| |
| |||||||
Log-Analyse und Auswertung: Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.04.2011, 14:44
| #1 |
 |  Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Hallo in die Runde, zuerstmal freue ich mich, daß es solche engagierten Foren wie dieses gibt. Die Symptome, die mein Rechner seit kurzem zeigt sind folgende: - nach unbestimmter Zeit Fehlermeldung "Host für Windows-Dienste funktioniert nicht mehr", danach lassen sich in verschiedenen Programmen (Photoshop, Word, etc.) keine Dateien mehr öffnen, ohne daß das jeweilige Programm abstürzt. Außerdem stürzt dann meistens auch der Windows-Explorer ab, ein Neustart wird notwendig. Eine typische Meldung: Problemsignatur Problemereignisame: APPCRASH Anwendungsname: svchost.exe Anwendungsversion: 6.0.6001.18000 Anwendungszeitstempel: 47918b89 Fehlermodulname: ntdll.dll Fehlermodulversion: 6.0.6001.18000 Fehlermodulzeitstempel: 4791a7a6 Ausnahmecode: c000071b Ausnahmeoffset: 00088ed9 Betriebsystemversion: 6.0.6001.2.1.0.768.3 Gebietsschema-ID: 1031 Zusatzinformation 1: 0e02 Zusatzinformation 2: b21b56b606e7544720668ce364087082 Zusatzinformation 3: 0e02 Zusatzinformation 4: b21b56b606e7544720668ce364087082 - Firefox öffnet selbständig Tabs mit Werbeseiten, bei Google-Anfragen werden Ergebnisse auf ebensolche Seiten umgelenkt. - gestern hatte ich zudem mehrmals Bluescreens, die sind heute allerdings nicht wieder aufgetaucht. Ich habe eure Schritte zur Eingrenzung des Problems soweit befolgt und hänge euch die entsprechenden Logfiles an. Gmer sagt u.a.: Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found Das ist für mich als Laie leider das einzige, was ich einigermaßen einordnen kann - für Lösungsvorschläge bin ich sehr dankbar! Herzliche Grüße, larnaka |
|
11.04.2011, 15:24
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Bitte mal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
__________________ |
|
11.04.2011, 16:11
| #3 |
| | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Hallo, Arne,
__________________Danke für die schnelle Antwort - habe das Tool ausgeführt, es hat einen Schädling entdeckt und das log nach Neustart ist folgendes: 2011/04/11 16:55:07.0139 3468 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/11 16:55:07.0732 3468 ================================================================================ 2011/04/11 16:55:07.0732 3468 SystemInfo: 2011/04/11 16:55:07.0732 3468 2011/04/11 16:55:07.0732 3468 OS Version: 6.0.6001 ServicePack: 1.0 2011/04/11 16:55:07.0732 3468 Product type: Workstation 2011/04/11 16:55:07.0732 3468 ComputerName: *** 2011/04/11 16:55:07.0732 3468 UserName: *** 2011/04/11 16:55:07.0732 3468 Windows directory: C:\Windows 2011/04/11 16:55:07.0732 3468 System windows directory: C:\Windows 2011/04/11 16:55:07.0732 3468 Processor architecture: Intel x86 2011/04/11 16:55:07.0732 3468 Number of processors: 2 2011/04/11 16:55:07.0732 3468 Page size: 0x1000 2011/04/11 16:55:07.0732 3468 Boot type: Normal boot 2011/04/11 16:55:07.0732 3468 ================================================================================ 2011/04/11 16:55:09.0229 3468 Initialize success Beste Grüße, Joerg |
|
11.04.2011, 18:16
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Wo ist das Log zuvor? hast du auch Malwarebytes Logfiles? Wenn ja bitte alle posten.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.04.2011, 20:12
| #5 |
| | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Ich habe wohl die Möglichkeit übersehen, vorher ein logfile zu machen. Es gibt jedenfalls nur das eine von TDSSKiller. Malwarebytes lieferte zu Beginn des ganzen Problems folgendes ab: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6256 Windows 6.0.6000 Internet Explorer 8.0.6001.18904 03.04.2011 20:16:22 mbam-log-2011-04-03 (20-16-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Durchsuchte Objekte: 295813 Laufzeit: 1 Stunde(n), 38 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\setool2lite v1.11\setool2lt.exe (Malware.Packer.T) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\usr.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\***\AppData\Local\Temp\srvcbc.tmp.vir (Spyware.Passwords) -> Quarantined and deleted successfully. Jetzt, nach Bereinigung sieht es so aus: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6335 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18904 11.04.2011 20:56:47 mbam-log-2011-04-11 (20-56-47).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 151064 Laufzeit: 2 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Gruß, Joerg |
|
12.04.2011, 09:15
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Mach bitte einen neuen Vollscan mit aktuellen Signaturen.
__________________ --> Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? |
|
12.04.2011, 14:29
| #7 |
| | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? ...so, hier kommen nochmal die Ergebnisse aller neuen Durchläufe. Die Symptome sind übrigens sämtlich verschwunden, alles läuft wieder normal. MALWAREBYTES: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6335 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19019 12.04.2011 15:10:23 mbam-log-2011-04-12 (15-10-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 364934 Laufzeit: 1 Stunde(n), 18 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.04.2011 11:12:07 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 216,41 Gb Total Space | 35,49 Gb Free Space | 16,40% Space Free | Partition Type: NTFS Drive D: | 107,22 Gb Total Space | 27,33 Gb Free Space | 25,49% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive G: | 931,51 Gb Total Space | 373,33 Gb Free Space | 40,08% Space Free | Partition Type: NTFS Drive I: | 3,74 Gb Total Space | 3,03 Gb Free Space | 80,94% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.11 14:06:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2011.03.19 09:06:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.18 19:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.11.13 11:49:18 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.13 11:49:18 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.10.16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.06.03 18:33:16 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe PRC - [2010.06.03 18:33:14 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe PRC - [2010.04.22 16:29:39 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.12.17 12:02:28 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe ========== Modules (SafeList) ========== MOD - [2011.04.11 14:06:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2010.05.04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll MOD - [2008.01.18 23:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.19 09:06:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.13 11:49:18 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.06.03 18:33:16 | 000,162,936 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc) SRV - [2010.06.03 18:33:14 | 000,306,296 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Programme\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler) ========== Driver Services (SafeList) ========== DRV - [2011.03.19 09:06:45 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.26 11:30:57 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.22 08:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.01.06 18:20:00 | 000,528,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.12.08 21:19:22 | 000,113,664 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.12.07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.20 19:39:43 | 000,300,544 | ---- | M] (AfaTech ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2009.04.06 09:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009.04.06 09:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.15 14:36:31 | 000,033,792 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV58.sys -- (SSHDRV58) DRV - [2008.11.19 00:18:36 | 000,126,984 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TotRec7.sys -- (TotRec7) DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM) DRV - [2007.12.06 13:50:50 | 000,103,424 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.11.08 02:52:10 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter) DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.22 16:30:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.10 14:14:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.12 10:58:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.12 10:58:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.04.06 09:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.03 11:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.06 10:23:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xo7axb5z.default\extensions [2011.04.06 10:23:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xo7axb5z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.06 10:23:19 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xo7axb5z.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2011.04.06 10:23:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xo7axb5z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.06 10:23:18 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\xo7axb5z.default\extensions\moveplayer@movenetworks.com [2011.04.06 10:20:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.23 09:13:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} File not found (No name found) -- [2010.06.23 09:13:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.06.23 09:13:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: G:\reisen\2010_06_20_sylt\DSC00361.JPG O24 - Desktop BackupWallPaper: G:\reisen\2010_06_20_sylt\DSC00361.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.08.19 11:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.17 04:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{878d3230-ece9-11df-b6d6-001e101f33aa}\Shell - "" = AutoRun O33 - MountPoints2\{878d3230-ece9-11df-b6d6-001e101f33aa}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{89c25d39-f01f-11df-b9dc-001d926bedf1}\Shell - "" = AutoRun O33 - MountPoints2\{89c25d39-f01f-11df-b9dc-001d926bedf1}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{b2255727-e8af-11df-bf62-001d926bedf1}\Shell - "" = AutoRun O33 - MountPoints2\{b2255727-e8af-11df-bf62-001d926bedf1}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{b2255732-e8af-11df-bf62-001d926bedf1}\Shell - "" = AutoRun O33 - MountPoints2\{b2255732-e8af-11df-bf62-001d926bedf1}\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - - File not found MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BCSSync - hkey= - key= - File not found MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - File not found MsConfig - StartUpReg: Family Tree Builder Update - hkey= - key= - C:\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) MsConfig - StartUpReg: fsc-reg - hkey= - key= - C:\ProgramData\fsc-reg\fscreg.exe (Fujitsu Siemens Computers) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found MsConfig - StartUpReg: OfficeSyncProcess - hkey= - key= - File not found MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - File not found MsConfig - StartUpReg: QuickFinder Scheduler - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: TrojanScanner - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.04.12 10:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.04.12 10:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.04.12 10:57:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2011.04.12 09:29:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2011.04.12 09:29:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2011.04.12 09:29:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2011.04.12 08:55:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2011.04.12 08:22:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer [2011.04.11 22:55:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.04.11 20:53:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.11 20:53:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.11 20:52:08 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe [2011.04.11 16:50:58 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\TDSSKiller.exe [2011.04.11 14:14:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.11 14:13:25 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.04.11 14:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.11 14:06:37 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe [2011.04.11 14:06:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.04.11 14:06:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe [2011.04.10 14:33:53 | 000,075,064 | ---- | C] (Fujitsu Technology Solutions) -- C:\Users\***\Desktop\Serial.exe [2011.04.10 14:13:24 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2011.04.09 21:23:56 | 000,000,000 | ---D | C] -- C:\PerfLogs [2011.04.06 11:30:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backups [2011.04.06 11:18:46 | 000,000,000 | ---D | C] -- C:\Navilog1 [2011.04.06 11:18:45 | 000,000,000 | ---D | C] -- C:\Programme\Navilog1 [2011.04.03 18:35:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.04.03 18:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.03 18:35:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.03 18:18:34 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2011.03.28 14:47:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.03.28 14:43:04 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software [2011.03.26 23:34:42 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\FFOutput [2011.03.26 23:34:02 | 000,000,000 | ---D | C] -- C:\Programme\FreeTime [2011.03.18 21:15:20 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Music_Maker_17_Premium_Download-Version [2011.03.18 20:22:44 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_MusicEditor [2011.03.18 18:30:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX Downloads [2011.03.18 18:30:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MAGIX [2010.02.05 18:03:49 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeB369.dll [2004.12.13 09:57:36 | 000,065,536 | ---- | C] ( ) -- C:\Windows\System32\RCCOLLAB.DLL ========== Files - Modified Within 30 Days ========== [2011.04.12 11:15:19 | 000,631,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.12 11:15:19 | 000,598,212 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.12 11:15:19 | 000,127,860 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.12 11:15:19 | 000,105,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.12 11:10:49 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.12 11:08:44 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.12 11:08:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.12 11:08:20 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.12 11:08:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.12 11:03:40 | 000,001,048 | ---- | M] () -- C:\Users\***\Desktop\gmer.zip [2011.04.12 11:03:34 | 000,008,903 | ---- | M] () -- C:\Users\***\Desktop\Extras.zip [2011.04.12 11:03:26 | 000,013,608 | ---- | M] () -- C:\Users\***\Desktop\OTL.zip [2011.04.12 10:59:02 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.12 10:56:46 | 000,000,183 | ---- | M] () -- C:\Windows\WISO.INI [2011.04.12 09:36:58 | 003,867,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.11 23:07:38 | 186,449,920 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl [2011.04.11 23:07:37 | 001,114,112 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx [2011.04.11 23:07:37 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf [2011.04.11 20:53:42 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.11 20:52:39 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup.exe [2011.04.11 16:10:09 | 000,167,427 | ---- | M] () -- C:\Windows\System32\test.exe [2011.04.11 14:13:25 | 000,000,739 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.04.11 14:13:25 | 000,000,720 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.04.11 14:06:49 | 000,301,568 | ---- | M] () -- C:\Users\***\Desktop\g2m3e4r.exe [2011.04.11 14:06:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\***\Desktop\Erunt-setup.exe [2011.04.11 14:06:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.04.11 14:06:43 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe [2011.04.11 13:58:32 | 000,377,280 | ---- | M] () -- C:\Users\***\Desktop\Load.exe [2011.04.10 18:58:05 | 352,381,077 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.10 14:33:53 | 000,075,064 | ---- | M] (Fujitsu Technology Solutions) -- C:\Users\***\Desktop\Serial.exe [2011.04.10 13:27:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011.04.09 20:55:07 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2011.04.09 20:54:57 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2011.04.09 20:46:54 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl [2011.04.06 10:17:24 | 000,320,082 | ---- | M] () -- C:\Users\***\Documents\cc_20110406_101703.reg [2011.03.28 14:47:37 | 000,009,394 | -HS- | M] () -- C:\ProgramData\5nfu81broaes3q06d [2011.03.28 14:47:36 | 000,009,394 | -HS- | M] () -- C:\Users\***\AppData\Local\5nfu81broaes3q06d [2011.03.24 14:12:18 | 000,005,301 | ---- | M] () -- C:\Windows\ULEAD32.INI [2011.03.19 09:06:45 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.18 21:26:01 | 000,000,028 | ---- | M] () -- C:\Windows\Robota.INI [2011.03.13 13:36:01 | 000,009,241 | ---- | M] () -- C:\Users\***\Desktop\Anleitung.html ========== Files Created - No Company Name ========== [2011.04.12 11:03:40 | 000,001,048 | ---- | C] () -- C:\Users\***\Desktop\gmer.zip [2011.04.12 11:03:34 | 000,008,903 | ---- | C] () -- C:\Users\***\Desktop\Extras.zip [2011.04.12 11:03:26 | 000,013,608 | ---- | C] () -- C:\Users\***\Desktop\OTL.zip [2011.04.11 23:11:48 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2011.04.11 23:11:18 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2011.04.11 23:11:16 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2011.04.11 23:11:10 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2011.04.11 23:11:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.11 23:11:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.04.11 23:11:01 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2011.04.11 23:10:56 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2011.04.11 23:10:43 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2011.04.11 23:10:42 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2011.04.11 23:10:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.04.11 23:10:01 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2011.04.11 23:09:55 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2011.04.11 22:53:47 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.04.11 22:53:47 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.04.11 22:53:47 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.04.11 20:53:42 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.11 16:10:09 | 000,167,427 | ---- | C] () -- C:\Windows\System32\test.exe [2011.04.11 14:13:25 | 000,000,739 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2011.04.11 14:13:25 | 000,000,720 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2011.04.11 14:06:37 | 000,301,568 | ---- | C] () -- C:\Users\***\Desktop\g2m3e4r.exe [2011.04.11 13:58:28 | 000,377,280 | ---- | C] () -- C:\Users\***\Desktop\Load.exe [2011.04.10 14:13:25 | 000,002,365 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.04.10 13:27:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2011.04.09 20:20:29 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc [2011.04.09 20:20:28 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs [2011.04.09 20:18:11 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl [2011.04.09 19:20:22 | 000,000,950 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011.04.06 14:38:39 | 352,381,077 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.06 10:17:06 | 000,320,082 | ---- | C] () -- C:\Users\***\Documents\cc_20110406_101703.reg [2011.04.03 18:21:19 | 000,000,955 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.03.30 20:02:44 | 000,001,752 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center.lnk [2011.03.28 13:36:21 | 000,009,394 | -HS- | C] () -- C:\Users\***\AppData\Local\5nfu81broaes3q06d [2011.03.28 13:36:21 | 000,009,394 | -HS- | C] () -- C:\ProgramData\5nfu81broaes3q06d [2011.03.25 11:26:47 | 000,152,566 | ---- | C] () -- C:\Users\***\Desktop\1981_43_anleitung.jpg [2011.03.18 21:26:01 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2011.03.13 13:41:20 | 000,009,241 | ---- | C] () -- C:\Users\***\Desktop\Anleitung.html [2011.01.06 01:19:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.01.06 01:07:09 | 000,004,140 | ---- | C] () -- C:\ProgramData\oafcpcef.qqj [2010.05.09 14:53:54 | 000,000,023 | ---- | C] () -- C:\Windows\tm.ini [2010.03.09 13:59:33 | 000,040,448 | ---- | C] () -- C:\Windows\System32\AfaRcPlugin.dll [2009.07.11 22:46:00 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI [2009.04.20 19:39:45 | 000,000,196 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2009.04.13 12:53:21 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.03.14 17:00:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2009.03.04 23:06:40 | 000,001,391 | ---- | C] () -- C:\Windows\MyHeritage.INI [2009.03.04 23:01:27 | 000,000,527 | ---- | C] () -- C:\Windows\Viewer.INI [2009.02.06 13:56:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.01.15 14:36:31 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV58.sys [2008.12.27 20:17:02 | 000,000,000 | ---- | C] () -- C:\Windows\CleaningLab.INI [2008.12.27 20:02:42 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.12.27 20:02:05 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.12.11 19:26:00 | 000,019,666 | ---- | C] () -- C:\Users\***\AppData\Local\internal.grp [2008.12.03 11:58:41 | 000,000,090 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.11.04 14:52:49 | 000,000,214 | ---- | C] () -- C:\Windows\Assimil_d_pl.INI [2008.05.01 12:08:23 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\rx_image32.Cache [2008.04.11 09:18:49 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI [2008.04.02 11:00:10 | 000,304,640 | ---- | C] () -- C:\Windows\System32\gsbest32.dll [2008.04.02 10:58:06 | 000,000,223 | ---- | C] () -- C:\Windows\BUHL.INI [2008.04.01 21:43:29 | 000,000,183 | ---- | C] () -- C:\Windows\WISO.INI [2008.03.28 00:36:01 | 000,020,531 | -H-- | C] () -- C:\ProgramData\R49LW [2008.03.24 15:01:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008.03.24 15:00:43 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2008.03.04 15:35:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.03.03 22:51:50 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2008.02.28 12:18:19 | 000,009,728 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.27 23:42:41 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI [2008.02.27 23:42:25 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat [2008.02.27 23:42:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [2008.02.27 22:12:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.27 22:12:22 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.02.27 21:57:07 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008.02.27 21:48:24 | 000,005,301 | ---- | C] () -- C:\Windows\ULEAD32.INI [2008.02.27 21:20:57 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2008.02.26 23:24:18 | 000,002,516 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2008.02.26 23:24:18 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\2A81B31AB8.sys [2007.06.05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 17:33:31 | 000,631,720 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,127,860 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 003,867,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,212 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,105,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2005.11.11 12:43:28 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libssl32.dll [2005.11.11 12:43:24 | 000,887,296 | ---- | C] () -- C:\Windows\System32\libeay32.dll ========== LOP Check ========== [2010.07.14 10:10:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BOM [2009.07.10 17:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.12.28 11:59:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2008.08.19 23:16:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\COWON [2010.06.07 18:31:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2011.01.05 14:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2009.03.10 01:11:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FocusDVD [2008.03.25 15:16:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\funkitron [2010.10.21 10:27:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.03.02 00:02:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lasersoft Imaging [2011.03.18 20:22:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2011.01.06 01:07:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOVAVI [2009.03.14 17:00:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyHeritage [2010.06.23 11:22:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2009.03.26 15:28:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NeatImage PS [2009.03.26 15:26:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NeatImage SL [2008.03.04 15:43:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pixmantec [2009.06.27 01:33:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RawTherapee [2009.03.03 22:00:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2010.12.25 16:31:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2008.12.03 11:59:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online [2009.03.14 17:00:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Complete Genealogy Reporter - FTB [2011.03.03 11:38:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2008.12.30 19:09:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TotalRecorder [2010.01.22 22:38:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UltraExplorer [2011.04.12 11:06:16 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.02.26 22:52:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2008.03.25 15:22:05 | 000,000,000 | ---D | M] -- C:\Big Fish Games [2011.04.12 09:38:56 | 000,000,000 | -HSD | M] -- C:\Boot [2008.03.25 15:22:39 | 000,000,000 | ---D | M] -- C:\Brockhaus2008 [2008.02.26 22:54:00 | 000,000,000 | ---D | M] -- C:\ClipInc [2008.04.11 19:45:38 | 000,000,000 | ---D | M] -- C:\ConvertTemp [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.02.26 22:48:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.08.14 09:55:51 | 000,000,000 | ---D | M] -- C:\downloads [2008.02.15 04:28:34 | 000,000,000 | R--D | M] -- C:\DRIVER [2008.02.26 22:54:10 | 000,000,000 | ---D | M] -- C:\ebay [2008.02.26 22:54:10 | 000,000,000 | ---D | M] -- C:\FirstSteps [2008.02.26 22:54:22 | 000,000,000 | ---D | M] -- C:\Google [2008.02.27 23:42:04 | 000,000,000 | ---D | M] -- C:\KPCMS [2008.02.15 04:28:34 | 000,000,000 | R--D | M] -- C:\MANUAL [2010.10.20 19:31:13 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.03.16 13:12:04 | 000,000,000 | ---D | M] -- C:\My Music [2009.03.14 17:00:28 | 000,000,000 | ---D | M] -- C:\MyHeritage [2011.04.07 19:13:56 | 000,000,000 | ---D | M] -- C:\Navilog1 [2010.11.10 15:27:52 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.04.09 21:23:56 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.11 14:13:25 | 000,000,000 | R--D | M] -- C:\Programme [2011.04.12 10:58:12 | 000,000,000 | ---D | M] -- C:\ProgramData [2008.02.26 22:48:17 | 000,000,000 | -HSD | M] -- C:\Programme [2011.04.12 11:13:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.02.15 14:40:22 | 000,000,000 | ---D | M] -- C:\TMP [2009.12.12 00:16:09 | 000,000,000 | R--D | M] -- C:\Users [2011.04.12 09:39:08 | 000,000,000 | ---D | M] -- C:\Windows [2008.02.15 04:10:35 | 000,000,000 | ---D | M] -- C:\x86 < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2007.11.03 01:52:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2007.11.03 01:17:50 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2007.11.03 01:17:50 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-12 07:08:45 ========== Alternate Data Streams ========== @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > TDSSKiller: 2011/04/12 12:29:23.0454 2784 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/12 12:29:23.0485 2784 ================================================================================ 2011/04/12 12:29:23.0485 2784 SystemInfo: 2011/04/12 12:29:23.0485 2784 2011/04/12 12:29:23.0485 2784 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/12 12:29:23.0485 2784 Product type: Workstation 2011/04/12 12:29:23.0485 2784 ComputerName: ***-PC 2011/04/12 12:29:23.0485 2784 UserName: *** 2011/04/12 12:29:23.0485 2784 Windows directory: C:\Windows 2011/04/12 12:29:23.0485 2784 System windows directory: C:\Windows 2011/04/12 12:29:23.0485 2784 Processor architecture: Intel x86 2011/04/12 12:29:23.0485 2784 Number of processors: 2 2011/04/12 12:29:23.0485 2784 Page size: 0x1000 2011/04/12 12:29:23.0485 2784 Boot type: Normal boot 2011/04/12 12:29:23.0485 2784 ================================================================================ 2011/04/12 12:29:31.0846 2784 Initialize success 2011/04/12 12:29:46.0713 4060 ================================================================================ 2011/04/12 12:29:46.0713 4060 Scan started 2011/04/12 12:29:46.0713 4060 Mode: Manual; 2011/04/12 12:29:46.0713 4060 ================================================================================ 2011/04/12 12:29:47.0119 4060 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/12 12:29:47.0181 4060 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/12 12:29:47.0228 4060 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/04/12 12:29:47.0259 4060 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/04/12 12:29:47.0275 4060 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/04/12 12:29:47.0306 4060 AF15BDA (25e12313338e476293178bcae4d6f4e2) C:\Windows\system32\DRIVERS\AF15BDA.sys 2011/04/12 12:29:47.0368 4060 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/12 12:29:47.0415 4060 agp440 (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys 2011/04/12 12:29:47.0431 4060 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/12 12:29:47.0462 4060 aliide (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys 2011/04/12 12:29:47.0493 4060 amdagp (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys 2011/04/12 12:29:47.0524 4060 amdide (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys 2011/04/12 12:29:47.0540 4060 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/04/12 12:29:47.0556 4060 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/04/12 12:29:47.0602 4060 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/04/12 12:29:47.0634 4060 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/04/12 12:29:47.0680 4060 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/12 12:29:47.0712 4060 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/04/12 12:29:47.0790 4060 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/04/12 12:29:47.0821 4060 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/12 12:29:47.0868 4060 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/12 12:29:47.0899 4060 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/12 12:29:47.0946 4060 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/12 12:29:47.0977 4060 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/12 12:29:47.0992 4060 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/12 12:29:48.0024 4060 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/12 12:29:48.0039 4060 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/12 12:29:48.0055 4060 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/12 12:29:48.0070 4060 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/12 12:29:48.0117 4060 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/12 12:29:48.0211 4060 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/12 12:29:48.0242 4060 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/12 12:29:48.0273 4060 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/04/12 12:29:48.0320 4060 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/12 12:29:48.0351 4060 cmdide (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys 2011/04/12 12:29:48.0367 4060 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys 2011/04/12 12:29:48.0398 4060 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/12 12:29:48.0414 4060 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/04/12 12:29:48.0460 4060 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/12 12:29:48.0507 4060 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/12 12:29:48.0554 4060 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/12 12:29:48.0601 4060 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/12 12:29:48.0648 4060 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/12 12:29:48.0710 4060 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/12 12:29:48.0788 4060 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/04/12 12:29:48.0882 4060 ewusbnet (4b36d96340200512c7974307d0f7d8b3) C:\Windows\system32\DRIVERS\ewusbnet.sys 2011/04/12 12:29:48.0928 4060 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/12 12:29:48.0960 4060 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/12 12:29:48.0991 4060 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/12 12:29:49.0038 4060 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/12 12:29:49.0053 4060 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/12 12:29:49.0069 4060 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/12 12:29:49.0131 4060 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/12 12:29:49.0178 4060 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/12 12:29:49.0209 4060 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/12 12:29:49.0256 4060 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys 2011/04/12 12:29:49.0272 4060 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys 2011/04/12 12:29:49.0318 4060 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/12 12:29:49.0365 4060 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/12 12:29:49.0412 4060 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/12 12:29:49.0428 4060 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/12 12:29:49.0459 4060 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/12 12:29:49.0490 4060 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/04/12 12:29:49.0521 4060 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/04/12 12:29:49.0568 4060 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/04/12 12:29:49.0599 4060 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys 2011/04/12 12:29:49.0615 4060 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/04/12 12:29:49.0662 4060 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/12 12:29:49.0693 4060 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys 2011/04/12 12:29:49.0724 4060 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/04/12 12:29:49.0755 4060 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/12 12:29:49.0818 4060 IntcAzAudAddService (a82c70cbaec7b10e4c9c1341d729640f) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/12 12:29:49.0896 4060 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/12 12:29:49.0911 4060 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/12 12:29:49.0958 4060 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/12 12:29:49.0989 4060 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/12 12:29:50.0020 4060 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/12 12:29:50.0052 4060 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/12 12:29:50.0083 4060 isapnp (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys 2011/04/12 12:29:50.0114 4060 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/12 12:29:50.0145 4060 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/12 12:29:50.0176 4060 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/12 12:29:50.0192 4060 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys 2011/04/12 12:29:50.0223 4060 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/12 12:29:50.0254 4060 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/12 12:29:50.0317 4060 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/12 12:29:50.0364 4060 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/12 12:29:50.0395 4060 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/12 12:29:50.0410 4060 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/12 12:29:50.0442 4060 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/12 12:29:50.0473 4060 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/12 12:29:50.0504 4060 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/04/12 12:29:50.0535 4060 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/12 12:29:50.0582 4060 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/12 12:29:50.0598 4060 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/12 12:29:50.0613 4060 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/12 12:29:50.0644 4060 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/12 12:29:50.0676 4060 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/04/12 12:29:50.0691 4060 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/12 12:29:50.0722 4060 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/12 12:29:50.0754 4060 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/12 12:29:50.0800 4060 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/12 12:29:50.0832 4060 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/12 12:29:50.0863 4060 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/12 12:29:50.0894 4060 msahci (13fa01d10c95762e3e191bb023dfa8cc) C:\Windows\system32\drivers\msahci.sys 2011/04/12 12:29:50.0925 4060 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/04/12 12:29:50.0972 4060 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/12 12:29:50.0988 4060 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/12 12:29:51.0034 4060 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/12 12:29:51.0066 4060 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/12 12:29:51.0081 4060 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/12 12:29:51.0128 4060 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/12 12:29:51.0159 4060 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/12 12:29:51.0175 4060 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/12 12:29:51.0206 4060 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/12 12:29:51.0268 4060 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/12 12:29:51.0362 4060 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/04/12 12:29:51.0409 4060 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/12 12:29:51.0440 4060 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/12 12:29:51.0471 4060 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/12 12:29:51.0502 4060 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/12 12:29:51.0534 4060 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/12 12:29:51.0565 4060 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/12 12:29:51.0627 4060 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/12 12:29:51.0658 4060 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/12 12:29:51.0705 4060 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/12 12:29:51.0768 4060 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/12 12:29:51.0814 4060 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/12 12:29:51.0830 4060 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/12 12:29:52.0064 4060 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/12 12:29:52.0282 4060 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/04/12 12:29:52.0314 4060 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys 2011/04/12 12:29:52.0345 4060 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/04/12 12:29:52.0360 4060 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys 2011/04/12 12:29:52.0407 4060 nv_agp (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys 2011/04/12 12:29:52.0501 4060 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/12 12:29:52.0594 4060 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys 2011/04/12 12:29:52.0626 4060 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/12 12:29:52.0657 4060 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys 2011/04/12 12:29:52.0704 4060 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/12 12:29:52.0735 4060 pciide (353968946bcb766f6c5c01717686b382) C:\Windows\system32\drivers\pciide.sys 2011/04/12 12:29:52.0766 4060 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/12 12:29:52.0813 4060 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/12 12:29:52.0891 4060 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/12 12:29:52.0906 4060 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/04/12 12:29:52.0969 4060 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/12 12:29:53.0000 4060 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys 2011/04/12 12:29:53.0062 4060 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/04/12 12:29:53.0094 4060 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/12 12:29:53.0140 4060 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/12 12:29:53.0156 4060 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/12 12:29:53.0172 4060 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/12 12:29:53.0203 4060 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/12 12:29:53.0250 4060 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/12 12:29:53.0296 4060 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/12 12:29:53.0328 4060 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/12 12:29:53.0359 4060 rdpdr (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys 2011/04/12 12:29:53.0374 4060 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/12 12:29:53.0421 4060 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/12 12:29:53.0484 4060 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/12 12:29:53.0515 4060 RTL8169 (6efaf4d359f471a8ee9738f43304d2f1) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/04/12 12:29:53.0546 4060 RTL8192su (3edfb0089b9455b26154b572db650ee3) C:\Windows\system32\DRIVERS\RTL8192su.sys 2011/04/12 12:29:53.0593 4060 RxFilter (9235d02fabbd1deee6b7adb0a0a23300) C:\Windows\system32\DRIVERS\RxFilter.sys 2011/04/12 12:29:53.0624 4060 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys 2011/04/12 12:29:53.0671 4060 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys 2011/04/12 12:29:53.0686 4060 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys 2011/04/12 12:29:53.0702 4060 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys 2011/04/12 12:29:53.0749 4060 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys 2011/04/12 12:29:53.0796 4060 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys 2011/04/12 12:29:53.0811 4060 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys 2011/04/12 12:29:53.0842 4060 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/12 12:29:53.0874 4060 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/12 12:29:53.0920 4060 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 2011/04/12 12:29:53.0967 4060 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 2011/04/12 12:29:53.0998 4060 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/12 12:29:54.0030 4060 sffdisk (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys 2011/04/12 12:29:54.0061 4060 sffp_mmc (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/12 12:29:54.0076 4060 sffp_sd (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/12 12:29:54.0108 4060 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/12 12:29:54.0139 4060 sisagp (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys 2011/04/12 12:29:54.0154 4060 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/04/12 12:29:54.0170 4060 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/04/12 12:29:54.0217 4060 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/12 12:29:54.0248 4060 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/12 12:29:54.0279 4060 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys 2011/04/12 12:29:54.0310 4060 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/12 12:29:54.0326 4060 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/12 12:29:54.0373 4060 SSHDRV58 (9cf9229e1e30471b52137bef2ead13de) C:\Windows\system32\drivers\SSHDRV58.sys 2011/04/12 12:29:54.0404 4060 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/12 12:29:54.0451 4060 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys 2011/04/12 12:29:54.0513 4060 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/12 12:29:54.0576 4060 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/12 12:29:54.0591 4060 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/12 12:29:54.0591 4060 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/12 12:29:54.0654 4060 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/04/12 12:29:54.0716 4060 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/12 12:29:54.0763 4060 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/12 12:29:54.0794 4060 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/12 12:29:54.0810 4060 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/12 12:29:54.0856 4060 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/12 12:29:54.0903 4060 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/12 12:29:54.0950 4060 TotRec7 (cf551678fc6580d715a748bf2e7db1ef) C:\Windows\system32\drivers\TotRec7.sys 2011/04/12 12:29:54.0997 4060 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/12 12:29:55.0044 4060 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/12 12:29:55.0075 4060 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/12 12:29:55.0106 4060 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/04/12 12:29:55.0153 4060 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/12 12:29:55.0184 4060 uliagpkx (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/12 12:29:55.0215 4060 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/04/12 12:29:55.0231 4060 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/12 12:29:55.0246 4060 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/12 12:29:55.0278 4060 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/12 12:29:55.0324 4060 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/12 12:29:55.0356 4060 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/12 12:29:55.0387 4060 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/12 12:29:55.0434 4060 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/12 12:29:55.0449 4060 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/12 12:29:55.0496 4060 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/12 12:29:55.0527 4060 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/12 12:29:55.0558 4060 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/12 12:29:55.0590 4060 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/12 12:29:55.0636 4060 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/12 12:29:55.0699 4060 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/12 12:29:55.0714 4060 viaagp (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys 2011/04/12 12:29:55.0746 4060 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/04/12 12:29:55.0777 4060 viaide (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys 2011/04/12 12:29:55.0792 4060 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys 2011/04/12 12:29:55.0824 4060 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/12 12:29:55.0870 4060 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/12 12:29:55.0933 4060 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/12 12:29:55.0964 4060 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/04/12 12:29:55.0995 4060 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/12 12:29:56.0026 4060 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/12 12:29:56.0042 4060 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/12 12:29:56.0073 4060 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/04/12 12:29:56.0104 4060 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/12 12:29:56.0245 4060 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys 2011/04/12 12:29:56.0292 4060 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/12 12:29:56.0338 4060 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/12 12:29:56.0416 4060 ================================================================================ 2011/04/12 12:29:56.0416 4060 Scan finished 2011/04/12 12:29:56.0416 4060 ================================================================================ GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-12 12:27:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3360320AS rev.3.AAM
Running: g2m3e4r.exe; Driver: C:\Users\***\AppData\Local\Temp\pgldypoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x7C 0x15 0x04 0xB5 ...
---- EOF - GMER 1.0.15 ----
|
|
12.04.2011, 14:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
[2011.03.28 13:36:21 | 000,009,394 | -HS- | C] () -- C:\Users\***\AppData\Local\5nfu81broaes3q06d
[2011.03.28 13:36:21 | 000,009,394 | -HS- | C] () -- C:\ProgramData\5nfu81broaes3q06d
[2008.03.28 00:36:01 | 000,020,531 | -H-- | C] () -- C:\ProgramData\R49LW
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.19 11:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 04:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{878d3230-ece9-11df-b6d6-001e101f33aa}\Shell - "" = AutoRun
O33 - MountPoints2\{878d3230-ece9-11df-b6d6-001e101f33aa}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{89c25d39-f01f-11df-b9dc-001d926bedf1}\Shell - "" = AutoRun
O33 - MountPoints2\{89c25d39-f01f-11df-b9dc-001d926bedf1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b2255727-e8af-11df-bf62-001d926bedf1}\Shell - "" = AutoRun
O33 - MountPoints2\{b2255727-e8af-11df-bf62-001d926bedf1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b2255732-e8af-11df-bf62-001d926bedf1}\Shell - "" = AutoRun
O33 - MountPoints2\{b2255732-e8af-11df-bf62-001d926bedf1}\Shell\AutoRun\command - "" = H:\AutoRun.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 14:55
| #9 |
| | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? ...auch das ist passiert und sieht so aus: All processes killed ========== OTL ========== C:\Users\***\AppData\Local\5nfu81broaes3q06d moved successfully. C:\ProgramData\5nfu81broaes3q06d moved successfully. C:\ProgramData\R49LW moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File not found. G:\autorun.inf moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{878d3230-ece9-11df-b6d6-001e101f33aa}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878d3230-ece9-11df-b6d6-001e101f33aa}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{878d3230-ece9-11df-b6d6-001e101f33aa}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878d3230-ece9-11df-b6d6-001e101f33aa}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89c25d39-f01f-11df-b9dc-001d926bedf1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89c25d39-f01f-11df-b9dc-001d926bedf1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89c25d39-f01f-11df-b9dc-001d926bedf1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89c25d39-f01f-11df-b9dc-001d926bedf1}\ not found. File H:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2255727-e8af-11df-bf62-001d926bedf1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2255727-e8af-11df-bf62-001d926bedf1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2255727-e8af-11df-bf62-001d926bedf1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2255727-e8af-11df-bf62-001d926bedf1}\ not found. File G:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2255732-e8af-11df-bf62-001d926bedf1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2255732-e8af-11df-bf62-001d926bedf1}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b2255732-e8af-11df-bf62-001d926bedf1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2255732-e8af-11df-bf62-001d926bedf1}\ not found. File H:\AutoRun.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 123193 bytes ->Temporary Internet Files folder emptied: 45900 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 62185285 bytes ->Flash cache emptied: 689 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 4470 bytes Total Files Cleaned = 59,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04122011_154931 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
12.04.2011, 14:56
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 18:32
| #11 |
| | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? ...so, Datei ist hochgeladen! |
|
12.04.2011, 19:13
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 19:48
| #13 |
| | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? ...das wäre auch durch: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-11.04 - *** 12.04.2011 20:33:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3071.2062 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\firststeps\FirstSteps.exe
c:\programdata\hpeB369.dll
c:\windows\system32\test.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-12 bis 2011-04-12 ))))))))))))))))))))))))))))))
.
.
2011-04-12 13:49 . 2011-04-12 13:49 -------- d-----w- C:\_OTL
2011-04-12 08:58 . 2011-04-12 08:58 -------- d-----w- c:\programdata\Apple Computer
2011-04-12 08:57 . 2011-04-12 08:57 -------- d-----w- c:\program files\Common Files\Apple
2011-04-12 07:29 . 2011-04-12 07:30 -------- d-----w- c:\windows\system32\ca-ES
2011-04-12 07:29 . 2011-04-12 07:30 -------- d-----w- c:\windows\system32\eu-ES
2011-04-12 07:29 . 2011-04-12 07:30 -------- d-----w- c:\windows\system32\vi-VN
2011-04-12 06:55 . 2011-04-12 06:55 -------- d-----w- c:\windows\system32\EventProviders
2011-04-12 06:22 . 2011-04-12 07:30 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-11 21:10 . 2009-04-11 06:28 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2011-04-11 21:09 . 2009-04-11 05:42 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2011-04-11 21:07 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-04-11 21:07 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-11 21:07 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-04-11 21:07 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-04-11 21:07 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-04-11 20:05 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2011-04-11 20:05 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-11 20:05 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-04-11 20:05 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-11 20:05 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-11 20:05 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-04-11 20:03 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-04-11 20:02 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-04-11 19:59 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-11 19:59 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-04-11 18:53 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 18:53 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 12:13 . 2011-04-11 12:13 -------- d-----w- c:\program files\ERUNT
2011-04-10 14:09 . 2011-04-10 14:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Thunderbird
2011-04-10 12:13 . 2011-04-10 12:13 -------- d-----w- c:\program files\Apple Software Update
2011-04-09 19:23 . 2011-04-09 19:23 -------- d-----w- C:\PerfLogs
2011-04-09 18:29 . 2008-01-18 21:36 6656 ----a-w- c:\windows\system32\sdspres.dll
2011-04-09 18:28 . 2008-01-18 21:33 193024 ----a-w- c:\windows\system32\recdisc.exe
2011-04-09 18:28 . 2008-01-18 21:36 28160 ----a-w- c:\windows\system32\sxproxy.dll
2011-04-09 18:20 . 2008-01-18 21:36 8704 ----a-w- c:\windows\system32\rdpcfgex.dll
2011-04-06 20:29 . 2011-04-06 20:29 -------- d-----w- c:\users\Public\Roaming
2011-04-06 09:18 . 2011-04-07 17:13 -------- d---a-w- C:\Navilog1
2011-04-06 09:18 . 2011-04-07 17:12 -------- d-----w- c:\program files\Navilog1
2011-04-03 16:35 . 2011-04-03 16:35 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-04-03 16:35 . 2011-04-03 16:35 -------- d-----w- c:\programdata\Malwarebytes
2011-04-03 16:35 . 2011-04-11 18:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 16:18 . 2011-04-03 16:18 -------- d--h--w- c:\windows\PIF
2011-03-30 15:44 . 2011-03-30 15:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2011-03-26 21:34 . 2011-03-26 21:34 -------- d-----w- c:\program files\FreeTime
2011-03-25 07:36 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B928D38D-8D00-4430-9A49-3E3363FA79C7}\mpengine.dll
2011-03-18 16:30 . 2011-03-18 18:22 -------- d-----w- c:\users\***\AppData\Roaming\MAGIX
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-09 18:55 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-04-09 18:54 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-03-19 07:06 . 2009-04-01 19:55 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 17:11 . 2009-10-03 10:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:56 . 2011-04-06 08:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-13 281768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-22 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvCBC]
@="service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk]
backup=c:\windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
2009-01-14 13:49 113680 ----a-w- c:\myheritage\Bin\FTBCheckUpdates.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fsc-reg]
2007-11-08 13:38 533264 ----a-w- c:\programdata\fsc-reg\fscreg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-12-17 10:02 4718592 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 09:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-22 14:29 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1411707586-3699654639-2443540422-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 133104]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 srvCBC;srvCBC;c:\windows\system32\svchost.exe [2008-01-18 21504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-08 113664]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 101120]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SSHDRV58;SSHDRV58;c:\windows\system32\drivers\SSHDRV58.sys [2009-01-15 33792]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-13 135336]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-06-03 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-06-03 162936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 528896]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-11-18 126984]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
srvCBC
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-28 09:44]
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 18:00]
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 18:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xo7axb5z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-BCSSync - c:\program files\Microsoft Office\Office14\BCSSync.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel MediaOne\Corel Photo Downloader.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-OfficeSyncProcess - c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-QuickFinder Scheduler - c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE
MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-12 20:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-12 20:43:09
ComboFix-quarantined-files.txt 2011-04-12 18:42
.
Vor Suchlauf: 24 Verzeichnis(se), 36.055.674.880 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 35.776.733.184 Bytes frei
.
- - End Of File - - C325A991A3835DA5CA369EFB02E225C1
|
|
12.04.2011, 20:19
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 09:42
| #15 |
| | Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? Hier kommen die Files: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-13 10:27:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3360320AS rev.3.AAM
Running: g2m3e4r.exe; Driver: C:\Users\JL\AppData\Local\Temp\pgldypoc.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0xFF 0x43 0xF5 0x46 ...
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:36:11 on 13.04.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 4.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "pgldypoc" (pgldypoc) - ? - C:\Users\***\AppData\Local\Temp\pgldypoc.sys (Hidden registry entry, rootkit activity | File not found) "SSHDRV58" (SSHDRV58) - ? - C:\Windows\system32\drivers\SSHDRV58.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys (File found, but it contains no detailed information) [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} "JetFlExt Class" - "COWON America" - C:\Program Files\JetAudio\JetFlExt.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {F3046765-9B17-438e-94F7-893E93DD7196} "SimpleShlExt Class" - "Movavi" - C:\Program Files\Movavi Video Suite 9\vcContext.dll {52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? - (File not found | COM-object registry key not found) {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Canon BJ Language Monitor iP5200" - "CANON INC." - C:\Windows\system32\CNMLM79.DLL "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Emma Device Management" (EmmaDevMgmtSvc) - "Sony Ericsson Mobile Communications" - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe "Emma Update Management" (EmmaUpdMgmtSvc) - "Sony Ericsson Mobile Communications" - C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "ProtexisLicensing" (ProtexisLicensing) - ? - c:\Windows\system32\PSIService.exe "Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (File found, but it contains no detailed information) "stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: FUJITSU SIEMENS BIOS Manufacturer: American Megatrends Inc. System Manufacturer: FUJITSU SIEMENS System Product Name: MS-7379VP Logical Drives Mask: 0x00001f5c Kernel Drivers (total 154): 0x82439000 \SystemRoot\system32\ntoskrnl.exe 0x82406000 \SystemRoot\system32\hal.dll 0x83006000 \SystemRoot\system32\kdcom.dll 0x8300D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8307D000 \SystemRoot\system32\PSHED.dll 0x8308E000 \SystemRoot\system32\BOOTVID.dll 0x83096000 \SystemRoot\system32\CLFS.SYS 0x830D7000 \SystemRoot\system32\CI.dll 0x831B7000 \SystemRoot\system32\drivers\Wdf01000.sys 0x83233000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x83240000 \SystemRoot\system32\drivers\acpi.sys 0x83286000 \SystemRoot\system32\drivers\WMILIB.SYS 0x8328F000 \SystemRoot\system32\drivers\msisadrv.sys 0x83297000 \SystemRoot\system32\drivers\pci.sys 0x832BE000 \SystemRoot\System32\drivers\partmgr.sys 0x832CD000 \SystemRoot\system32\drivers\volmgr.sys 0x832DC000 \SystemRoot\System32\drivers\volmgrx.sys 0x83326000 \SystemRoot\system32\drivers\intelide.sys 0x8332D000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x8333B000 \SystemRoot\System32\drivers\mountmgr.sys 0x8334B000 \SystemRoot\system32\drivers\nvraid.sys 0x83364000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x83385000 \SystemRoot\system32\drivers\atapi.sys 0x8338D000 \SystemRoot\system32\drivers\ataport.SYS 0x833AB000 \SystemRoot\system32\drivers\vsmraid.sys 0x8A803000 \SystemRoot\system32\drivers\storport.sys 0x8A844000 \SystemRoot\system32\drivers\fltmgr.sys 0x8A876000 \SystemRoot\system32\drivers\fileinfo.sys 0x8A886000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8A890000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8A901000 \SystemRoot\system32\drivers\ndis.sys 0x8AA0C000 \SystemRoot\system32\drivers\msrpc.sys 0x8AA37000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AA72000 \SystemRoot\System32\drivers\tcpip.sys 0x8AB5C000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8AC03000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8AD13000 \SystemRoot\system32\drivers\volsnap.sys 0x8AD4C000 \SystemRoot\System32\Drivers\spldr.sys 0x8AD54000 \SystemRoot\System32\Drivers\mup.sys 0x8AD63000 \SystemRoot\System32\drivers\ecache.sys 0x8AD8A000 \SystemRoot\system32\drivers\disk.sys 0x8AD9B000 \SystemRoot\system32\drivers\crcdisk.sys 0x8ADC4000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8ADCF000 \SystemRoot\system32\drivers\TotRec7.sys 0x8ADF9000 \SystemRoot\system32\drivers\portcls.sys 0x8AE26000 \SystemRoot\system32\drivers\drmk.sys 0x8AE4B000 \SystemRoot\system32\drivers\ks.sys 0x8AE75000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8AE7E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8F406000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8FDA3000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x8FDA5000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8FE44000 \SystemRoot\System32\drivers\watchdog.sys 0x8FE50000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8FEDD000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x8FEED000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x8FEFB000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x8FF18000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8FF23000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8FF61000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8FF70000 \SystemRoot\system32\DRIVERS\serial.sys 0x8FF8A000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8FF94000 \SystemRoot\system32\DRIVERS\parport.sys 0x8FFAC000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8FFC4000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8FFF3000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8AE8D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8AEA4000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8AEAF000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8AED2000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8AEE1000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8AEF5000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8AF0A000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8AF1A000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8AF25000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8FFFE000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8AF30000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8AF3A000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8AF47000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8AF7C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9040A000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x905F9000 \??\C:\Windows\system32\drivers\SSHDRV58.sys 0x90606000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x9060F000 \SystemRoot\System32\Drivers\Null.SYS 0x90616000 \SystemRoot\System32\Drivers\Beep.SYS 0x90639000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x90640000 \SystemRoot\System32\drivers\vga.sys 0x9064C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x9066D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x90675000 \SystemRoot\system32\drivers\rdpencdd.sys 0x9067D000 \SystemRoot\System32\Drivers\Msfs.SYS 0x90688000 \SystemRoot\System32\Drivers\Npfs.SYS 0x90696000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x9069F000 \SystemRoot\system32\DRIVERS\tdx.sys 0x906B5000 \SystemRoot\system32\DRIVERS\smb.sys 0x906C9000 \SystemRoot\system32\drivers\afd.sys 0x90711000 \SystemRoot\System32\DRIVERS\netbt.sys 0x90743000 \SystemRoot\system32\DRIVERS\pacer.sys 0x90759000 \SystemRoot\system32\DRIVERS\netbios.sys 0x90767000 \SystemRoot\System32\Drivers\StarOpen.SYS 0x9076D000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x90780000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x90786000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x907C2000 \SystemRoot\system32\drivers\nsiproxy.sys 0x907CC000 \SystemRoot\System32\Drivers\dfsc.sys 0x8AF8D000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x907E3000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x907E5000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x907FA000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x9061D000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x8AFB3000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x90400000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x8AFCA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x91809000 \SystemRoot\system32\DRIVERS\RTL8192su.sys 0x918A8000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x918B0000 \SystemRoot\system32\DRIVERS\AF15BDA.sys 0x918FA000 \SystemRoot\system32\DRIVERS\BdaSup.SYS 0x918FD000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x91906000 \SystemRoot\System32\Drivers\crashdmp.sys 0x91913000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x9191E000 \SystemRoot\System32\Drivers\dump_atapi.sys 0x98440000 \SystemRoot\System32\win32k.sys 0x91926000 \SystemRoot\System32\drivers\Dxapi.sys 0x91930000 \SystemRoot\system32\DRIVERS\monitor.sys 0x98660000 \SystemRoot\System32\TSDDD.dll 0x98680000 \SystemRoot\System32\cdd.dll 0x98690000 \SystemRoot\System32\ATMFD.DLL 0x9193F000 \SystemRoot\system32\drivers\luafv.sys 0x9195A000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x91977000 \SystemRoot\system32\drivers\spsys.sys 0x91A27000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x91A37000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x91A61000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x91A6B000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x91A7E000 \SystemRoot\system32\drivers\HTTP.sys 0x91AEB000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x91B08000 \SystemRoot\system32\DRIVERS\bowser.sys 0x91B21000 \SystemRoot\System32\drivers\mpsdrv.sys 0x91B36000 \SystemRoot\system32\drivers\mrxdav.sys 0x91B57000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x91B76000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x91BAF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x91BC7000 \SystemRoot\System32\DRIVERS\srv2.sys 0x8AB77000 \SystemRoot\System32\DRIVERS\srv.sys 0x91BEF000 \SystemRoot\system32\DRIVERS\parvdm.sys 0xA100B000 \SystemRoot\system32\drivers\peauth.sys 0xA10E9000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA10F3000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA10FF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA1114000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA1126000 \SystemRoot\system32\drivers\MSPQM.sys 0xA1128000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xA1131000 \??\C:\Users\***\AppData\Local\Temp\pgldypoc.sys 0x77920000 \Windows\System32\ntdll.dll Processes (total 58): 0 System Idle Process 4 System 436 C:\Windows\System32\smss.exe 568 csrss.exe 620 C:\Windows\System32\wininit.exe 632 csrss.exe 664 C:\Windows\System32\services.exe 680 C:\Windows\System32\lsass.exe 688 C:\Windows\System32\lsm.exe 728 C:\Windows\System32\winlogon.exe 876 C:\Windows\System32\svchost.exe 940 C:\Windows\System32\nvvsvc.exe 968 C:\Windows\System32\svchost.exe 1024 C:\Windows\System32\svchost.exe 1096 C:\Windows\System32\svchost.exe 1132 C:\Windows\System32\svchost.exe 1220 C:\Windows\System32\audiodg.exe 1244 C:\Windows\System32\svchost.exe 1268 C:\Windows\System32\SLsvc.exe 1340 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe 1352 C:\Windows\System32\nvvsvc.exe 1392 C:\Windows\System32\svchost.exe 1524 C:\Windows\System32\svchost.exe 1768 C:\Windows\System32\spoolsv.exe 1804 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1816 C:\Windows\System32\svchost.exe 120 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 272 C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe 456 C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe 424 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe 1064 C:\Windows\System32\svchost.exe 1384 C:\Windows\System32\PSIService.exe 1376 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1572 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 1764 C:\Windows\System32\svchost.exe 884 C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe 2072 C:\Windows\System32\svchost.exe 2100 C:\Windows\System32\SearchIndexer.exe 2308 WUDFHost.exe 2736 C:\Windows\System32\taskeng.exe 2840 C:\Windows\System32\taskeng.exe 2948 C:\Windows\System32\dwm.exe 3004 C:\Windows\explorer.exe 3380 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3512 C:\Windows\RtHDVCpl.exe 3520 C:\Program Files\Common Files\Real\Update_OB\realsched.exe 3580 C:\Windows\ehome\ehtray.exe 3656 C:\Windows\ehome\ehmsas.exe 3700 C:\Windows\ehome\ehsched.exe 3976 C:\Program Files\Windows Media Player\wmpnscfg.exe 4064 C:\Program Files\Windows Media Player\wmpnetwk.exe 2300 C:\Windows\ehome\ehrecvr.exe 3852 C:\Program Files\Mozilla Firefox\firefox.exe 2692 C:\Windows\System32\notepad.exe 2404 C:\Windows\System32\SearchProtocolHost.exe 2120 C:\Windows\System32\SearchFilterHost.exe 3056 C:\Users\***\Desktop\MBRCheck.exe 3868 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`08100000 (NTFS) \\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: ST3360320AS, Rev: 3.AAM PhysicalDrive1 Model Number: WD10EAVS External, Rev: 1.75 Size Device Name MBR Status -------------------------------------------- 335 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 931 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done! |
|
| Themen zu Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found - was ist zu tun? |
| bluescreens, code, dateien, device, fehlermeldung, firefox, folge, foren, found, frage, fragen, funktioniert, funktioniert nicht, funktioniert nicht mehr, harddisk, keine dateien, logfiles, neustart, nicht mehr, photoshop, programme, rechner, runde, selbständig, verschiedene, windows-explorer, öffnen, öffnet |
Linear-Darstellung
