.0280 2732 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/04/11 10:01:13.0389 2732 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/04/11 10:01:13.0436 2732 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/11 10:01:13.0561 2732 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/04/11 10:01:13.0779 2732 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/04/11 10:01:13.0920 2732 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2011/04/11 10:01:13.0998 2732 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/04/11 10:01:14.0044 2732 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/04/11 10:01:14.0091 2732 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/04/11 10:01:14.0154 2732 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/04/11 10:01:14.0232 2732 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 2011/04/11 10:01:14.0263 2732 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/11 10:01:14.0637 2732 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/04/11 10:01:14.0778 2732 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/04/11 10:01:14.0809 2732 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/04/11 10:01:14.0856 2732 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/04/11 10:01:14.0871 2732 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/04/11 10:01:14.0918 2732 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/11 10:01:14.0949 2732 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/04/11 10:01:14.0980 2732 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/04/11 10:01:14.0996 2732 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/11 10:01:15.0027 2732 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/04/11 10:01:15.0074 2732 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/04/11 10:01:15.0121 2732 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/11 10:01:15.0152 2732 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/04/11 10:01:15.0246 2732 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/04/11 10:01:15.0308 2732 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/04/11 10:01:15.0386 2732 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/04/11 10:01:15.0480 2732 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/11 10:01:15.0511 2732 HECI (fa5679693a532929d9ad76d941c65e61) C:\Windows\system32\DRIVERS\HECI.sys 2011/04/11 10:01:15.0526 2732 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/04/11 10:01:15.0558 2732 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/04/11 10:01:15.0589 2732 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/04/11 10:01:15.0620 2732 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/11 10:01:15.0682 2732 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/04/11 10:01:15.0714 2732 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/04/11 10:01:15.0745 2732 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/04/11 10:01:15.0760 2732 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/11 10:01:15.0776 2732 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/04/11 10:01:15.0823 2732 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/04/11 10:01:15.0916 2732 IntcAzAudAddService (5a4aad2240cb8b50ffeaedb2bf747abd) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/11 10:01:15.0963 2732 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/04/11 10:01:16.0010 2732 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/11 10:01:16.0041 2732 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/11 10:01:16.0072 2732 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/04/11 10:01:16.0088 2732 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/04/11 10:01:16.0119 2732 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/04/11 10:01:16.0150 2732 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/04/11 10:01:16.0166 2732 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/11 10:01:16.0197 2732 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/11 10:01:16.0213 2732 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/11 10:01:16.0228 2732 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/11 10:01:16.0260 2732 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/04/11 10:01:16.0306 2732 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/11 10:01:16.0338 2732 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/04/11 10:01:16.0353 2732 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/04/11 10:01:16.0384 2732 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/04/11 10:01:16.0400 2732 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/04/11 10:01:16.0431 2732 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/04/11 10:01:16.0509 2732 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys 2011/04/11 10:01:16.0618 2732 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys 2011/04/11 10:01:16.0681 2732 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 2011/04/11 10:01:16.0743 2732 LVUSBSta (90259f3a20fbaec1a08d74ef5415b9d8) C:\Windows\system32\drivers\lvusbsta.sys 2011/04/11 10:01:16.0806 2732 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/04/11 10:01:16.0837 2732 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/04/11 10:01:16.0884 2732 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/04/11 10:01:16.0915 2732 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/11 10:01:16.0930 2732 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/11 10:01:16.0962 2732 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/11 10:01:16.0977 2732 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/04/11 10:01:17.0008 2732 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/04/11 10:01:17.0040 2732 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/11 10:01:17.0071 2732 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/04/11 10:01:17.0118 2732 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/11 10:01:17.0133 2732 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/11 10:01:17.0180 2732 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/11 10:01:17.0211 2732 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/04/11 10:01:17.0242 2732 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/04/11 10:01:17.0289 2732 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/04/11 10:01:17.0305 2732 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/04/11 10:01:17.0320 2732 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/04/11 10:01:17.0352 2732 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/11 10:01:17.0383 2732 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/11 10:01:17.0398 2732 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/04/11 10:01:17.0414 2732 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/04/11 10:01:17.0445 2732 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/11 10:01:17.0461 2732 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/04/11 10:01:17.0476 2732 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/04/11 10:01:17.0492 2732 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/04/11 10:01:17.0523 2732 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/11 10:01:17.0586 2732 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/04/11 10:01:17.0617 2732 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/04/11 10:01:17.0664 2732 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/11 10:01:17.0695 2732 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/11 10:01:17.0710 2732 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/11 10:01:17.0742 2732 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/04/11 10:01:17.0757 2732 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/11 10:01:17.0773 2732 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/11 10:01:17.0820 2732 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/04/11 10:01:17.0866 2732 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/04/11 10:01:17.0898 2732 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/11 10:01:17.0960 2732 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/04/11 10:01:18.0007 2732 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/04/11 10:01:18.0054 2732 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys 2011/04/11 10:01:18.0397 2732 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/11 10:01:18.0490 2732 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/04/11 10:01:18.0522 2732 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/04/11 10:01:18.0584 2732 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/04/11 10:01:18.0880 2732 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/11 10:01:19.0395 2732 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/04/11 10:01:19.0910 2732 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/04/11 10:01:20.0144 2732 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/04/11 10:01:20.0269 2732 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/04/11 10:01:20.0706 2732 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/04/11 10:01:20.0908 2732 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/04/11 10:01:21.0174 2732 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/04/11 10:01:21.0361 2732 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/04/11 10:01:21.0704 2732 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/11 10:01:21.0766 2732 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/04/11 10:01:21.0876 2732 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/11 10:01:22.0110 2732 QCMerced (e7ac7b1e8ae57c3d55c661187ceebf11) C:\Windows\system32\DRIVERS\LVCM.sys 2011/04/11 10:01:22.0250 2732 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/04/11 10:01:22.0328 2732 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/04/11 10:01:22.0390 2732 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/11 10:01:22.0468 2732 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/11 10:01:22.0562 2732 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/04/11 10:01:22.0624 2732 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/11 10:01:22.0702 2732 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/11 10:01:22.0812 2732 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/11 10:01:22.0890 2732 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/11 10:01:23.0046 2732 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/04/11 10:01:23.0108 2732 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/11 10:01:23.0155 2732 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2011/04/11 10:01:23.0373 2732 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/11 10:01:23.0404 2732 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/04/11 10:01:23.0498 2732 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/04/11 10:01:23.0607 2732 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/04/11 10:01:23.0763 2732 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/11 10:01:23.0857 2732 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/04/11 10:01:23.0935 2732 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2011/04/11 10:01:24.0013 2732 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/04/11 10:01:24.0060 2732 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/04/11 10:01:24.0138 2732 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/11 10:01:24.0184 2732 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/11 10:01:24.0309 2732 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/04/11 10:01:24.0340 2732 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/04/11 10:01:24.0434 2732 sfdrv01 (56250672235bbe54ba8a4963b1ac997c) C:\Windows\system32\drivers\sfdrv01.sys 2011/04/11 10:01:24.0465 2732 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/04/11 10:01:24.0496 2732 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2011/04/11 10:01:24.0512 2732 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/04/11 10:01:24.0559 2732 sfhlp02 (3ad2b15ccc03febfbaf5ff057822aa75) C:\Windows\system32\drivers\sfhlp02.sys 2011/04/11 10:01:24.0606 2732 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/04/11 10:01:24.0684 2732 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\Windows\system32\drivers\sfsync02.sys 2011/04/11 10:01:24.0746 2732 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/04/11 10:01:24.0808 2732 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/04/11 10:01:24.0855 2732 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/04/11 10:01:24.0918 2732 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/04/11 10:01:24.0996 2732 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/04/11 10:01:25.0058 2732 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2011/04/11 10:01:25.0183 2732 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/11 10:01:25.0261 2732 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/11 10:01:25.0323 2732 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/11 10:01:25.0417 2732 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/04/11 10:01:25.0464 2732 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys 2011/04/11 10:01:25.0635 2732 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2011/04/11 10:01:25.0698 2732 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2011/04/11 10:01:25.0744 2732 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/11 10:01:25.0854 2732 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\Windows\system32\drivers\TBPanel.sys 2011/04/11 10:01:25.0947 2732 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/04/11 10:01:26.0056 2732 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/11 10:01:26.0103 2732 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/11 10:01:26.0119 2732 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/04/11 10:01:26.0134 2732 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/04/11 10:01:26.0166 2732 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/11 10:01:26.0181 2732 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/11 10:01:26.0212 2732 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/11 10:01:26.0259 2732 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/11 10:01:26.0290 2732 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/04/11 10:01:26.0306 2732 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/11 10:01:26.0337 2732 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/04/11 10:01:26.0368 2732 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/11 10:01:26.0400 2732 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/04/11 10:01:26.0431 2732 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 2011/04/11 10:01:26.0462 2732 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/11 10:01:26.0478 2732 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/04/11 10:01:26.0509 2732 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/11 10:01:26.0540 2732 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/11 10:01:26.0571 2732 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/04/11 10:01:26.0587 2732 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/11 10:01:26.0602 2732 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/11 10:01:26.0618 2732 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/11 10:01:26.0649 2732 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/04/11 10:01:26.0680 2732 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/11 10:01:26.0712 2732 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/04/11 10:01:26.0727 2732 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/04/11 10:01:26.0774 2732 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/04/11 10:01:26.0790 2732 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/04/11 10:01:26.0821 2732 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/04/11 10:01:26.0852 2732 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2011/04/11 10:01:26.0868 2732 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2011/04/11 10:01:26.0899 2732 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/04/11 10:01:26.0914 2732 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/04/11 10:01:26.0977 2732 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/04/11 10:01:27.0070 2732 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/04/11 10:01:27.0102 2732 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2011/04/11 10:01:27.0148 2732 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/04/11 10:01:27.0180 2732 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/11 10:01:27.0195 2732 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/11 10:01:27.0226 2732 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/04/11 10:01:27.0258 2732 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/11 10:01:27.0320 2732 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/04/11 10:01:27.0336 2732 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/04/11 10:01:27.0398 2732 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/11 10:01:27.0445 2732 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/11 10:01:27.0460 2732 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/04/11 10:01:27.0507 2732 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/11 10:01:27.0538 2732 ================================================================================ 2011/04/11 10:01:27.0538 2732 Scan finished 2011/04/11 10:01:27.0538 2732 ================================================================================ Gruß Kevin |
|
11.04.2011, 12:32
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Javavirus? Ich bin mir nicht sicher! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 12:29
| #10 |
| | Javavirus? Ich bin mir nicht sicher! Huhuuu Cosinus!! Hab Combofix ausgeführt, hier ist der Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-11.03 - Kevin 12.04.2011 13:24:29.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.3031.2218 [GMT 2:00]
ausgeführt von:: c:\users\Kevin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-12 bis 2011-04-12 ))))))))))))))))))))))))))))))
.
.
2011-04-12 11:26 . 2011-04-12 11:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-12 08:58 . 2011-04-12 08:58 -------- d-----w- c:\users\Kevin\AppData\Local\{CA2C6B73-2C88-44A8-BBB6-2C33BC69BBAA}
2011-04-12 08:34 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63632033-00A9-4022-B102-9406ED123178}\mpengine.dll
2011-04-11 21:07 . 2011-04-11 21:07 -------- d-----w- c:\programdata\Caphyon
2011-04-11 08:11 . 2011-04-11 08:11 -------- d-----w- c:\users\Kevin\AppData\Local\{C95F028E-D846-4D0D-BCBF-BB6E300F97D6}
2011-04-10 17:03 . 2011-04-10 17:03 -------- d-----w- C:\_OTL
2011-04-10 09:07 . 2011-04-10 09:07 -------- d-----w- c:\users\Kevin\AppData\Local\{DA4B23D3-B708-4258-BD56-11E93705630D}
2011-04-09 12:12 . 2011-04-09 12:13 -------- d-----w- c:\users\Kevin\AppData\Local\{40353C69-DBBA-4D01-AC06-900225AA853F}
2011-04-09 09:01 . 2011-04-09 09:01 -------- d-----w- c:\program files\CCleaner
2011-04-08 18:08 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-04-08 18:08 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-04-08 18:08 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-04-08 18:08 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-04-08 18:08 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-04-08 13:22 . 2011-04-08 18:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 14:19 . 2010-11-02 11:54 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 15:30 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 05:33 . 2011-03-09 14:52 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 14:52 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 14:52 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 22:10 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-11-02 11:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 19:33 . 2011-01-20 19:33 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2010-07-30 2158592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
" Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- d:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-03-29 08:08 119608 ----a-w- d:\program files\ICQ7.2\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 15:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 15:37 2178832 ----a-w- d:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-10-08 10:52 221184 ----a-w- c:\windows\System32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-29 20:06 1242448 ----a-w- d:\program files\Steam\Steam.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-20 218688]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - d:\program files\ICQ7.2\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\yh0ddx82.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-CamWizard - c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-12 13:27:20
ComboFix-quarantined-files.txt 2011-04-12 11:27
.
Vor Suchlauf: 9 Verzeichnis(se), 80.534.142.976 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 81.090.203.648 Bytes frei
.
- - End Of File - - DF9ADBF4A9B47931E362C6DB2A93AEFE
|
|
12.04.2011, 12:45
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Javavirus? Ich bin mir nicht sicher! Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 10:44
| #12 |
| | Javavirus? Ich bin mir nicht sicher! Guten Morgeen! Hier die Logs: GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-13 11:25:30
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AAKS-00H2B0 rev.07.04C07
Running: f3nxz28q.exe; Driver: C:\Users\Kevin\AppData\Local\Temp\agloqpod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83060589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83085092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746C2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746A5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746A56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746C250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746B8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746B4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746B50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746B51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746B66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746B82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746B8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746B907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [746BE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746B4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [03E02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [03E02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [03E02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[736] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [03E02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Kevin\Desktop\f3nxz28q.exe[5432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Kevin\Desktop\f3nxz28q.exe[5432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Kevin\Desktop\f3nxz28q.exe[5432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Kevin\Desktop\f3nxz28q.exe[5432] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 11:30:07 on 13.04.2011 OS: Windows 7 (Build 7600), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "agloqpod" (agloqpod) - ? - C:\Users\Kevin\AppData\Local\Temp\agloqpod.sys (Hidden registry entry, rootkit activity | File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Kevin\AppData\Local\Temp\catchme.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology" - C:\Windows\System32\drivers\sfdrv01.sys "StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology" - C:\Windows\System32\drivers\sfhlp02.sys "StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys "TBPanel" (TBPanel) - "Windows (R) 2000 DDK provider" - C:\Windows\system32\drivers\TBPanel.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0DE76E1C-40C5-4fae-A59A-44EF606A0B02} "AbbyyS2O.S2OShellExtension.1" - "ABBYY (BIT Software)" - D:\Program Files\ABBYY ScanTo Office 1.0\STOShellExtension.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll "ICQ7.4" - "ICQ, LLC." - D:\Program Files\ICQ7.2\ICQ7.4\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "{DBC80044-A445-435b-BC74-9C25C1C588A9}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "TBPanel" - ? - C:\Program Files\Vtune\TBPanel.exe /A -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe "LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index MBRcheck: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 32-bit Base Board Manufacturer: MSI BIOS Manufacturer: American Megatrends Inc. System Manufacturer: brunenIT System Product Name: MS-7636 Logical Drives Mask: 0x0000001c Kernel Drivers (total 185): 0x8301D000 \SystemRoot\system32\ntkrnlpa.exe 0x8342D000 \SystemRoot\system32\halmacpi.dll 0x80BB0000 \SystemRoot\system32\kdcom.dll 0x83612000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8368A000 \SystemRoot\system32\PSHED.dll 0x8369B000 \SystemRoot\system32\BOOTVID.dll 0x836A3000 \SystemRoot\system32\CLFS.SYS 0x836E5000 \SystemRoot\system32\CI.dll 0x83C2F000 \SystemRoot\system32\drivers\Wdf01000.sys 0x83CA0000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x83CAE000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x83CF6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x83CFF000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x83D07000 \SystemRoot\system32\DRIVERS\pci.sys 0x83D31000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x83D3C000 \SystemRoot\System32\drivers\partmgr.sys 0x83D4D000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x83D5D000 \SystemRoot\System32\drivers\volmgrx.sys 0x83DA8000 \SystemRoot\system32\DRIVERS\pciide.sys 0x83DAF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x83DBD000 \SystemRoot\System32\drivers\mountmgr.sys 0x83DD9000 \SystemRoot\system32\DRIVERS\atapi.sys 0x83C00000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x83C23000 \SystemRoot\system32\DRIVERS\msahci.sys 0x83DE2000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x83790000 \SystemRoot\system32\drivers\fltmgr.sys 0x83DEB000 \SystemRoot\system32\drivers\fileinfo.sys 0x83E29000 \SystemRoot\System32\Drivers\Ntfs.sys 0x83F58000 \SystemRoot\System32\Drivers\msrpc.sys 0x83F83000 \SystemRoot\System32\Drivers\ksecdd.sys 0x83F96000 \SystemRoot\System32\Drivers\cng.sys 0x83E00000 \SystemRoot\System32\drivers\pcw.sys 0x83E0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8B621000 \SystemRoot\system32\drivers\ndis.sys 0x8B6D8000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B716000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8B809000 \SystemRoot\System32\drivers\tcpip.sys 0x8B952000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B983000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x8B98C000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8B9CB000 \SystemRoot\System32\Drivers\spldr.sys 0x8B9D3000 \SystemRoot\System32\drivers\sfhlp02.sys 0x8B73B000 \SystemRoot\System32\drivers\rdyboost.sys 0x8B9EC000 \SystemRoot\System32\Drivers\mup.sys 0x8B800000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8B768000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8B79A000 \SystemRoot\system32\DRIVERS\disk.sys 0x8B7AB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8B600000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8B7F6000 \SystemRoot\System32\Drivers\Null.SYS 0x83E17000 \SystemRoot\System32\Drivers\Beep.SYS 0x83FF3000 \SystemRoot\System32\drivers\vga.sys 0x837C4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x837E5000 \SystemRoot\System32\drivers\watchdog.sys 0x83E1E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x837F2000 \SystemRoot\system32\drivers\rdpencdd.sys 0x83600000 \SystemRoot\system32\drivers\rdprefmp.sys 0x90021000 \SystemRoot\System32\Drivers\Msfs.SYS 0x9002C000 \SystemRoot\System32\Drivers\Npfs.SYS 0x9003A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x90051000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x9005C000 \SystemRoot\system32\drivers\afd.sys 0x900B6000 \SystemRoot\System32\DRIVERS\netbt.sys 0x900E8000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x900EF000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9010E000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9011C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9012F000 \SystemRoot\system32\DRIVERS\termdd.sys 0x9013F000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x90145000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x90186000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90190000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x9019A000 \SystemRoot\System32\drivers\discache.sys 0x90A18000 \SystemRoot\system32\drivers\csc.sys 0x90A7C000 \SystemRoot\System32\Drivers\dfsc.sys 0x90A94000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x90AA2000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x90AC8000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x90AE9000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x90C03000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x915FD000 \SystemRoot\System32\Drivers\nvBridge.kmd 0x90AFB000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x90BB2000 \SystemRoot\System32\drivers\dxgmms1.sys 0x901A6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x90BEB000 \SystemRoot\system32\DRIVERS\HECI.sys 0x90A00000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x96830000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x9687B000 \SystemRoot\system32\DRIVERS\Rt86win7.sys 0x968C0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x968CD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x968DF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x968F7000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x96902000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x96924000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x9693C000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x96953000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x9696A000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x96974000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x96981000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x9698E000 \SystemRoot\system32\DRIVERS\swenum.sys 0x96990000 \SystemRoot\system32\DRIVERS\ks.sys 0x969C4000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys 0x96800000 \SystemRoot\system32\DRIVERS\umbus.sys 0x96C24000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x96C68000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x96C86000 \SystemRoot\system32\drivers\nvhda32v.sys 0x96CA7000 \SystemRoot\system32\drivers\portcls.sys 0x96CD6000 \SystemRoot\system32\drivers\drmk.sys 0x9A00F000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x9B6F0000 \SystemRoot\System32\win32k.sys 0x9A306000 \SystemRoot\System32\drivers\Dxapi.sys 0x9A310000 \SystemRoot\System32\Drivers\crashdmp.sys 0x9A31D000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x9A328000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x9A332000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x9A343000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9B950000 \SystemRoot\System32\TSDDD.dll 0x9B980000 \SystemRoot\System32\cdd.dll 0x9A34E000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9A365000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x9A367000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x9A372000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x9A385000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x9A38C000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x9A398000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9A3A3000 \SystemRoot\system32\drivers\luafv.sys 0x9A3BE000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x9A3D3000 \SystemRoot\system32\drivers\WudfPf.sys 0x9A3ED000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x96D23000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x96D36000 \SystemRoot\system32\drivers\HTTP.sys 0x96DBB000 \SystemRoot\system32\DRIVERS\bowser.sys 0x96DD4000 \SystemRoot\System32\drivers\mpsdrv.sys 0x96C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x901C5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x96CEF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9A3FD000 \SystemRoot\System32\Drivers\TBPanel.SYS 0x9AE33000 \SystemRoot\system32\drivers\peauth.sys 0x9AECA000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9AED4000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9AEF5000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9AF02000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9AF51000 \SystemRoot\System32\DRIVERS\srv.sys 0x9AFA2000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys 0xA5285000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA528E000 \??\C:\Users\Kevin\AppData\Local\Temp\agloqpod.sys 0x77C40000 \Windows\System32\ntdll.dll 0x47C00000 \Windows\System32\smss.exe 0x77E80000 \Windows\System32\apisetschema.dll 0x00090000 \Windows\System32\autochk.exe 0x77E50000 \Windows\System32\imm32.dll 0x77DB0000 \Windows\System32\advapi32.dll 0x77B40000 \Windows\System32\wininet.dll 0x77AF0000 \Windows\System32\gdi32.dll 0x77A60000 \Windows\System32\clbcatq.dll 0x779B0000 \Windows\System32\rpcrt4.dll 0x778E0000 \Windows\System32\msctf.dll 0x77DA0000 \Windows\System32\lpk.dll 0x77840000 \Windows\System32\usp10.dll 0x777B0000 \Windows\System32\oleaut32.dll 0x77750000 \Windows\System32\difxapi.dll 0x776D0000 \Windows\System32\comdlg32.dll 0x77D90000 \Windows\System32\normaliz.dll 0x774D0000 \Windows\System32\iertutil.dll 0x77370000 \Windows\System32\ole32.dll 0x77330000 \Windows\System32\ws2_32.dll 0x77250000 \Windows\System32\kernel32.dll 0x770B0000 \Windows\System32\setupapi.dll 0x77080000 \Windows\System32\imagehlp.dll 0x77D80000 \Windows\System32\nsi.dll 0x77020000 \Windows\System32\shlwapi.dll 0x76F50000 \Windows\System32\user32.dll 0x76F30000 \Windows\System32\sechost.dll 0x76EE0000 \Windows\System32\Wldap32.dll 0x76290000 \Windows\System32\shell32.dll 0x76150000 \Windows\System32\urlmon.dll 0x760A0000 \Windows\System32\msvcrt.dll 0x76090000 \Windows\System32\psapi.dll 0x76060000 \Windows\System32\wintrust.dll 0x75F40000 \Windows\System32\crypt32.dll 0x75F20000 \Windows\System32\devobj.dll 0x75EF0000 \Windows\System32\cfgmgr32.dll 0x75EA0000 \Windows\System32\KernelBase.dll 0x75E10000 \Windows\System32\comctl32.dll 0x75E00000 \Windows\System32\msasn1.dll Processes (total 58): 0 System Idle Process 4 System 276 C:\Windows\System32\smss.exe 428 csrss.exe 496 C:\Windows\System32\wininit.exe 504 csrss.exe 544 C:\Windows\System32\services.exe 572 C:\Windows\System32\lsass.exe 580 C:\Windows\System32\lsm.exe 616 C:\Windows\System32\winlogon.exe 720 C:\Windows\System32\svchost.exe 816 C:\Windows\System32\nvvsvc.exe 856 C:\Windows\System32\svchost.exe 956 C:\Windows\System32\svchost.exe 988 C:\Windows\System32\svchost.exe 1020 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 1040 C:\Windows\System32\svchost.exe 1168 C:\Windows\System32\svchost.exe 1296 C:\Windows\System32\svchost.exe 1432 C:\Windows\System32\spoolsv.exe 1484 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1516 C:\Windows\System32\svchost.exe 1560 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1572 C:\Windows\System32\nvvsvc.exe 1844 C:\Windows\System32\taskhost.exe 1916 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1940 C:\Windows\System32\dwm.exe 2016 C:\Windows\System32\svchost.exe 2040 C:\Windows\System32\svchost.exe 292 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe 432 C:\Windows\System32\svchost.exe 736 C:\Windows\explorer.exe 424 C:\Windows\System32\svchost.exe 1536 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1608 C:\Windows\System32\conhost.exe 1600 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 1780 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe 2080 C:\Windows\System32\svchost.exe 2172 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 2336 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 2736 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 2756 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2780 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 2908 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 2944 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe 2956 C:\Program Files\Vtune\TBPANEL.exe 3232 C:\Windows\System32\svchost.exe 3448 C:\Windows\System32\taskhost.exe 3552 C:\Windows\System32\svchost.exe 3828 C:\Windows\System32\SearchIndexer.exe 4000 C:\Program Files\Windows Media Player\wmpnetwk.exe 3220 C:\Windows\System32\svchost.exe 4428 dllhost.exe 5024 C:\Windows\System32\svchost.exe 4200 C:\Windows\System32\audiodg.exe 4592 C:\Users\Kevin\Desktop\MBRCheck.exe 5700 C:\Windows\System32\conhost.exe 4504 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`6a100000 (NTFS) PhysicalDrive0 Model Number: WDCWD5000AAKS-00H2B0, Rev: 07.04C07 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! MFG Kevin |
|
13.04.2011, 11:12
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Javavirus? Ich bin mir nicht sicher! Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 12:12
| #14 |
| | Javavirus? Ich bin mir nicht sicher! Hier die Logs: (und ja ich hab die Tools geupdatet haha  )Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6350 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13.04.2011 12:55:37 mbam-log-2011-04-13 (12-55-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 230781 Laufzeit: 27 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SUPERAntiSpyware: SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 04/13/2011 at 12:52 PM Application Version : 4.50.1002 Core Rules Database Version : 6824 Trace Rules Database Version: 4636 Scan type : Complete Scan Total Scan Time : 00:24:13 Memory items scanned : 732 Memory threats detected : 0 Registry items scanned : 9508 Registry threats detected : 0 File items scanned : 21484 File threats detected : 16 Adware.Tracking Cookie C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@tracking.quisma[2].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@atdmt[1].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@content.yieldmanager[2].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@adfarm1.adition[2].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@serving-sys[2].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@content.yieldmanager[3].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@apmebf[1].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@mediaplex[2].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@zbox.zanox[2].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@tradedoubler[1].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@ad.zanox[2].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@ad.yieldmanager[2].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@ad2.adfarm1.adition[1].txt C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Cookies\kevin@doubleclick[1].txt Adware.Casino Games (Golden Palace Casino) D:\CASINO\CASINOCLUB\CASINO.EXE Trojan.Agent/Gen-FakeAlert[Local] D:\USERS\KEVIN\APPDATA\LOCAL\TEMP\STO10\SETUP.EXE Gruß Kevin |
|
13.04.2011, 12:48
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Javavirus? Ich bin mir nicht sicher! Sieht ok aus, da wurden nur Cookies/Fehlalarme gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Javavirus? Ich bin mir nicht sicher! |
| action, anti-malware, appdata, bösartige, cache, dateien, direkt, einfach, explorer, formatieren, formatieren?, guten, hoffe, java, leute, lieben, lösung, microsoft, minute, nicht sicher, problem, roaming, software, stunden, troja, version |
Linear-Darstellung
