| |
| |||||||
Log-Analyse und Auswertung: Laptop plötzlich extrem langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.04.2011, 21:08
| #1 |
| |  Laptop plötzlich extrem langsam Hallo, wie der Titel schon sagt, ist mein Problem, dass mein Laptop plötzlich sehr langsam ist. Ordner öffnen geht normal wie auch sonst, also bei selber Geschwindigkeit, aber alles andere (ich vermute es bezieht sich auf exe Dateien) dauert sehr lange. Sachen wir Firefox oder auch pdf-Dateien dauern ca. 30 Sekunden (bei pdf hab ich genau 30sec. gemessen) bis die sich öffnen. Auch ganz kleine Dateien, wie z.B. der Editor, Taschenrechner oder auch die Lautstärkeregelung, wenn ich sie unten rechts anklicke, dauern so lange. Lautstärkeregelung über Tastatur reagiert sofort, problemlos. Fussball Manager 10, was sonst problemlos lief, stürzt nun auch beim Laden ab. Hab auf den Arbeitsspeicher geschaut und da waren nur 30% belegt. Die Festplatten sind beide zu 0% fragmentiert und auch Antivir hab ich nen Komplettcheck machen lassen. Hat 4 Java-Dateien auf verdacht gemeldet. Denke nicht, dass das Viren waren, aber aus mittlerweile Ideenlosigkeit hab ich die auch gelöscht. Als das aufgetaucht ist saß ich an nem Bericht. Hatte also nur Word, pdf-Dateien und Google genutzt. Hab im Internet nichts geladen und auch nur auf informatieven Seiten gewesen zum Thema Sterilgutversorgungsabteilung im Krankenhaus. Denke nicht, dass auf einer der Seiten ein Virus war. Ich bin ratlos was es sein könnte und hoffe, dass ihr mir helfen könnt. Danke schonmal im Voraus. Die Logfiles sind im Anhang |
|
10.04.2011, 00:26
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Laptop plötzlich extrem langsam Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
10.04.2011, 17:10
| #3 |
| | Laptop plötzlich extrem langsam Malwarebytes hatte ich noch garnicht durchlaufen lassen. Habs jetzt getan.
__________________Hier die Ergebnisse (Quickscan): Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6324 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.04.2011 17:47:54 mbam-log-2011-04-10 (17-47-54).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150203 Laufzeit: 2 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 3 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{1D4DB7D0-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1D4DB7D1-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProductsInstaller.Start (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateien: c:\program files\funwebproducts\Installr\1.bin\F3EZSETP.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Users\Chris\AppData\Roaming\chkntfs.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. Nach dem Löschen der Dateien und nem Neustart nochmal durchlaufen lassen: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6324 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.04.2011 17:57:29 mbam-log-2011-04-10 (17-57-29).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 150075 Laufzeit: 4 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert hat sich nichts. Braucht immernoch ewig beim öffnen/laden/ausführen von Dateien. Ältere Log-Files von Malware gibts nur noch 2 und die aus dem August 2010, da ich es eig garnicht nutze. Werd später noch nen Vollscan machen und hier ergänzen, falls sich dort was findet. |
|
10.04.2011, 19:53
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop plötzlich extrem langsamZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.04.2011, 20:06
| #5 |
| | Laptop plötzlich extrem langsam Ok, hab nen Vollscan gemacht. Hat aber nichts mehr gefunden. Hatte davor auch aktualisiert. Ältere Logs hab ich nicht bis auf 2 vom August 2010, da ich das Programm sonst nicht genutzt habe. Ich denke nicht, dass diese 2 relevant sind, da der Laptop danach noch 8 Monate normal lief. Hier der Log vom Vollscan: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6324 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 10.04.2011 20:32:29 mbam-log-2011-04-10 (20-32-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 337467 Laufzeit: 1 Stunde(n), 41 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
10.04.2011, 20:10
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop plötzlich extrem langsam Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Freepack] C:\Users\Chris\AppData\Roaming\Libole\reswin.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9ec1d588-deba-11de-8b77-4061861244fb}\Shell - "" = AutoRun
O33 - MountPoints2\{9ec1d588-deba-11de-8b77-4061861244fb}\Shell\AutoRun\command - "" = F:\autorun.exe
[2009/11/30 21:29:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Bayhsa
[2010/08/06 00:53:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\C470712E1B8CAFD10DAF196D3BABCFF7
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Laptop plötzlich extrem langsam |
|
10.04.2011, 22:05
| #7 |
| | Laptop plötzlich extrem langsam OMG Es läuft wieder alles super  cosinus du bist mein Held  Und diese Seite die beste in Sachen Rechnerprobleme. Oh Gott, bin ich froh auf diese gestoßen zu sein Ich denke das Log-File wird dann nicht mehr wirklich benötigt, aber poste es abschließend der Vollständigkeit wegen. Nochmal einen riesigen Dank an cosinus. Endlich wieder normal arbeiten. All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from sweetim.toolbar.previous.keyword.URL Prefs.js: "SweetIM Search" removed from browser.search.defaultenginename Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully. File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Freepack deleted successfully. C:\Users\Chris\AppData\Roaming\Libole\reswin.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ec1d588-deba-11de-8b77-4061861244fb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ec1d588-deba-11de-8b77-4061861244fb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ec1d588-deba-11de-8b77-4061861244fb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ec1d588-deba-11de-8b77-4061861244fb}\ not found. File F:\autorun.exe not found. C:\Users\Chris\AppData\Roaming\Bayhsa folder moved successfully. C:\Users\Chris\AppData\Roaming\C470712E1B8CAFD10DAF196D3BABCFF7 folder moved successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Chris ->Temp folder emptied: 2257613 bytes ->Temporary Internet Files folder emptied: 2081716 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 56144938 bytes ->Flash cache emptied: 5776 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 455452 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 58.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04102011_224750 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
11.04.2011, 10:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop plötzlich extrem langsam Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2011, 13:24
| #9 |
| | Laptop plötzlich extrem langsam 2011/04/11 14:22:00.0041 1016 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/11 14:22:00.0431 1016 ================================================================================ 2011/04/11 14:22:00.0431 1016 SystemInfo: 2011/04/11 14:22:00.0431 1016 2011/04/11 14:22:00.0431 1016 OS Version: 6.1.7600 ServicePack: 0.0 2011/04/11 14:22:00.0431 1016 Product type: Workstation 2011/04/11 14:22:00.0446 1016 ComputerName: CHRIS-MSI 2011/04/11 14:22:00.0446 1016 UserName: Chris 2011/04/11 14:22:00.0446 1016 Windows directory: C:\Windows 2011/04/11 14:22:00.0446 1016 System windows directory: C:\Windows 2011/04/11 14:22:00.0446 1016 Processor architecture: Intel x86 2011/04/11 14:22:00.0446 1016 Number of processors: 2 2011/04/11 14:22:00.0446 1016 Page size: 0x1000 2011/04/11 14:22:00.0446 1016 Boot type: Normal boot 2011/04/11 14:22:00.0446 1016 ================================================================================ 2011/04/11 14:22:03.0878 1016 Initialize success 2011/04/11 14:22:07.0404 2072 ================================================================================ 2011/04/11 14:22:07.0404 2072 Scan started 2011/04/11 14:22:07.0404 2072 Mode: Manual; 2011/04/11 14:22:07.0404 2072 ================================================================================ 2011/04/11 14:22:08.0855 2072 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2011/04/11 14:22:09.0011 2072 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys 2011/04/11 14:22:09.0120 2072 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2011/04/11 14:22:09.0229 2072 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2011/04/11 14:22:09.0338 2072 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/04/11 14:22:09.0479 2072 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/04/11 14:22:09.0588 2072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/04/11 14:22:09.0713 2072 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2011/04/11 14:22:09.0806 2072 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2011/04/11 14:22:09.0916 2072 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/04/11 14:22:10.0040 2072 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2011/04/11 14:22:10.0165 2072 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2011/04/11 14:22:10.0259 2072 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2011/04/11 14:22:10.0352 2072 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/04/11 14:22:10.0462 2072 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/04/11 14:22:10.0586 2072 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2011/04/11 14:22:10.0680 2072 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/04/11 14:22:10.0789 2072 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2011/04/11 14:22:11.0039 2072 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2011/04/11 14:22:11.0195 2072 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/04/11 14:22:11.0257 2072 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/04/11 14:22:11.0351 2072 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 2011/04/11 14:22:11.0460 2072 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/11 14:22:11.0538 2072 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2011/04/11 14:22:11.0756 2072 atikmdag (7ad53cc3a290ed312d54727ddda98927) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/04/11 14:22:11.0990 2072 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/04/11 14:22:12.0115 2072 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/11 14:22:12.0193 2072 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/11 14:22:12.0318 2072 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/04/11 14:22:12.0443 2072 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/11 14:22:12.0568 2072 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/04/11 14:22:12.0677 2072 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/04/11 14:22:12.0786 2072 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/11 14:22:12.0833 2072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/04/11 14:22:12.0926 2072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/04/11 14:22:13.0020 2072 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/04/11 14:22:13.0082 2072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/04/11 14:22:13.0145 2072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/04/11 14:22:13.0207 2072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/04/11 14:22:13.0301 2072 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/11 14:22:13.0348 2072 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/04/11 14:22:13.0457 2072 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/11 14:22:13.0535 2072 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2011/04/11 14:22:13.0628 2072 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/11 14:22:13.0722 2072 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/11 14:22:13.0831 2072 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/11 14:22:13.0940 2072 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/04/11 14:22:14.0003 2072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/04/11 14:22:14.0096 2072 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/11 14:22:14.0143 2072 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2011/04/11 14:22:14.0221 2072 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/04/11 14:22:14.0330 2072 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/11 14:22:14.0424 2072 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2011/04/11 14:22:14.0549 2072 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/04/11 14:22:14.0674 2072 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys 2011/04/11 14:22:14.0798 2072 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\Windows\system32\Drivers\CVPNDRVA.sys 2011/04/11 14:22:14.0939 2072 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2011/04/11 14:22:14.0986 2072 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/04/11 14:22:15.0095 2072 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/04/11 14:22:15.0204 2072 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys 2011/04/11 14:22:15.0329 2072 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/04/11 14:22:15.0422 2072 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/11 14:22:15.0641 2072 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/04/11 14:22:15.0828 2072 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/04/11 14:22:15.0968 2072 enecir (70c764bfe0ec4b1b242e9626d3564443) C:\Windows\system32\DRIVERS\enecir.sys 2011/04/11 14:22:16.0015 2072 enecirhid (65bf24816c2814596253f312dd35f171) C:\Windows\system32\DRIVERS\enecirhid.sys 2011/04/11 14:22:16.0109 2072 enecirhidma (97d41e2831ac117af9bf8d0d9e9d027f) C:\Windows\system32\DRIVERS\enecirhidma.sys 2011/04/11 14:22:16.0202 2072 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2011/04/11 14:22:16.0499 2072 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/04/11 14:22:16.0577 2072 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/04/11 14:22:16.0639 2072 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/11 14:22:16.0717 2072 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/04/11 14:22:16.0780 2072 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/04/11 14:22:16.0858 2072 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/11 14:22:16.0920 2072 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/04/11 14:22:17.0029 2072 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/04/11 14:22:17.0076 2072 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/11 14:22:17.0201 2072 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 2011/04/11 14:22:17.0294 2072 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/04/11 14:22:17.0466 2072 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/04/11 14:22:17.0560 2072 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2011/04/11 14:22:17.0606 2072 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/11 14:22:17.0700 2072 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/04/11 14:22:17.0762 2072 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/04/11 14:22:17.0856 2072 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/04/11 14:22:17.0965 2072 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/11 14:22:18.0090 2072 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2011/04/11 14:22:18.0199 2072 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2011/04/11 14:22:18.0246 2072 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2011/04/11 14:22:18.0355 2072 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/11 14:22:18.0464 2072 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2011/04/11 14:22:18.0605 2072 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/04/11 14:22:18.0792 2072 IntcAzAudAddService (d991871aa47da7989540ac2c0f6ec533) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/11 14:22:18.0979 2072 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2011/04/11 14:22:19.0088 2072 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/11 14:22:19.0135 2072 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/11 14:22:19.0229 2072 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2011/04/11 14:22:19.0322 2072 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/04/11 14:22:19.0400 2072 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/04/11 14:22:19.0463 2072 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2011/04/11 14:22:19.0525 2072 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/11 14:22:19.0697 2072 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/11 14:22:19.0759 2072 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/11 14:22:19.0822 2072 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/11 14:22:19.0884 2072 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys 2011/04/11 14:22:20.0024 2072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/11 14:22:20.0149 2072 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/04/11 14:22:20.0258 2072 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/04/11 14:22:20.0368 2072 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/04/11 14:22:20.0446 2072 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/04/11 14:22:20.0524 2072 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/04/11 14:22:20.0633 2072 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/04/11 14:22:20.0742 2072 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/04/11 14:22:20.0867 2072 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/04/11 14:22:20.0960 2072 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/11 14:22:21.0070 2072 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/11 14:22:21.0179 2072 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/11 14:22:21.0272 2072 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2011/04/11 14:22:21.0304 2072 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2011/04/11 14:22:21.0382 2072 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/11 14:22:21.0475 2072 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2011/04/11 14:22:21.0584 2072 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/11 14:22:21.0694 2072 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/11 14:22:21.0740 2072 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/11 14:22:21.0850 2072 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2011/04/11 14:22:21.0912 2072 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2011/04/11 14:22:21.0990 2072 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/04/11 14:22:22.0099 2072 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/04/11 14:22:22.0177 2072 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2011/04/11 14:22:22.0302 2072 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/11 14:22:22.0396 2072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/11 14:22:22.0489 2072 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/04/11 14:22:22.0567 2072 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/04/11 14:22:22.0645 2072 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/11 14:22:22.0739 2072 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/04/11 14:22:22.0770 2072 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/04/11 14:22:22.0864 2072 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/04/11 14:22:22.0973 2072 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/11 14:22:23.0144 2072 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2011/04/11 14:22:23.0254 2072 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/04/11 14:22:23.0363 2072 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/11 14:22:23.0472 2072 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/11 14:22:23.0550 2072 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/11 14:22:23.0628 2072 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2011/04/11 14:22:23.0722 2072 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/11 14:22:23.0768 2072 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/11 14:22:23.0909 2072 netr28 (a03fe2ea906e7172290d9888b894903a) C:\Windows\system32\DRIVERS\netr28.sys 2011/04/11 14:22:24.0049 2072 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/04/11 14:22:24.0158 2072 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/04/11 14:22:24.0236 2072 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/11 14:22:24.0330 2072 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2011/04/11 14:22:24.0439 2072 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/04/11 14:22:24.0548 2072 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2011/04/11 14:22:24.0658 2072 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2011/04/11 14:22:24.0720 2072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2011/04/11 14:22:24.0829 2072 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/11 14:22:24.0970 2072 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/04/11 14:22:25.0016 2072 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2011/04/11 14:22:25.0094 2072 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/04/11 14:22:25.0141 2072 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2011/04/11 14:22:25.0219 2072 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2011/04/11 14:22:25.0266 2072 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/04/11 14:22:25.0360 2072 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/04/11 14:22:25.0438 2072 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/04/11 14:22:25.0640 2072 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/11 14:22:25.0734 2072 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/04/11 14:22:25.0828 2072 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/11 14:22:25.0937 2072 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/04/11 14:22:26.0093 2072 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/04/11 14:22:26.0140 2072 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/11 14:22:26.0233 2072 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/11 14:22:26.0327 2072 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/04/11 14:22:26.0405 2072 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/11 14:22:26.0514 2072 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/11 14:22:26.0639 2072 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/11 14:22:26.0732 2072 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/11 14:22:26.0795 2072 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/04/11 14:22:26.0873 2072 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/11 14:22:26.0982 2072 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/11 14:22:27.0060 2072 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/04/11 14:22:27.0154 2072 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2011/04/11 14:22:27.0263 2072 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2011/04/11 14:22:27.0372 2072 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/11 14:22:27.0512 2072 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/11 14:22:27.0622 2072 RSUSBSTOR (add91189bf904e66efbbf348bc703edd) C:\Windows\system32\Drivers\RtsUStor.sys 2011/04/11 14:22:27.0731 2072 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\Windows\system32\drivers\RtHDMIV.sys 2011/04/11 14:22:27.0840 2072 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys 2011/04/11 14:22:27.0965 2072 RTL8187Se (1117352dd3f1f457d6b2d0bcab9611be) C:\Windows\system32\DRIVERS\RTL8187Se.sys 2011/04/11 14:22:28.0090 2072 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2011/04/11 14:22:28.0183 2072 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2011/04/11 14:22:28.0324 2072 sdbus (aa826e35f6d28a8e5d1efeb337f24ba2) C:\Windows\system32\drivers\sdbus.sys 2011/04/11 14:22:28.0448 2072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/11 14:22:28.0558 2072 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/11 14:22:28.0620 2072 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/04/11 14:22:28.0729 2072 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/04/11 14:22:28.0854 2072 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/04/11 14:22:28.0916 2072 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/11 14:22:28.0994 2072 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/11 14:22:29.0057 2072 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/04/11 14:22:29.0150 2072 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2011/04/11 14:22:29.0244 2072 SiSGbeLH (6f0c643c7f49f2091b01d014eae72e1a) C:\Windows\system32\DRIVERS\SiSGB6.sys 2011/04/11 14:22:29.0353 2072 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/04/11 14:22:29.0416 2072 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/04/11 14:22:29.0525 2072 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/04/11 14:22:29.0650 2072 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys 2011/04/11 14:22:29.0806 2072 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/04/11 14:22:29.0977 2072 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/04/11 14:22:29.0977 2072 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/11 14:22:29.0993 2072 sptd - detected Locked file (1) 2011/04/11 14:22:30.0071 2072 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys 2011/04/11 14:22:30.0149 2072 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/11 14:22:30.0242 2072 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/11 14:22:30.0367 2072 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/11 14:22:30.0430 2072 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/04/11 14:22:30.0539 2072 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/11 14:22:30.0695 2072 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys 2011/04/11 14:22:30.0866 2072 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/11 14:22:30.0960 2072 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/11 14:22:31.0038 2072 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2011/04/11 14:22:31.0116 2072 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2011/04/11 14:22:31.0210 2072 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/11 14:22:31.0272 2072 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/11 14:22:31.0428 2072 toshidpt (85b6ff02491b6db3572b4f93e56cab7c) C:\Windows\system32\drivers\Toshidpt.sys 2011/04/11 14:22:31.0537 2072 tosporte (90afa1a4451bbbee87c9f18a665d8121) C:\Windows\system32\DRIVERS\tosporte.sys 2011/04/11 14:22:31.0662 2072 tosrfbd (b168b345fb7073930c31e0d8b85e8353) C:\Windows\system32\DRIVERS\tosrfbd.sys 2011/04/11 14:22:31.0787 2072 tosrfbnp (74392bab3f0d4810da8436ec79d6955d) C:\Windows\system32\Drivers\tosrfbnp.sys 2011/04/11 14:22:31.0896 2072 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\Windows\system32\Drivers\tosrfcom.sys 2011/04/11 14:22:32.0021 2072 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\Windows\system32\DRIVERS\Tosrfhid.sys 2011/04/11 14:22:32.0114 2072 tosrfnds (b2a1a6538245fd69578224bbf2fd4677) C:\Windows\system32\DRIVERS\tosrfnds.sys 2011/04/11 14:22:32.0192 2072 TosRfSnd (8b877e24550e7962da820c8c354ec33a) C:\Windows\system32\drivers\tosrfsnd.sys 2011/04/11 14:22:32.0270 2072 Tosrfusb (97529d04178bf604c62c5be4b8bb2129) C:\Windows\system32\DRIVERS\tosrfusb.sys 2011/04/11 14:22:32.0395 2072 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/11 14:22:32.0536 2072 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 2011/04/11 14:22:32.0645 2072 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/11 14:22:32.0738 2072 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/04/11 14:22:32.0801 2072 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/11 14:22:32.0926 2072 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2011/04/11 14:22:33.0035 2072 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/11 14:22:33.0082 2072 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/04/11 14:22:33.0175 2072 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/11 14:22:33.0269 2072 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2011/04/11 14:22:33.0331 2072 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/11 14:22:33.0440 2072 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/11 14:22:33.0534 2072 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/04/11 14:22:33.0643 2072 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/11 14:22:33.0768 2072 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/11 14:22:33.0830 2072 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/11 14:22:33.0924 2072 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/11 14:22:34.0049 2072 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys 2011/04/11 14:22:34.0220 2072 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2011/04/11 14:22:34.0330 2072 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/11 14:22:34.0423 2072 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/04/11 14:22:34.0501 2072 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2011/04/11 14:22:34.0595 2072 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2011/04/11 14:22:34.0673 2072 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/04/11 14:22:34.0751 2072 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2011/04/11 14:22:34.0829 2072 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2011/04/11 14:22:34.0907 2072 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/04/11 14:22:35.0016 2072 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2011/04/11 14:22:35.0125 2072 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/04/11 14:22:35.0203 2072 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/04/11 14:22:35.0266 2072 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/04/11 14:22:35.0390 2072 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/04/11 14:22:35.0500 2072 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/11 14:22:35.0515 2072 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/11 14:22:35.0593 2072 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/04/11 14:22:35.0702 2072 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/11 14:22:35.0858 2072 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/04/11 14:22:35.0921 2072 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/04/11 14:22:36.0092 2072 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/04/11 14:22:36.0217 2072 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/11 14:22:36.0358 2072 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/11 14:22:36.0436 2072 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/04/11 14:22:36.0545 2072 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/11 14:22:36.0654 2072 ================================================================================ 2011/04/11 14:22:36.0654 2072 Scan finished 2011/04/11 14:22:36.0654 2072 ================================================================================ 2011/04/11 14:22:36.0670 3404 Detected object count: 1 2011/04/11 14:22:41.0708 3404 Locked file(sptd) - User select action: Skip |
|
11.04.2011, 15:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop plötzlich extrem langsam Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2011, 21:34
| #11 |
| | Laptop plötzlich extrem langsam Combofix Logfile: Code:
ATTFilter ComboFix 11-04-11.01 - Chris 11.04.2011 22:12:18.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3071.2270 [GMT 2:00]
ausgeführt von:: c:\users\Chris\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20110111105058_wopaiwang110111zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111152957_shenguishijia110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111161918_yimengcaopanshou110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111174507_juedifanji110112zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110111174706_juedifanji110112zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110111174828_juedifanji110112cha15s.swf
c:\favoritevideo\InvisibleFolder\ckdll(0).dll
c:\favoritevideo\InvisibleFolder\ckdll.dll
c:\favoritevideo\InvisibleFolder\peer.dll.tpp
c:\favoritevideo\InvisibleFolder\TipsClient.dll
c:\users\Chris\AppData\Roaming\OfferBox
c:\users\Chris\AppData\Roaming\OfferBox\config.xml
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-11 bis 2011-04-11 ))))))))))))))))))))))))))))))
.
.
2011-04-11 20:19 . 2011-04-11 20:19 -------- d-----w- c:\users\Chris\AppData\Local\temp
2011-04-11 20:19 . 2011-04-11 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-08 15:12 . 2011-04-08 15:13 -------- d-----w- c:\program files\ERUNT
2011-04-08 14:06 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C92F0DC-2C44-4058-AF7C-FA331252D5DC}\mpengine.dll
2011-04-02 00:03 . 2011-04-10 20:47 -------- d-----w- c:\users\Chris\AppData\Roaming\Libole
2011-03-29 14:07 . 2011-03-29 14:12 -------- d-----w- c:\users\Chris\AppData\Roaming\gtk-2.0
2011-03-24 20:23 . 2011-03-24 20:23 -------- d-----w- c:\program files\SweetIM
2011-03-24 20:23 . 2011-03-24 20:23 -------- d-----w- c:\programdata\SweetIM
2011-03-20 21:56 . 2011-03-20 21:56 -------- d-----w- C:\TEMP
2011-03-14 15:47 . 2011-03-14 15:47 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-14 15:29 . 2011-03-14 15:29 -------- d-----w- c:\programdata\McAfee
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 16:14 . 2010-01-30 15:51 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-10 13:50 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 17:11 . 2009-12-06 23:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-12 16:37 . 2010-01-28 18:10 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2011-01-12 16:32 . 2011-01-11 21:03 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-01-12 16:32 . 2011-01-11 21:03 30016 ----a-w- c:\windows\system32\uxtuneup.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-02-01 141616]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2010-08-31 16:15 257384 ----a-w- c:\program files\AlterGeo\AlterGeo Magic Scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2009-08-05 2072576]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-1-17 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 136176]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-19 11776]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-24 5632]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 165888]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-01 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-13 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-01-12 1051968]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-25 17920]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-05-20 59904]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-08-04 616960]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 20:27]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 20:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} - hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=icq&c=c22b6b0c578a6734d&browserVersion=7.0
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\ja2gfkkv.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.werder.de/de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: iGraal: {e411bb40-b04c-11d8-92e7-00d09e0179f2} - %profile%\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1400721654-4045095933-167866262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1400721654-4045095933-167866262-1000)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1400721654-4045095933-167866262-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1400721654-4045095933-167866262-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:45,cd,2b,f2,6a,8e,48,17,0b,8a,f7,d9,82,a3,bf,2f,9a,5f,57,2f,49,f0,d8,
f0,87,7f,d6,f7,81,df,03,62,a7,f2,40,58,f6,04,99,ad,71,15,ed,26,3c,9d,63,c2,\
"??"=hex:d4,7e,af,80,12,bc,48,f9,1b,84,8b,a6,f7,8c,df,9f
.
[HKEY_USERS\S-1-5-21-1400721654-4045095933-167866262-1000\Software\SecuROM\License information*]
"datasecu"=hex:f0,79,46,86,01,97,ef,e8,22,e8,3e,80,01,a2,0d,66,e5,14,d2,cd,d5,
e2,5a,8d,89,5b,44,f4,5d,84,24,09,39,e5,14,7d,6b,15,f7,50,7c,95,9c,86,48,15,\
"rkeysecu"=hex:bb,c7,00,ab,53,4c,bf,bc,78,20,c3,79,2b,89,41,0d
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-11 22:21:03
ComboFix-quarantined-files.txt 2011-04-11 20:21
.
Vor Suchlauf: 13 Verzeichnis(se), 44.114.743.296 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 43.647.123.456 Bytes frei
.
- - End Of File - - 1F9616DAF365379F1AB1511A4D1731A5
|
|
12.04.2011, 10:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop plötzlich extrem langsam Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 12:04
| #13 |
| | Laptop plötzlich extrem langsam GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-12 12:56:20
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 FUJITSU_MJA2500BH_G2 rev.00000018
Running: 8vd4v19s.exe; Driver: C:\Users\Chris\AppData\Local\Temp\fwtdqpob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83093589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B8092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\sple.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91031000, 0x2D4FC0, 0xE8000020]
.text USBPORT.SYS!DllUnload 92315CA0 5 Bytes JMP 86BB01D8
.text aa96845z.SYS 9243D000 12 Bytes CALL 79325306
.text aa96845z.SYS 9243D00D 9 Bytes [C7, 01, 83, 48, EB, 01, 83, ...] {MOV DWORD [ECX], 0x1eb4883; ADD DWORD [EAX], 0x0}
.text aa96845z.SYS 9243D017 20 Bytes [00, DE, 87, 51, 8B, E6, 85, ...]
.text aa96845z.SYS 9243D02C 20 Bytes [00, 00, 00, 00, C0, E1, 08, ...]
.text aa96845z.SYS 9243D041 37 Bytes [86, 0B, 83, 60, 85, 0B, 83, ...]
.text ...
.vmp2 C:\Windows\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0x9A02769D]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[3404] ntdll.dll!LdrLoadDll 770CF5B5 5 Bytes JMP 012313F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B41C042] \SystemRoot\System32\Drivers\sple.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B41C6D6] \SystemRoot\System32\Drivers\sple.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B41C800] \SystemRoot\System32\Drivers\sple.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B41C13E] \SystemRoot\System32\Drivers\sple.sys
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [005AB7E8] \Windows\System32\autochk.exe (Auto Check Utility/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\aa96845z.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 859811F8
Device \Driver\volmgr \Device\VolMgrControl 8597D1F8
Device \Driver\usbohci \Device\USBPDO-0 86BB11F8
Device \Driver\usbohci \Device\USBPDO-1 86BB11F8
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-2 86BB21F8
Device \Driver\volmgr \Device\HarddiskVolume1 8597D1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 8597D1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 86A381F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 8597F1F8
Device \Driver\atapi \Device\Ide\IdePort0 8597F1F8
Device \Driver\atapi \Device\Ide\IdePort1 8597F1F8
Device \Driver\atapi \Device\Ide\IdePort2 8597F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8597F1F8
Device \Driver\volmgr \Device\HarddiskVolume3 8597D1F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom1 86A381F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{8F4AB138-4242-4E68-A1CD-93984287FC51} 86AB34D8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86AB34D8
Device \Driver\PCI_PNP5674 \Device\0000005b sple.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{9CEAE4BB-75D5-483C-B5C6-6A1D7D330654} 86AB34D8
Device \Driver\usbohci \Device\USBFDO-0 86BB11F8
Device \Driver\sptd \Device\3713813675 sple.sys
Device \Driver\usbohci \Device\USBFDO-1 86BB11F8
Device \Driver\usbehci \Device\USBFDO-2 86BB21F8
Device \Driver\aa96845z \Device\Scsi\aa96845z1 86BD81F8
Device \Driver\aa96845z \Device\Scsi\aa96845z1Port3Path0Target0Lun0 86BD81F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024214c425a
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x61 0xCA 0x8B 0x3C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0xD0 0x8E 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0x77 0x99 0xED ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024214c425a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x61 0xCA 0x8B 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x76 0xD0 0x8E 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0x77 0x99 0xED ...
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:01:47 on 12.04.2011 OS: Windows 7 Home Premium Edition (Build 7600), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "TosBtLocalCOM" - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\LocalCOM.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aa96845z" (aa96845z) - "Microsoft Corporation" - C:\Windows\system32\drivers\aa96845z.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Chris\AppData\Local\Temp\catchme.sys (File not found) "Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys "fwtdqpob" (fwtdqpob) - ? - C:\Users\Chris\AppData\Local\Temp\fwtdqpob.sys (Hidden registry entry, rootkit activity | File not found) "IVI ASPI Shell" (Iviaspi) - ? - C:\Windows\System32\drivers\iviaspi.sys (File not found) "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} "belarc" - ? - (File not found | COM-object registry key not found) {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth Information Exchanger" - "TOSHIBA" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {6514CF27-CAB1-4577-81A9-EC81618C5003} "FlexHEX Context Menu Handler" - "Inv Sofrworks LLC" - C:\Program Files\FlexHEX\FxCtx.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll (File found, but it contains no detailed information) {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} "SeeTooControl Class" - "Linqee Ltd." - C:\Windows\Downloaded Program Files\SeeTooAddon.dll / hxxp://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=icq&c=c22b6b0c578a6734d&browserVersion=7.0 {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe "PPLive" - "PPLive Corporation" - C:\Program Files\PPLive\PPTV\PPLive.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} "AlterGeoBHO Class" - "Wi2Geo" - C:\Program Files\AlterGeo\AlterGeo Magic Scanner\2.8.8.615\AlterGeo.BrowserPlugin.dll {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "VPN Client.lnk" - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Shortcut exists | File exists) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "MGSysCtrl" - "Micro-Star International Co., Ltd." - C:\Program Files\System Control Manager\MGSysCtrl.exe "WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll "Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - C:\Program Files\Nero\Update\NASvc.exe "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe "Micro Star SCM" (Micro Star SCM) - "Micro-Star International Co., Ltd." - C:\Program Files\System Control Manager\MSIService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 32-bit Base Board Manufacturer: MICRO-STAR INT'L CO., LTD BIOS Manufacturer: American Megatrends Inc. System Manufacturer: Micro-Star International System Product Name: A7005 Logical Drives Mask: 0x0000003c Kernel Drivers (total 198): 0x83050000 \SystemRoot\system32\ntkrnlpa.exe 0x83019000 \SystemRoot\system32\halmacpi.dll 0x80BC0000 \SystemRoot\system32\kdcom.dll 0x83611000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x83689000 \SystemRoot\system32\PSHED.dll 0x8369A000 \SystemRoot\system32\BOOTVID.dll 0x836A2000 \SystemRoot\system32\CLFS.SYS 0x836E4000 \SystemRoot\system32\CI.dll 0x8378F000 \SystemRoot\system32\drivers\Wdf01000.sys 0x83600000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8B41A000 \SystemRoot\System32\Drivers\sple.sys 0x8B50D000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8B516000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x8B53C000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x8B584000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x8B58C000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x8B597000 \SystemRoot\system32\DRIVERS\pci.sys 0x8B5C1000 \SystemRoot\System32\drivers\partmgr.sys 0x8B5D2000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8B5DA000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8B5E5000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x8B63F000 \SystemRoot\System32\drivers\volmgrx.sys 0x8B68A000 \SystemRoot\system32\DRIVERS\pciide.sys 0x8B691000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x8B69F000 \SystemRoot\System32\drivers\mountmgr.sys 0x8B6B5000 \SystemRoot\system32\DRIVERS\atapi.sys 0x8B6BE000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x8B6E1000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x8B6EA000 \SystemRoot\system32\drivers\fltmgr.sys 0x8B71E000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B80E000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B93D000 \SystemRoot\System32\Drivers\msrpc.sys 0x8B968000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B97B000 \SystemRoot\System32\Drivers\cng.sys 0x8B9D8000 \SystemRoot\System32\drivers\pcw.sys 0x8B9E6000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x8B72F000 \SystemRoot\system32\drivers\ndis.sys 0x8B600000 \SystemRoot\system32\drivers\NETIO.SYS 0x8BA2F000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8BA54000 \SystemRoot\System32\drivers\tcpip.sys 0x8BB9D000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8BC19000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x8BC58000 \SystemRoot\System32\Drivers\spldr.sys 0x8BC60000 \SystemRoot\System32\drivers\rdyboost.sys 0x8BC8D000 \SystemRoot\System32\Drivers\mup.sys 0x8BC9D000 \SystemRoot\System32\drivers\hwpolicy.sys 0x8BCA5000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x8BCD7000 \SystemRoot\system32\DRIVERS\disk.sys 0x8BCE8000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8BD3F000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8BD5E000 \SystemRoot\System32\Drivers\Null.SYS 0x8BD65000 \SystemRoot\System32\Drivers\Beep.SYS 0x8BD6C000 \SystemRoot\System32\drivers\vga.sys 0x8BD78000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8BD99000 \SystemRoot\System32\drivers\watchdog.sys 0x8BDA6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8BDAE000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8BDB6000 \SystemRoot\system32\drivers\rdprefmp.sys 0x8BDBE000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8BDC9000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8BDD7000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8BDEE000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x9081E000 \SystemRoot\system32\drivers\afd.sys 0x90878000 \SystemRoot\System32\DRIVERS\netbt.sys 0x908AA000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x908B1000 \SystemRoot\system32\DRIVERS\pacer.sys 0x908D0000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x908E1000 \SystemRoot\system32\DRIVERS\netbios.sys 0x908EF000 \SystemRoot\System32\Drivers\tosrfcom.sys 0x908FF000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x90912000 \SystemRoot\system32\DRIVERS\termdd.sys 0x90922000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x90928000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x90969000 \SystemRoot\system32\drivers\nsiproxy.sys 0x90973000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x9097D000 \SystemRoot\System32\drivers\discache.sys 0x90989000 \SystemRoot\System32\Drivers\dfsc.sys 0x909A1000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x909AF000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x909D5000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x909D7000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x90800000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x91030000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x91544000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x92237000 \SystemRoot\System32\drivers\dxgmms1.sys 0x92270000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x9228F000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x922A7000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x922B4000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x922C1000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x922C5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x922CE000 \SystemRoot\system32\DRIVERS\enecir.sys 0x922E7000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x922F1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x9233C000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x9234B000 \SystemRoot\system32\DRIVERS\SiSGB6.sys 0x9235B000 \SystemRoot\system32\DRIVERS\netr28.sys 0x92200000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x9243C000 \SystemRoot\System32\Drivers\aa96845z.SYS 0x92475000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x92482000 \SystemRoot\system32\DRIVERS\dne2000.sys 0x924A0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x924B2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x924CA000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x924D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x924F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x9250F000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x92526000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x9253D000 \SystemRoot\system32\DRIVERS\swenum.sys 0x9253F000 \SystemRoot\system32\DRIVERS\ks.sys 0x92573000 \SystemRoot\system32\DRIVERS\circlass.sys 0x92581000 \SystemRoot\system32\DRIVERS\umbus.sys 0x9258F000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x925D3000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x92400000 \SystemRoot\system32\drivers\RtHDMIV.sys 0x91000000 \SystemRoot\system32\drivers\portcls.sys 0x925E4000 \SystemRoot\system32\drivers\drmk.sys 0x98634000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x988BC000 \SystemRoot\system32\DRIVERS\hidir.sys 0x988CB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x988DE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x988E5000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x988F1000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x988FC000 \SystemRoot\system32\DRIVERS\tosporte.sys 0x98F50000 \SystemRoot\System32\win32k.sys 0x98907000 \SystemRoot\System32\drivers\Dxapi.sys 0x98911000 \SystemRoot\System32\Drivers\crashdmp.sys 0x9891E000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x98929000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x98932000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x98943000 \SystemRoot\system32\DRIVERS\monitor.sys 0x98965000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x991B0000 \SystemRoot\System32\TSDDD.dll 0x991E0000 \SystemRoot\System32\cdd.dll 0x98994000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x9899F000 \SystemRoot\system32\drivers\luafv.sys 0x989BA000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x989CF000 \SystemRoot\system32\drivers\WudfPf.sys 0x989E9000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9A032000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9A078000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9A088000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9A09B000 \SystemRoot\system32\drivers\HTTP.sys 0x9A120000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9A139000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9A14B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9A16E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x9A1A9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9A000000 \??\C:\Windows\system32\drivers\acedrv11.sys 0x9EE37000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys 0x9EEC7000 \SystemRoot\system32\drivers\peauth.sys 0x9EF5E000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9EF68000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9EF89000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9EF96000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9C02E000 \SystemRoot\System32\DRIVERS\srv.sys 0x9C07F000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 0x9C0EA000 \??\C:\Users\Chris\AppData\Local\Temp\fwtdqpob.sys 0x77070000 \Windows\System32\ntdll.dll 0x48210000 \Windows\System32\smss.exe 0x772B0000 \Windows\System32\apisetschema.dll 0x00510000 \Windows\System32\autochk.exe 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll 0x77250000 \Windows\System32\Wldap32.dll 0x771B0000 \Windows\System32\usp10.dll 0x77030000 \Windows\System32\ws2_32.dll 0x76FA0000 \Windows\System32\clbcatq.dll 0x76EF0000 \Windows\System32\msvcrt.dll 0x76E90000 \Windows\System32\shlwapi.dll 0x76C90000 \Windows\System32\iertutil.dll 0x76B50000 \Windows\System32\urlmon.dll 0x769F0000 \Windows\System32\ole32.dll 0x769D0000 \Windows\System32\imm32.dll 0x76950000 \Windows\System32\comdlg32.dll 0x76870000 \Windows\System32\kernel32.dll 0x767A0000 \Windows\System32\msctf.dll 0x76710000 \Windows\System32\oleaut32.dll 0x76700000 \Windows\System32\lpk.dll 0x76560000 \Windows\System32\setupapi.dll 0x76530000 \Windows\System32\imagehlp.dll 0x76510000 \Windows\System32\sechost.dll 0x76500000 \Windows\System32\nsi.dll 0x764B0000 \Windows\System32\gdi32.dll 0x76410000 \Windows\System32\advapi32.dll 0x763B0000 \Windows\System32\difxapi.dll 0x76300000 \Windows\System32\rpcrt4.dll 0x756B0000 \Windows\System32\shell32.dll 0x755B0000 \Windows\System32\wininet.dll 0x754E0000 \Windows\System32\user32.dll 0x754D0000 \Windows\System32\psapi.dll 0x754C0000 \Windows\System32\normaliz.dll 0x754A0000 \Windows\System32\devobj.dll 0x75470000 \Windows\System32\cfgmgr32.dll 0x75350000 \Windows\System32\crypt32.dll 0x75300000 \Windows\System32\KernelBase.dll 0x752D0000 \Windows\System32\wintrust.dll 0x75240000 \Windows\System32\comctl32.dll 0x75230000 \Windows\System32\msasn1.dll Processes (total 57): 0 System Idle Process 4 System 272 C:\Windows\System32\smss.exe 412 csrss.exe 484 C:\Windows\System32\wininit.exe 508 csrss.exe 532 C:\Windows\System32\services.exe 560 C:\Windows\System32\lsass.exe 568 C:\Windows\System32\lsm.exe 656 C:\Windows\System32\winlogon.exe 728 C:\Windows\System32\svchost.exe 828 C:\Windows\System32\svchost.exe 880 C:\Windows\System32\atiesrxx.exe 948 C:\Windows\System32\svchost.exe 996 C:\Windows\System32\svchost.exe 1032 C:\Windows\System32\svchost.exe 1172 C:\Windows\System32\svchost.exe 1288 C:\Windows\System32\atieclxx.exe 1336 C:\Windows\System32\svchost.exe 1524 C:\Windows\System32\spoolsv.exe 1560 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1580 C:\Windows\System32\svchost.exe 1740 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 1760 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1804 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 1840 C:\Program Files\System Control Manager\MSIService.exe 1900 C:\Windows\System32\svchost.exe 1936 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe 1948 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1964 C:\Windows\System32\conhost.exe 2000 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE 844 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE 2636 C:\Windows\System32\svchost.exe 2748 C:\Windows\System32\taskhost.exe 2804 C:\Windows\System32\dwm.exe 2876 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe 2948 C:\Windows\explorer.exe 3064 C:\Windows\System32\svchost.exe 3264 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3272 C:\Program Files\Winamp\winampa.exe 3284 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3296 C:\Program Files\System Control Manager\MGSysCtrl.exe 3372 C:\Windows\System32\wbem\unsecapp.exe 3396 C:\Program Files\Windows Sidebar\sidebar.exe 3568 WmiPrvSE.exe 4020 C:\Program Files\Windows Media Player\wmpnetwk.exe 1784 C:\Windows\System32\svchost.exe 3404 C:\Program Files\Mozilla Firefox\firefox.exe 1084 dllhost.exe 416 C:\Program Files\Nero\Update\NASvc.exe 2628 C:\Windows\System32\svchost.exe 2084 C:\Windows\System32\audiodg.exe 292 C:\Windows\System32\svchost.exe 2928 C:\Windows\servicing\TrustedInstaller.exe 1440 C:\Users\Chris\Desktop\MBRCheck.exe 1368 C:\Windows\System32\conhost.exe 976 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`13800000 (NTFS) PhysicalDrive0 Model Number: FUJITSUMJA2500BHG2, Rev: 00000018 Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
12.04.2011, 12:16
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laptop plötzlich extrem langsam Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 20:18
| #15 |
| | Laptop plötzlich extrem langsam Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 6351 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13.04.2011 16:50:11 mbam-log-2011-04-13 (16-50-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 339954 Laufzeit: 1 Stunde(n), 22 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SUPERAntiSpyware Scan Log SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! Generated 04/13/2011 at 08:58 PM Application Version : 4.50.1002 Core Rules Database Version : 6824 Trace Rules Database Version: 4636 Scan type : Complete Scan Total Scan Time : 02:31:29 Memory items scanned : 679 Memory threats detected : 0 Registry items scanned : 9604 Registry threats detected : 0 File items scanned : 189688 File threats detected : 6 Adware.Tracking Cookie C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@content.yieldmanager[3].txt C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@ad.yieldmanager[2].txt C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@content.yieldmanager[2].txt C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Cookies\chris@doubleclick[1].txt media.mtvnservices.com [ C:\Users\Chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XZ5Y8S4R ] secure-us.imrworldwide.com [ C:\Users\Chris\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XZ5Y8S4R ] |
|
| Themen zu Laptop plötzlich extrem langsam |
| antivir, check, dateien, exe, exe dateien, festplatte, firefox, google, internet, klicke, laden, langsam, laptop, logfiles, ordner, problem, ratlos, rechner, sehr langsam, seite, seiten, sekunden, tastatur, verdacht, viren, virus, öffnen |
Linear-Darstellung
