| |
| |||||||
Log-Analyse und Auswertung: System Defragmenter: Daten verschwunden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.04.2011, 16:24
| #1 |
| |  System Defragmenter: Daten verschwunden. Hallo, Ich habe mich mit dem "System Defragmenter" rumgequält und auch schon (mehr oder weniger Erfolg-reich/los) gehandelt. Orientiert, habe ich mich an diesen beiden Threads: - 1. http://www.trojaner-board.de/94172-h...-detected.html und - 2. http://www.trojaner-board.de/91962-s...entfernen.html Ein kleiner Rückblick: Ich fahre mein Notebook hoch und muss feststellen, dass mein Hintergrund schwarz ist, meine Dateien verschwunden sind und mich ein "System Defragmenter" nervt, mit ständigen Errors wie z.B. "critical error", etc... Ok, habe mir den ersten Thread durchgelesen und bemerkt, dass genau die selben Symptome bei dem User vorgekommen sind wie bei mir. Nachdem ich den 2. Thread gelesen habe, habe ich Rkill ausgeführt und anschliessend Malwarebytes durchlaufen lassen. Log Malwarebytes Vollständiger durchlauf: - Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6350
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
13.04.2011 15:15:53
mbam-log-2011-04-13 (15-15-53).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 236001
Laufzeit: 36 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 8
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
c:\Users\mike\AppData\Local\olp160.dll (Trojan.Hiloti) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ykonoxev (Trojan.Hiloti) -> Value: Ykonoxev -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HDFryVTMFjAtTWN (Trojan.FakeAlert) -> Value: HDFryVTMFjAtTWN -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
c:\Users\mike\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Users\mike\AppData\Local\olp160.dll (Trojan.Hiloti) -> Delete on reboot.
c:\programdata\hdfryvtmfjattwn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\35905288.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\mike\AppData\Local\Temp\err.log4459818 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\mike\AppData\Local\Temp\nocamrexsw.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\mike\AppData\Roaming\Adobe\plugs\kb4463266.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\mike\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\mike\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Um sicher zu gehen, habe ich nochmal OTHelper durchlaufen lassen und wie beschrieben wieder Anti-Malware im "Quick-Scan" gestartet. - Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6350
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
13.04.2011 15:30:51
mbam-log-2011-04-13 (15-30-51).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141225
Laufzeit: 4 Minute(n), 39 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ykonoxev (Trojan.Agent.U) -> Value: Ykonoxev -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Hier einmal die OTL logs: OTL ____ Code:
ATTFilter OTL logfile created on: 13.04.2011 16:08:04 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mike\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,73 Gb Total Space | 21,07 Gb Free Space | 43,24% Space Free | Partition Type: NTFS Drive D: | 184,06 Gb Total Space | 160,53 Gb Free Space | 87,22% Space Free | Partition Type: NTFS Computer Name: MIKE-NB | User Name: mike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\mike\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\herrbert.exe (Malwarebytes Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\mike\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (Serial) -- C:\Windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=102869&l=dis&gct=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 89 77 B7 29 BF CB 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=102869&l=dis&gct=hp" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0 FF - prefs.js..extensions.enabledItems: {1EF9A571-44C1-4809-9AA2-CABE4412709C}:1.9.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=8adcccd9-78d0-4181-ba9c-963df8105170&apn_ptnrs=5J&apn_sauid=AD749FDE-86A5-4ABA-9CA6-1DF7B53706C1&apn_dtid=YYYYYYYYDE&q=" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 23:16:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 23:16:12 | 000,000,000 | ---D | M] [2011.01.29 05:06:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mike\AppData\Roaming\mozilla\Extensions [2011.04.13 14:50:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions [2011.03.27 21:05:13 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com [2011.04.13 15:08:12 | 000,002,337 | ---- | M] () -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\hvz1ujym.default\searchplugins\askcom-1.xml [2011.04.12 14:31:03 | 000,002,400 | -H-- | M] () -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\hvz1ujym.default\searchplugins\askcom.xml [2011.03.02 22:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.02.09 03:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.02 22:33:32 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2011.02.09 03:50:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.02 22:33:32 | 000,000,000 | ---D | M] (afurladvisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM [2011.04.12 21:43:49 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\MIKE\APPDATA\LOCAL\{1EF9A571-44C1-4809-9AA2-CABE4412709C} [2011.02.09 03:50:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\herrbert.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\Shell - "" = AutoRun O33 - MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.13 16:06:33 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe [2011.04.13 15:22:42 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\mike\Desktop\OTH.scr [2011.04.13 14:36:08 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Malwarebytes [2011.04.13 14:35:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.13 14:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.13 14:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.13 14:35:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.13 14:35:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.13 14:19:28 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{768180EA-32AB-4D78-B635-385E07F0A01A} [2011.04.12 22:05:13 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Roaming\Avira [2011.04.12 21:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.04.12 21:55:31 | 000,028,520 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.04.12 21:55:30 | 000,137,656 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.04.12 21:55:30 | 000,061,960 | -H-- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.04.12 21:55:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira [2011.04.12 21:55:27 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.04.12 21:43:49 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C} [2011.04.12 19:22:33 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Roaming\SkypePM [2011.04.12 17:16:49 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{F61D48E0-D4AD-4A59-BF79-DD14D6245EF3} [2011.04.12 05:16:24 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{07E61982-0757-464B-A6A0-6527CE9292F6} [2011.04.11 14:25:26 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{059FE0BC-21DC-4C54-8D02-087C9A07109D} [2011.04.10 21:03:17 | 000,000,000 | -H-D | C] -- C:\Users\mike\Desktop\stinknormaler tag [2011.04.10 17:57:53 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{6FAEC9F2-E2F9-43B6-90D6-1C57A87D8240} [2011.04.10 04:36:58 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{5698F50B-B9E5-4273-823F-0D68D2F01FEC} [2011.04.09 22:26:08 | 000,000,000 | -H-D | C] -- C:\Users\mike\Desktop\08.04.2011 [2011.04.09 11:56:46 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{ED070D34-DFE4-4F20-91D9-E99F18AA1A35} [2011.04.08 22:25:10 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{51138A72-8270-40AB-BD48-9B402E54FFCE} [2011.04.08 10:24:35 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{9CD6AF7D-C088-4A28-9A99-BA19E560B697} [2011.04.07 22:23:58 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{266ED28B-E6C1-4220-9C8A-8C0EBCFEBD48} [2011.04.07 10:23:23 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{180B9564-B396-442E-8A87-04C16A1A8793} [2011.04.06 22:22:59 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{0EDCAFDC-BF70-4503-B155-3631289F0000} [2011.04.06 08:00:15 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{7449BDC1-0CA5-44B1-84B9-870AC615BCDD} [2011.04.05 12:20:26 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{E427D2C8-4C97-44D7-9485-0DAB5F64549B} [2011.04.04 22:14:22 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{D7A19759-55C4-4D21-8D14-B15D0F396B89} [2011.04.04 09:55:34 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{E646AC86-E6E6-43B8-BF14-7BD51ABB7ACF} [2011.04.03 17:10:05 | 000,000,000 | -H-D | C] -- C:\Users\mike\Desktop\1.6 cs [2011.04.03 11:33:36 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{65FB1F50-87C0-40C3-AB21-D4B546D398AD} [2011.04.02 18:33:13 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{1E911478-0DAA-4385-ACF8-DD91EFA598F9} [2011.04.02 05:33:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.04.02 05:22:32 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{7BA2FC48-5892-4DB9-ACB4-28F5DCE1A66A} [2011.04.01 14:20:50 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{4948BBE8-AB4F-4032-AFDC-BFBF77DBB7AB} [2011.03.31 14:24:05 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{4834C767-8F18-4341-A9AA-30746CAF2C20} [2011.03.30 14:25:25 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{994BD1AD-A51A-4315-9E59-D6009DCE8D08} [2011.03.29 14:33:37 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{3FC0EB9F-C257-4CBC-A71A-413876081236} [2011.03.28 17:36:57 | 000,000,000 | -H-D | C] -- C:\Users\mike\Documents\ICQ [2011.03.28 14:19:37 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{5BB6F680-882E-4264-84FA-95EB7F011048} [2011.03.27 20:10:44 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{2BB66A8A-14E5-4252-8757-1727D7128A6C} [2011.03.27 18:49:58 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{B9F68E75-131C-4A91-B062-38824BDA35C7} [2011.03.27 06:48:05 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{37BF7B4A-E352-4782-B266-76BD4B015F52} [2011.03.26 17:29:19 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{07C0076B-ABDD-452A-8F95-15914032AAFB} [2011.03.25 23:16:03 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{A8222740-3E50-4874-8161-64BA63046BAA} [2011.03.25 11:15:26 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{5903A6C1-025B-43E1-883B-CC9E2C9BCFBF} [2011.03.24 23:15:01 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{FF51A546-E57C-4DE4-948C-9E371F4C7EF7} [2011.03.24 01:36:03 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{BBA48236-2316-4BD6-9933-1E5A70B1BF66} [2011.03.23 13:35:25 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{D7916350-4400-4223-B20A-35FC14DBA6C5} [2011.03.23 01:34:50 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{4D6EC84D-A1EA-4B16-8327-369F04276F3A} [2011.03.22 13:34:14 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{4BE02F82-89AD-41C3-BBF0-3D0D5D32EC0A} [2011.03.22 13:24:01 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Roaming\TS3Client [2011.03.22 13:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2011.03.22 13:22:45 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client [2011.03.22 11:35:59 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Roaming\teamspeak2 [2011.03.22 11:35:48 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm [2011.03.22 11:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teamspeak2 RC2 [2011.03.22 11:35:45 | 000,000,000 | ---D | C] -- C:\Programme\Teamspeak2_RC2 [2011.03.22 01:33:38 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{8A573385-CB9C-48FB-A904-923E066E2306} [2011.03.21 13:33:01 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{BA939EB4-00E6-4839-A093-9E98C0137C98} [2011.03.21 13:19:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2011.03.21 13:19:53 | 000,000,000 | -H-D | C] -- C:\Programme\Common Files\Blizzard Entertainment [2011.03.21 13:18:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Blizzard Entertainment [2011.03.21 01:32:24 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{4A90E209-6F8A-47CD-8062-0B596DC4C325} [2011.03.20 13:31:59 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{0855DDDA-1725-4B69-9F2A-6A1A4DFF05E5} [2011.03.19 20:08:08 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{E263A234-008E-426C-87CD-0F9A39561506} [2011.03.19 08:07:42 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{DE187948-41D0-48EF-8B3D-099C46D2756B} [2011.03.18 15:14:02 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{6D93ED1C-FDD1-48D2-92EA-ACCCCE5E49F1} [2011.03.17 15:14:58 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{67A8377E-AF42-4181-844B-FD8316A69BE5} [2011.03.16 23:14:50 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{D0CF9CCB-E179-4B74-BB99-DB1470A41296} [2011.03.16 10:30:57 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{909109BE-0F33-4CB6-B2F8-125DE74CDD99} [2011.03.15 18:40:27 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{0747A25F-4AB7-4D62-88DB-05124BB1DE48} [2011.03.15 06:39:52 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{92F30E12-E6D6-42A7-95C8-6935BE7740AB} [2011.03.14 18:39:17 | 000,000,000 | -H-D | C] -- C:\Users\mike\AppData\Local\{73F5C050-47B9-4C60-A927-14364B5F7A05} ========== Files - Modified Within 30 Days ========== [2011.04.13 16:06:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe [2011.04.13 15:38:47 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.13 15:38:47 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.13 15:38:47 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.13 15:38:47 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.13 15:37:36 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.13 15:37:36 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.13 15:37:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.13 15:32:48 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.13 15:32:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.13 15:32:21 | 1609,764,864 | -HS- | M] () -- C:\hiberfil.sys [2011.04.13 15:24:00 | 000,001,114 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000UA.job [2011.04.13 15:22:45 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTH.scr [2011.04.13 14:35:57 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.13 14:31:56 | 001,006,778 | ---- | M] () -- C:\Users\mike\Desktop\rkill.com [2011.04.12 21:55:51 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.04.12 21:51:19 | 000,000,096 | -H-- | M] () -- C:\ProgramData\~35905288 [2011.04.12 21:51:18 | 000,000,629 | -H-- | M] () -- C:\Users\mike\Desktop\Windows Restore.lnk [2011.04.12 21:51:18 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~35905288r [2011.04.12 21:51:15 | 000,000,336 | -H-- | M] () -- C:\ProgramData\35905288 [2011.04.12 21:43:51 | 000,000,120 | -H-- | M] () -- C:\Users\mike\AppData\Local\Fkatuwupomukim.dat [2011.04.12 21:43:51 | 000,000,000 | -H-- | M] () -- C:\Users\mike\AppData\Local\Gkivahukoziyeq.bin [2011.04.12 17:24:00 | 000,001,062 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000Core.job [2011.04.10 00:49:28 | 001,737,548 | -H-- | M] () -- C:\Users\mike\Desktop\asdf.flp [2011.04.06 01:11:05 | 000,000,038 | -H-- | M] () -- C:\Users\mike\Desktop\Mehr Auswahl Modell....URL [2011.04.02 20:41:32 | 001,744,917 | -H-- | M] () -- C:\Users\mike\Desktop\beschallt.flp [2011.04.02 05:33:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat [2011.03.26 17:30:56 | 000,002,395 | -H-- | M] () -- C:\Users\mike\Desktop\Google Chrome.lnk [2011.03.26 07:08:24 | 000,041,555 | -H-- | M] () -- C:\Users\mike\Desktop\wow_eu_game_card_92033738_CHBPRGGA.jpg [2011.03.22 13:22:47 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011.03.22 11:35:49 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm [2011.03.22 11:35:46 | 000,000,952 | -H-- | M] () -- C:\Users\mike\Desktop\Teamspeak 2 RC2.lnk [2011.03.21 13:20:56 | 000,000,723 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.03.14 21:57:25 | 000,000,050 | -H-- | M] () -- C:\Users\mike\Desktop\picdumps.com.URL ========== Files Created - No Company Name ========== [2011.04.13 14:35:57 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.13 14:31:47 | 001,006,778 | ---- | C] () -- C:\Users\mike\Desktop\rkill.com [2011.04.12 21:55:51 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.04.12 21:51:18 | 000,000,629 | -H-- | C] () -- C:\Users\mike\Desktop\Windows Restore.lnk [2011.04.12 21:51:18 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~35905288r [2011.04.12 21:51:18 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~35905288 [2011.04.12 21:51:15 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35905288 [2011.04.12 21:43:51 | 000,000,120 | -H-- | C] () -- C:\Users\mike\AppData\Local\Fkatuwupomukim.dat [2011.04.12 21:43:51 | 000,000,000 | -H-- | C] () -- C:\Users\mike\AppData\Local\Gkivahukoziyeq.bin [2011.04.08 23:15:37 | 001,737,548 | -H-- | C] () -- C:\Users\mike\Desktop\asdf.flp [2011.04.06 01:11:05 | 000,000,038 | -H-- | C] () -- C:\Users\mike\Desktop\Mehr Auswahl Modell....URL [2011.04.02 20:10:44 | 001,744,917 | -H-- | C] () -- C:\Users\mike\Desktop\beschallt.flp [2011.04.02 05:33:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.03.26 07:08:23 | 000,041,555 | -H-- | C] () -- C:\Users\mike\Desktop\wow_eu_game_card_92033738_CHBPRGGA.jpg [2011.03.22 13:22:47 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2011.03.22 11:35:46 | 000,000,952 | -H-- | C] () -- C:\Users\mike\Desktop\Teamspeak 2 RC2.lnk [2011.03.21 13:19:53 | 000,000,723 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.03.14 21:57:25 | 000,000,050 | -H-- | C] () -- C:\Users\mike\Desktop\picdumps.com.URL [2011.03.11 13:07:23 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.03.11 13:06:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.01.29 05:47:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2011.01.29 05:41:55 | 000,000,017 | -H-- | C] () -- C:\Users\mike\AppData\Local\resmon.resmoncfg [2011.01.29 05:34:10 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.04.2011 16:08:04 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mike\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 21,07 Gb Free Space | 43,24% Space Free | Partition Type: NTFS
Drive D: | 184,06 Gb Total Space | 160,53 Gb Free Space | 87,22% Space Free | Partition Type: NTFS
Computer Name: MIKE-NB | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45212F71-750F-4B98-8931-2F35DBE6B661}" = Paint.NET v3.5.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Drumaxx" = Drumaxx
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"HotspotShield" = Hotspot Shield 1.57
"IL Download Manager" = IL Download Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.6.30 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"PoiZone" = PoiZone
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Sakura" = Sakura
"Sawer" = Sawer
"SuperHideIP" = Super Hide IP
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.04.2011 15:13:42 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.04.2011 15:52:59 | Computer Name = mike-nb | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\mike\AppData\Local\Temp\RarSFX0\redist.dll".
Die
abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.04.2011 15:56:14 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.04.2011 15:56:14 | Computer Name = mike-nb | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 11.04.2011 23:15:56 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 10 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 11.04.2011 23:15:56 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 12.04.2011 08:14:49 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 9 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 12.04.2011 08:14:49 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 12.04.2011 08:14:49 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 10 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 12.04.2011 08:14:49 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 12.04.2011 10:39:51 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 12.04.2011 10:39:51 | Computer Name = mike-nb | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 12.04.2011 16:06:21 | Computer Name = mike-nb | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 12.04.2011 16:09:22 | Computer Name = mike-nb | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
< End of report >
 eigentlich hatte ich geplant über "Zubehör und Systemwiederherstellung" an meine Daten zurück zu kommen, doch ich finde über Start nicht mal Zubehör So sehr kenn ich mich leider nicht mit Viren und allg. PC-Verständnis aus.  mfg koalabaehr |
|
14.04.2011, 10:00
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | System Defragmenter: Daten verschwunden. Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
__________________Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Berichte ob die Dateien wieder sichtbar sind und ob du wieder Zugriff darauf hast. Wenn ja machen wir mit einem OTL-Fix weiter. Näheres dann.
__________________ |
|
14.04.2011, 10:53
| #3 |
| | System Defragmenter: Daten verschwunden. Hallo, ich bin dir jetzt schon sehr dankbar
__________________, ist glaube ich alles da, soweit . Ok, was genau soll ich mitm OTL-Fix machen?mfg mB |
|
14.04.2011, 11:10
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Defragmenter: Daten verschwunden. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.04.12 21:51:18 | 000,000,629 | -H-- | C] () -- C:\Users\mike\Desktop\Windows Restore.lnk
[2011.04.12 21:51:18 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~35905288r
[2011.04.12 21:51:18 | 000,000,096 | -H-- | C] () -- C:\ProgramData\~35905288
[2011.04.12 21:51:15 | 000,000,336 | -H-- | C] () -- C:\ProgramData\35905288
[2011.04.12 21:43:51 | 000,000,120 | -H-- | C] () -- C:\Users\mike\AppData\Local\Fkatuwupomukim.dat
[2011.04.12 21:43:51 | 000,000,000 | -H-- | C] () -- C:\Users\mike\AppData\Local\Gkivahukoziyeq.bin
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\Shell - "" = AutoRun
O33 - MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\Shell\AutoRun\command - "" = E:\Autorun.exe
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
[2011.03.27 21:05:13 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2011, 17:41
| #5 |
| | System Defragmenter: Daten verschwunden. So habs gemacht. Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\mike\Desktop\Windows Restore.lnk moved successfully.
C:\ProgramData\~35905288r moved successfully.
C:\ProgramData\~35905288 moved successfully.
C:\ProgramData\35905288 moved successfully.
C:\Users\mike\AppData\Local\Fkatuwupomukim.dat moved successfully.
C:\Users\mike\AppData\Local\Gkivahukoziyeq.bin moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebd326ef-2bc8-11e0-97eb-001b3879c113}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-23-Feb-2011-21-20-38-GMT folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-30-Jan-2011-13-04-15-GMT folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-27-Mar-2011-19-38-20-GMT folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\hvz1ujym.default\extensions\toolbar@ask.com folder moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: mike
->Temp folder emptied: 546646 bytes
->Temporary Internet Files folder emptied: 7809561 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96504600 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3039 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4359167 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 104,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04142011_183510
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
14.04.2011, 18:01
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Defragmenter: Daten verschwunden. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ --> System Defragmenter: Daten verschwunden. |
|
14.04.2011, 18:12
| #7 |
| | System Defragmenter: Daten verschwunden. Das Programm hat nichts gefunden, sollte ich das hier Posten?: Code:
ATTFilter 2011/04/14 19:10:19.0034 5556 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/14 19:10:19.0364 5556 ================================================================================
2011/04/14 19:10:19.0364 5556 SystemInfo:
2011/04/14 19:10:19.0364 5556
2011/04/14 19:10:19.0364 5556 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/14 19:10:19.0364 5556 Product type: Workstation
2011/04/14 19:10:19.0364 5556 ComputerName: MIKE-NB
2011/04/14 19:10:19.0364 5556 UserName: mike
2011/04/14 19:10:19.0364 5556 Windows directory: C:\Windows
2011/04/14 19:10:19.0364 5556 System windows directory: C:\Windows
2011/04/14 19:10:19.0364 5556 Processor architecture: Intel x86
2011/04/14 19:10:19.0364 5556 Number of processors: 2
2011/04/14 19:10:19.0364 5556 Page size: 0x1000
2011/04/14 19:10:19.0364 5556 Boot type: Normal boot
2011/04/14 19:10:19.0365 5556 ================================================================================
2011/04/14 19:10:19.0688 5556 Initialize success
2011/04/14 19:10:24.0625 2940 ================================================================================
2011/04/14 19:10:24.0625 2940 Scan started
2011/04/14 19:10:24.0625 2940 Mode: Manual;
2011/04/14 19:10:24.0625 2940 ================================================================================
2011/04/14 19:10:25.0665 2940 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/04/14 19:10:25.0754 2940 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/04/14 19:10:25.0819 2940 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/04/14 19:10:25.0883 2940 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/14 19:10:25.0929 2940 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/14 19:10:25.0966 2940 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/14 19:10:26.0049 2940 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/04/14 19:10:26.0103 2940 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/04/14 19:10:26.0162 2940 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/14 19:10:26.0226 2940 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/04/14 19:10:26.0266 2940 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/04/14 19:10:26.0292 2940 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/04/14 19:10:26.0343 2940 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/14 19:10:26.0373 2940 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/14 19:10:26.0447 2940 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/04/14 19:10:26.0505 2940 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/14 19:10:26.0544 2940 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/04/14 19:10:26.0613 2940 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/04/14 19:10:26.0693 2940 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/14 19:10:26.0722 2940 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/14 19:10:26.0766 2940 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/14 19:10:26.0807 2940 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/04/14 19:10:26.0871 2940 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
2011/04/14 19:10:26.0963 2940 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/14 19:10:26.0999 2940 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/14 19:10:27.0068 2940 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/14 19:10:27.0121 2940 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/14 19:10:27.0165 2940 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/14 19:10:27.0208 2940 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/14 19:10:27.0249 2940 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/14 19:10:27.0285 2940 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/14 19:10:27.0309 2940 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/14 19:10:27.0347 2940 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/14 19:10:27.0379 2940 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/14 19:10:27.0411 2940 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/14 19:10:27.0428 2940 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/14 19:10:27.0467 2940 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/14 19:10:27.0525 2940 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/14 19:10:27.0591 2940 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/04/14 19:10:27.0646 2940 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/14 19:10:27.0696 2940 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/14 19:10:27.0794 2940 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/14 19:10:27.0843 2940 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/04/14 19:10:27.0882 2940 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/14 19:10:27.0921 2940 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/14 19:10:27.0974 2940 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/04/14 19:10:28.0018 2940 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/14 19:10:28.0093 2940 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/04/14 19:10:28.0173 2940 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/04/14 19:10:28.0219 2940 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/14 19:10:28.0259 2940 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/14 19:10:28.0317 2940 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/04/14 19:10:28.0444 2940 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\Program Files\Launch Manager\DPortIO.sys
2011/04/14 19:10:28.0519 2940 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/14 19:10:28.0571 2940 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/04/14 19:10:28.0640 2940 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/14 19:10:28.0706 2940 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/14 19:10:28.0825 2940 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/14 19:10:29.0067 2940 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/14 19:10:29.0141 2940 enecir (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys
2011/04/14 19:10:29.0186 2940 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/04/14 19:10:29.0303 2940 EverestDriver (76984d46b2abaa46f8b3fcef82c9217d) C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
2011/04/14 19:10:29.0391 2940 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/14 19:10:29.0437 2940 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/14 19:10:29.0469 2940 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/14 19:10:29.0506 2940 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/14 19:10:29.0534 2940 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/14 19:10:29.0554 2940 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/14 19:10:29.0603 2940 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/14 19:10:29.0646 2940 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/14 19:10:29.0676 2940 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/14 19:10:29.0746 2940 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/14 19:10:29.0795 2940 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/14 19:10:29.0862 2940 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/14 19:10:29.0932 2940 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/04/14 19:10:29.0962 2940 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/14 19:10:29.0986 2940 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/14 19:10:30.0011 2940 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/14 19:10:30.0043 2940 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/14 19:10:30.0131 2940 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/04/14 19:10:30.0213 2940 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/14 19:10:30.0271 2940 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/04/14 19:10:30.0426 2940 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/04/14 19:10:30.0461 2940 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/14 19:10:30.0525 2940 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/04/14 19:10:30.0578 2940 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/04/14 19:10:30.0636 2940 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/14 19:10:30.0686 2940 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/04/14 19:10:30.0734 2940 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/14 19:10:30.0769 2940 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/14 19:10:30.0826 2940 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/14 19:10:30.0857 2940 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/14 19:10:30.0902 2940 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/14 19:10:30.0944 2940 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/04/14 19:10:30.0993 2940 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/04/14 19:10:31.0034 2940 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/04/14 19:10:31.0100 2940 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/04/14 19:10:31.0148 2940 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/14 19:10:31.0190 2940 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/14 19:10:31.0273 2940 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/14 19:10:31.0326 2940 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/14 19:10:31.0358 2940 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/14 19:10:31.0389 2940 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/14 19:10:31.0415 2940 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/14 19:10:31.0477 2940 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/14 19:10:31.0507 2940 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/14 19:10:31.0558 2940 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/14 19:10:31.0585 2940 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/14 19:10:31.0629 2940 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/14 19:10:31.0662 2940 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/04/14 19:10:31.0684 2940 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/14 19:10:31.0733 2940 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/14 19:10:31.0777 2940 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/04/14 19:10:31.0811 2940 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/14 19:10:31.0863 2940 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/04/14 19:10:31.0918 2940 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/14 19:10:31.0963 2940 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/14 19:10:32.0005 2940 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/14 19:10:32.0061 2940 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/04/14 19:10:32.0115 2940 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/04/14 19:10:32.0180 2940 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/14 19:10:32.0204 2940 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/14 19:10:32.0245 2940 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/04/14 19:10:32.0282 2940 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/14 19:10:32.0326 2940 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/14 19:10:32.0356 2940 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/14 19:10:32.0382 2940 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/14 19:10:32.0434 2940 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/04/14 19:10:32.0474 2940 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/14 19:10:32.0500 2940 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/14 19:10:32.0525 2940 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/14 19:10:32.0566 2940 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/14 19:10:32.0636 2940 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/04/14 19:10:32.0681 2940 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/14 19:10:32.0726 2940 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/14 19:10:32.0773 2940 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/14 19:10:32.0826 2940 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/14 19:10:32.0872 2940 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/04/14 19:10:32.0928 2940 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/14 19:10:32.0982 2940 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/14 19:10:33.0045 2940 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/14 19:10:33.0078 2940 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/14 19:10:33.0107 2940 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/14 19:10:33.0191 2940 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/04/14 19:10:33.0250 2940 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/14 19:10:33.0329 2940 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/04/14 19:10:33.0666 2940 nvlddmkm (f1d968e03a9cdbfeb742678184fe020a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/14 19:10:33.0941 2940 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/04/14 19:10:34.0001 2940 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/04/14 19:10:34.0076 2940 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/04/14 19:10:34.0139 2940 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/04/14 19:10:34.0188 2940 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/04/14 19:10:34.0248 2940 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/14 19:10:34.0294 2940 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/04/14 19:10:34.0320 2940 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/14 19:10:34.0368 2940 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/04/14 19:10:34.0387 2940 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/04/14 19:10:34.0423 2940 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/14 19:10:34.0451 2940 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/14 19:10:34.0491 2940 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/14 19:10:34.0635 2940 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/14 19:10:34.0662 2940 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/14 19:10:34.0710 2940 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/14 19:10:34.0774 2940 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/14 19:10:34.0831 2940 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/14 19:10:34.0867 2940 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/14 19:10:34.0889 2940 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/14 19:10:34.0943 2940 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/14 19:10:34.0982 2940 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/14 19:10:35.0020 2940 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/14 19:10:35.0046 2940 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/14 19:10:35.0091 2940 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/14 19:10:35.0125 2940 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/14 19:10:35.0167 2940 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/14 19:10:35.0228 2940 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/04/14 19:10:35.0262 2940 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/14 19:10:35.0287 2940 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/14 19:10:35.0360 2940 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/04/14 19:10:35.0409 2940 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/04/14 19:10:35.0474 2940 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/04/14 19:10:35.0556 2940 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/04/14 19:10:35.0589 2940 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/04/14 19:10:35.0617 2940 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/04/14 19:10:35.0715 2940 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/14 19:10:35.0773 2940 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/04/14 19:10:35.0827 2940 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/04/14 19:10:35.0884 2940 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/14 19:10:35.0952 2940 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
2011/04/14 19:10:36.0004 2940 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/14 19:10:36.0085 2940 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/14 19:10:36.0116 2940 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/14 19:10:36.0165 2940 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/14 19:10:36.0239 2940 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/14 19:10:36.0267 2940 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/14 19:10:36.0285 2940 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/14 19:10:36.0321 2940 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/14 19:10:36.0389 2940 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/04/14 19:10:36.0436 2940 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/14 19:10:36.0460 2940 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/14 19:10:36.0489 2940 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/14 19:10:36.0541 2940 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/14 19:10:36.0619 2940 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/14 19:10:36.0663 2940 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/14 19:10:36.0744 2940 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/04/14 19:10:36.0821 2940 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/04/14 19:10:36.0885 2940 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/04/14 19:10:36.0927 2940 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/14 19:10:36.0984 2940 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/14 19:10:37.0031 2940 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/14 19:10:37.0079 2940 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/04/14 19:10:37.0121 2940 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/04/14 19:10:37.0152 2940 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/04/14 19:10:37.0261 2940 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/04/14 19:10:37.0361 2940 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/04/14 19:10:37.0479 2940 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/14 19:10:37.0539 2940 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/14 19:10:37.0597 2940 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/04/14 19:10:37.0630 2940 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/04/14 19:10:37.0678 2940 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/14 19:10:37.0718 2940 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/04/14 19:10:37.0802 2940 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/14 19:10:37.0872 2940 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/14 19:10:37.0992 2940 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/14 19:10:38.0032 2940 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/14 19:10:38.0084 2940 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/14 19:10:38.0153 2940 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/14 19:10:38.0218 2940 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/04/14 19:10:38.0273 2940 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/14 19:10:38.0361 2940 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/04/14 19:10:38.0410 2940 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/04/14 19:10:38.0472 2940 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/04/14 19:10:38.0526 2940 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/14 19:10:38.0590 2940 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/04/14 19:10:38.0616 2940 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/14 19:10:38.0655 2940 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/14 19:10:38.0700 2940 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/14 19:10:38.0742 2940 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/14 19:10:38.0774 2940 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/14 19:10:38.0847 2940 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/14 19:10:38.0925 2940 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/14 19:10:39.0006 2940 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/14 19:10:39.0030 2940 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/14 19:10:39.0114 2940 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/04/14 19:10:39.0174 2940 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/04/14 19:10:39.0221 2940 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/14 19:10:39.0248 2940 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/04/14 19:10:39.0295 2940 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/04/14 19:10:39.0336 2940 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/04/14 19:10:39.0376 2940 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/04/14 19:10:39.0422 2940 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/14 19:10:39.0474 2940 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/04/14 19:10:39.0519 2940 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/14 19:10:39.0557 2940 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/14 19:10:39.0596 2940 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/14 19:10:39.0642 2940 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/14 19:10:39.0693 2940 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/14 19:10:39.0710 2940 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/14 19:10:39.0770 2940 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/14 19:10:39.0811 2940 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/14 19:10:39.0905 2940 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/14 19:10:39.0934 2940 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/14 19:10:40.0049 2940 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/14 19:10:40.0125 2940 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/14 19:10:40.0209 2940 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/14 19:10:40.0284 2940 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/04/14 19:10:40.0343 2940 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/14 19:10:40.0452 2940 ================================================================================
2011/04/14 19:10:40.0452 2940 Scan finished
2011/04/14 19:10:40.0452 2940 ================================================================================
|
|
14.04.2011, 18:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Defragmenter: Daten verschwunden. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2011, 19:13
| #9 |
| | System Defragmenter: Daten verschwunden. Ok, alles ausgeführt. Hier das Ergebnis: Code:
ATTFilter ComboFix 11-04-13.06 - mike 14.04.2011 20:01:42.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2047.1499 [GMT 2:00]
ausgeführt von:: c:\users\mike\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}
c:\users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}\chrome.manifest
c:\users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}\chrome\content\_cfg.js
c:\users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}\chrome\content\overlay.xul
c:\users\mike\AppData\Local\{1EF9A571-44C1-4809-9AA2-CABE4412709C}\install.rdf
c:\users\mike\AppData\Roaming\Adobe\plugs
c:\users\mike\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-14 bis 2011-04-14 ))))))))))))))))))))))))))))))
.
.
2011-04-14 18:06 . 2011-04-14 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-14 17:54 . 2011-04-14 17:54 -------- d-----w- c:\program files\CCleaner
2011-04-14 14:12 . 2011-04-14 14:13 -------- d-----w- c:\users\mike\AppData\Local\{E93C4D23-9E4D-4BE7-90BD-7A53909A6343}
2011-04-14 02:19 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 02:19 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 02:19 . 2011-02-18 05:43 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-14 02:19 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 02:19 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 02:19 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 02:19 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 02:19 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 02:12 . 2011-04-14 02:12 -------- d-----w- c:\users\mike\AppData\Local\{E4E31595-88D2-4792-B0E8-5B56EB8C970B}
2011-04-13 14:59 . 2011-04-13 14:59 -------- d-----w- C:\_OTL
2011-04-13 12:36 . 2011-04-13 12:36 -------- d-----w- c:\users\mike\AppData\Roaming\Malwarebytes
2011-04-13 12:35 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-13 12:35 . 2011-04-13 12:35 -------- d-----w- c:\programdata\Malwarebytes
2011-04-13 12:35 . 2011-04-13 12:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-13 12:35 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-13 12:19 . 2011-04-13 12:19 -------- d-----w- c:\users\mike\AppData\Local\{768180EA-32AB-4D78-B635-385E07F0A01A}
2011-04-12 20:05 . 2011-04-12 20:05 -------- d-----w- c:\users\mike\AppData\Roaming\Avira
2011-04-12 19:55 . 2011-03-04 14:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-12 19:55 . 2011-03-04 12:36 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-12 19:55 . 2011-04-12 19:55 -------- d-----w- c:\programdata\Avira
2011-04-12 19:55 . 2011-04-12 19:55 -------- d-----w- c:\program files\Avira
2011-04-12 15:16 . 2011-04-12 15:17 -------- d-----w- c:\users\mike\AppData\Local\{F61D48E0-D4AD-4A59-BF79-DD14D6245EF3}
2011-04-12 14:44 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB04E67C-10CE-4F7B-9087-68C8BF2920A3}\mpengine.dll
2011-04-12 03:16 . 2011-04-12 03:16 -------- d-----w- c:\users\mike\AppData\Local\{07E61982-0757-464B-A6A0-6527CE9292F6}
2011-04-11 12:25 . 2011-04-11 12:25 -------- d-----w- c:\users\mike\AppData\Local\{059FE0BC-21DC-4C54-8D02-087C9A07109D}
2011-04-10 15:57 . 2011-04-10 15:58 -------- d-----w- c:\users\mike\AppData\Local\{6FAEC9F2-E2F9-43B6-90D6-1C57A87D8240}
2011-04-10 02:36 . 2011-04-10 02:37 -------- d-----w- c:\users\mike\AppData\Local\{5698F50B-B9E5-4273-823F-0D68D2F01FEC}
2011-04-09 09:56 . 2011-04-09 09:56 -------- d-----w- c:\users\mike\AppData\Local\{ED070D34-DFE4-4F20-91D9-E99F18AA1A35}
2011-04-08 20:25 . 2011-04-08 20:25 -------- d-----w- c:\users\mike\AppData\Local\{51138A72-8270-40AB-BD48-9B402E54FFCE}
2011-04-08 08:24 . 2011-04-08 08:24 -------- d-----w- c:\users\mike\AppData\Local\{9CD6AF7D-C088-4A28-9A99-BA19E560B697}
2011-04-07 20:23 . 2011-04-07 20:24 -------- d-----w- c:\users\mike\AppData\Local\{266ED28B-E6C1-4220-9C8A-8C0EBCFEBD48}
2011-04-07 08:23 . 2011-04-07 08:23 -------- d-----w- c:\users\mike\AppData\Local\{180B9564-B396-442E-8A87-04C16A1A8793}
2011-04-06 20:22 . 2011-04-06 20:23 -------- d-----w- c:\users\mike\AppData\Local\{0EDCAFDC-BF70-4503-B155-3631289F0000}
2011-04-06 06:00 . 2011-04-06 06:00 -------- d-----w- c:\users\mike\AppData\Local\{7449BDC1-0CA5-44B1-84B9-870AC615BCDD}
2011-04-05 10:20 . 2011-04-05 10:20 -------- d-----w- c:\users\mike\AppData\Local\{E427D2C8-4C97-44D7-9485-0DAB5F64549B}
2011-04-04 20:14 . 2011-04-04 20:14 -------- d-----w- c:\users\mike\AppData\Local\{D7A19759-55C4-4D21-8D14-B15D0F396B89}
2011-04-04 07:55 . 2011-04-04 07:55 -------- d-----w- c:\users\mike\AppData\Local\{E646AC86-E6E6-43B8-BF14-7BD51ABB7ACF}
2011-04-03 09:33 . 2011-04-03 09:33 -------- d-----w- c:\users\mike\AppData\Local\{65FB1F50-87C0-40C3-AB21-D4B546D398AD}
2011-04-02 16:33 . 2011-04-02 16:33 -------- d-----w- c:\users\mike\AppData\Local\{1E911478-0DAA-4385-ACF8-DD91EFA598F9}
2011-04-02 03:22 . 2011-04-02 03:22 -------- d-----w- c:\users\mike\AppData\Local\{7BA2FC48-5892-4DB9-ACB4-28F5DCE1A66A}
2011-04-01 12:20 . 2011-04-01 12:21 -------- d-----w- c:\users\mike\AppData\Local\{4948BBE8-AB4F-4032-AFDC-BFBF77DBB7AB}
2011-03-31 12:24 . 2011-03-31 12:24 -------- d-----w- c:\users\mike\AppData\Local\{4834C767-8F18-4341-A9AA-30746CAF2C20}
2011-03-30 12:25 . 2011-03-30 12:25 -------- d-----w- c:\users\mike\AppData\Local\{994BD1AD-A51A-4315-9E59-D6009DCE8D08}
2011-03-29 12:33 . 2011-03-29 12:34 -------- d-----w- c:\users\mike\AppData\Local\{3FC0EB9F-C257-4CBC-A71A-413876081236}
2011-03-28 12:19 . 2011-03-28 12:19 -------- d-----w- c:\users\mike\AppData\Local\{5BB6F680-882E-4264-84FA-95EB7F011048}
2011-03-27 18:10 . 2011-03-27 18:10 -------- d-----w- c:\users\mike\AppData\Local\{2BB66A8A-14E5-4252-8757-1727D7128A6C}
2011-03-27 16:49 . 2011-03-27 16:49 -------- d-----w- c:\users\mike\AppData\Local\{B9F68E75-131C-4A91-B062-38824BDA35C7}
2011-03-27 04:48 . 2011-03-27 04:48 -------- d-----w- c:\users\mike\AppData\Local\{37BF7B4A-E352-4782-B266-76BD4B015F52}
2011-03-26 15:29 . 2011-03-26 15:29 -------- d-----w- c:\users\mike\AppData\Local\{07C0076B-ABDD-452A-8F95-15914032AAFB}
2011-03-25 21:16 . 2011-03-25 21:16 -------- d-----w- c:\users\mike\AppData\Local\{A8222740-3E50-4874-8161-64BA63046BAA}
2011-03-25 09:15 . 2011-03-25 09:15 -------- d-----w- c:\users\mike\AppData\Local\{5903A6C1-025B-43E1-883B-CC9E2C9BCFBF}
2011-03-24 21:15 . 2011-03-24 21:15 -------- d-----w- c:\users\mike\AppData\Local\{FF51A546-E57C-4DE4-948C-9E371F4C7EF7}
2011-03-23 23:36 . 2011-03-23 23:36 -------- d-----w- c:\users\mike\AppData\Local\{BBA48236-2316-4BD6-9933-1E5A70B1BF66}
2011-03-23 11:35 . 2011-03-23 11:35 -------- d-----w- c:\users\mike\AppData\Local\{D7916350-4400-4223-B20A-35FC14DBA6C5}
2011-03-22 23:34 . 2011-03-22 23:35 -------- d-----w- c:\users\mike\AppData\Local\{4D6EC84D-A1EA-4B16-8327-369F04276F3A}
2011-03-22 11:34 . 2011-03-22 11:34 -------- d-----w- c:\users\mike\AppData\Local\{4BE02F82-89AD-41C3-BBF0-3D0D5D32EC0A}
2011-03-22 11:24 . 2011-04-14 17:56 -------- d-----w- c:\users\mike\AppData\Roaming\TS3Client
2011-03-22 11:22 . 2011-03-22 11:22 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-03-22 09:35 . 2011-03-22 09:36 -------- d-----w- c:\users\mike\AppData\Roaming\teamspeak2
2011-03-22 09:35 . 2011-03-22 09:35 34064 ----a-w- c:\windows\system32\lhacm.acm
2011-03-22 09:35 . 2011-03-22 09:35 -------- d-----w- c:\program files\Teamspeak2_RC2
2011-03-21 23:33 . 2011-03-21 23:34 -------- d-----w- c:\users\mike\AppData\Local\{8A573385-CB9C-48FB-A904-923E066E2306}
2011-03-21 11:33 . 2011-03-21 11:33 -------- d-----w- c:\users\mike\AppData\Local\{BA939EB4-00E6-4839-A093-9E98C0137C98}
2011-03-21 11:19 . 2011-03-21 11:20 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2011-03-21 11:18 . 2011-03-21 11:39 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-03-20 23:32 . 2011-03-20 23:32 -------- d-----w- c:\users\mike\AppData\Local\{4A90E209-6F8A-47CD-8062-0B596DC4C325}
2011-03-20 11:31 . 2011-03-20 11:32 -------- d-----w- c:\users\mike\AppData\Local\{0855DDDA-1725-4B69-9F2A-6A1A4DFF05E5}
2011-03-19 18:08 . 2011-03-19 18:08 -------- d-----w- c:\users\mike\AppData\Local\{E263A234-008E-426C-87CD-0F9A39561506}
2011-03-19 06:07 . 2011-03-19 06:07 -------- d-----w- c:\users\mike\AppData\Local\{DE187948-41D0-48EF-8B3D-099C46D2756B}
2011-03-18 13:14 . 2011-03-18 13:14 -------- d-----w- c:\users\mike\AppData\Local\{6D93ED1C-FDD1-48D2-92EA-ACCCCE5E49F1}
2011-03-17 13:14 . 2011-03-17 13:15 -------- d-----w- c:\users\mike\AppData\Local\{67A8377E-AF42-4181-844B-FD8316A69BE5}
2011-03-16 21:14 . 2011-03-16 21:15 -------- d-----w- c:\users\mike\AppData\Local\{D0CF9CCB-E179-4B74-BB99-DB1470A41296}
2011-03-16 08:30 . 2011-03-16 08:31 -------- d-----w- c:\users\mike\AppData\Local\{909109BE-0F33-4CB6-B2F8-125DE74CDD99}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 11:14 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-08 21:16 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:30 . 2011-03-09 08:01 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30 . 2011-03-09 08:01 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30 . 2011-03-09 08:01 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-09 01:50 . 2011-02-09 01:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 05:54 . 2011-02-22 08:33 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-02-09 20:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-29 19:18 . 2011-01-29 19:18 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2010-12-21 1739848]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Google Update"="c:\users\mike\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-28 136176]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-03-01 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2008-04-02 768520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\herrbert.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 136176]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-17 7168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-29 218688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-05-16 32256]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 20:32]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 20:32]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000Core.job
- c:\users\mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 20:32]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000UA.job
- c:\users\mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 20:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com?o=102869&l=dis&gct=hp
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\hvz1ujym.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://de.ask.com?o=102869&l=dis&gct=hp
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=8adcccd9-78d0-4181-ba9c-963df8105170&apn_ptnrs=5J&apn_sauid=AD749FDE-86A5-4ABA-9CA6-1DF7B53706C1&apn_dtid=YYYYYYYYDE&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-14 20:07:51
ComboFix-quarantined-files.txt 2011-04-14 18:07
.
Vor Suchlauf: 8 Verzeichnis(se), 23.031.529.472 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 22.926.438.400 Bytes frei
.
- - End Of File - - A1CF166E06C2B02DD76F9AC15999C6DE
|
|
14.04.2011, 19:55
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Defragmenter: Daten verschwunden. Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2011, 12:59
| #11 |
| | System Defragmenter: Daten verschwunden. Ok, Hier GMER-log: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-15 13:42:40
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD2500BEVS-22UST0 rev.01.01A01
Running: 3yibmmgo.exe; Driver: C:\Users\mike\AppData\Local\Temp\kxtdypow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A75339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AAED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 13:55:08 on 15.04.2011 OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000Core.job" - "Google Inc." - C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-2100560739-1819123127-3695758804-1000UA.job" - "Google Inc." - C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys (File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\mike\AppData\Local\Temp\catchme.sys (File not found) "Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\Program Files\Launch Manager\DPortIO.sys "kxtdypow" (kxtdypow) - ? - C:\Users\mike\AppData\Local\Temp\kxtdypow.sys (Hidden registry entry, rootkit activity | File not found) "Lavalys EVEREST Kernel Driver" (EverestDriver) - ? - C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt (File found, but it contains no detailed information) "nvlddmkm" (nvlddmkm) - "NVIDIA Corporation" - C:\Windows\System32\DRIVERS\nvlddmkm.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys (File not found) "VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys (File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {5B9C04C2-5EB5-4B60-8B71-46964DB8CDBF} "IVB Shl Ext" - ? - (File not found | COM-object registry key not found) {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun "Google Update" - "Google Inc." - "C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c "ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4 "ManyCam" - "ManyCam LLC" - "C:\Program Files\ManyCam\Bin\ManyCam.exe" /silent "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\herrbert.exe" /runcleanupscript "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Program Files\Hotspot Shield\bin\hsswd.exe (File found, but it contains no detailed information) "Hotspot Shield Routing Service" (HssSrv) - ? - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe "Hotspot Shield Service" (HotspotShieldService) - ? - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (File found, but it contains no detailed information) "Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (File found, but it contains no detailed information) "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru MBRCheck-log: Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 5520
Logical Drives Mask: 0x0000007c
Kernel Drivers (total 206):
0x82A37000 \SystemRoot\system32\ntkrnlpa.exe
0x82A00000 \SystemRoot\system32\halmacpi.dll
0x80BB3000 \SystemRoot\system32\kdcom.dll
0x88606000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x88611000 \SystemRoot\system32\PSHED.dll
0x88622000 \SystemRoot\system32\BOOTVID.dll
0x8862A000 \SystemRoot\system32\CLFS.SYS
0x8866C000 \SystemRoot\system32\CI.dll
0x88717000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88788000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88796000 \SystemRoot\system32\drivers\ACPI.sys
0x887DE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x887E7000 \SystemRoot\system32\drivers\msisadrv.sys
0x88828000 \SystemRoot\system32\drivers\pci.sys
0x88852000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8885D000 \SystemRoot\System32\drivers\partmgr.sys
0x8886E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88876000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88881000 \SystemRoot\system32\drivers\volmgr.sys
0x88891000 \SystemRoot\System32\drivers\volmgrx.sys
0x888DC000 \SystemRoot\system32\drivers\pciide.sys
0x888E3000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x888F1000 \SystemRoot\System32\drivers\mountmgr.sys
0x88907000 \SystemRoot\system32\drivers\vmbus.sys
0x88931000 \SystemRoot\system32\drivers\winhv.sys
0x88943000 \SystemRoot\system32\drivers\atapi.sys
0x8894C000 \SystemRoot\system32\drivers\ataport.SYS
0x8896F000 \SystemRoot\system32\drivers\amdxata.sys
0x88978000 \SystemRoot\system32\drivers\fltmgr.sys
0x889AC000 \SystemRoot\system32\drivers\fileinfo.sys
0x88A18000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88B47000 \SystemRoot\System32\Drivers\msrpc.sys
0x88B72000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88B85000 \SystemRoot\System32\Drivers\cng.sys
0x88BE2000 \SystemRoot\System32\drivers\pcw.sys
0x88BF0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88C07000 \SystemRoot\system32\drivers\ndis.sys
0x88CBE000 \SystemRoot\system32\drivers\NETIO.SYS
0x88CFC000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x88E04000 \SystemRoot\System32\drivers\tcpip.sys
0x88F4E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88F7F000 \SystemRoot\system32\drivers\vmstorfl.sys
0x88F88000 \SystemRoot\system32\drivers\volsnap.sys
0x88FC7000 \SystemRoot\System32\Drivers\spldr.sys
0x88FCF000 \SystemRoot\System32\drivers\rdyboost.sys
0x88D21000 \SystemRoot\System32\Drivers\mup.sys
0x88D31000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88D39000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x88D6B000 \SystemRoot\system32\DRIVERS\disk.sys
0x88D7C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x88DD3000 \SystemRoot\system32\drivers\cdrom.sys
0x88DF2000 \SystemRoot\System32\Drivers\Null.SYS
0x88DF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x88A00000 \SystemRoot\System32\drivers\vga.sys
0x889BD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x889DE000 \SystemRoot\System32\drivers\watchdog.sys
0x88A0C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x889EB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x889F3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x88800000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8880B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DA14000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DA2B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DA37000 \SystemRoot\system32\drivers\afd.sys
0x8DA91000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DAC3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8DACA000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DAE9000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8DAFA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DB08000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
0x8DB43000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DB56000 \SystemRoot\system32\drivers\termdd.sys
0x8DB67000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8DB6D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DBAE000 \??\C:\Program Files\Launch Manager\DPortIO.sys
0x8DBB2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DBBC000 \SystemRoot\system32\drivers\mssmbios.sys
0x8DBC6000 \SystemRoot\System32\drivers\discache.sys
0x90617000 \SystemRoot\system32\drivers\csc.sys
0x9067B000 \SystemRoot\System32\Drivers\dfsc.sys
0x90693000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x906A1000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x906C7000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x906E8000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x906FA000 \SystemRoot\system32\drivers\wmiacpi.sys
0x90703000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90707000 \SystemRoot\system32\DRIVERS\enecir.sys
0x90719000 \SystemRoot\system32\drivers\i8042prt.sys
0x90731000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x9073B000 \SystemRoot\system32\drivers\kbdclass.sys
0x90748000 \SystemRoot\system32\drivers\mouclass.sys
0x90755000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x90758000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x90762000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x907AD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x907BC000 \SystemRoot\system32\drivers\HDAudBus.sys
0x8DBD2000 \SystemRoot\system32\drivers\1394ohci.sys
0x907DB000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x907EA000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x93A0F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x93A60000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x95023000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x95984000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9483D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x948F4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x95A26000 \SystemRoot\system32\DRIVERS\athr.sys
0x95B36000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x95B40000 \SystemRoot\system32\drivers\CompositeBus.sys
0x95B4D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x95B5F000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x95B6F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x95B87000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x95B92000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x95BB4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x95BCC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x95BE3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x95A00000 \SystemRoot\system32\DRIVERS\taphss.sys
0x95A07000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x95A11000 \SystemRoot\system32\drivers\swenum.sys
0x9492D000 \SystemRoot\system32\drivers\ks.sys
0x95A13000 \SystemRoot\system32\DRIVERS\circlass.sys
0x94961000 \SystemRoot\system32\drivers\umbus.sys
0x9496F000 \SystemRoot\system32\drivers\usbhub.sys
0x949B3000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x95986000 \SystemRoot\system32\drivers\HdAudio.sys
0x949C4000 \SystemRoot\system32\drivers\portcls.sys
0x94800000 \SystemRoot\system32\drivers\drmk.sys
0x94819000 \SystemRoot\system32\DRIVERS\hidir.sys
0x94828000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x949F3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x959D6000 \SystemRoot\system32\drivers\kbdhid.sys
0x959E2000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97650000 \SystemRoot\System32\win32k.sys
0x959ED000 \SystemRoot\System32\drivers\Dxapi.sys
0x95000000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9500D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x95018000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x93B5D000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93B6E000 \SystemRoot\system32\drivers\usbccgp.sys
0x95A21000 \SystemRoot\system32\drivers\USBD.SYS
0x93B85000 \SystemRoot\system32\drivers\usbaudio.sys
0x93B99000 \SystemRoot\system32\drivers\hidusb.sys
0x93BA4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x93BBB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93BC6000 \SystemRoot\System32\Drivers\usbvideo.sys
0x978B0000 \SystemRoot\System32\TSDDD.dll
0x978E0000 \SystemRoot\System32\cdd.dll
0x88DA1000 \SystemRoot\system32\drivers\luafv.sys
0x93BEA000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8D031000 \SystemRoot\system32\drivers\WudfPf.sys
0x8D04B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8D05B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8D0A1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8D0B1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8D0C4000 \SystemRoot\system32\drivers\HTTP.sys
0x8D149000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8D162000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8D174000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8D197000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8D1D2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B026000 \SystemRoot\system32\drivers\peauth.sys
0x9B0BD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B0C7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B0E8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B15F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B62D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B683000 \??\C:\Users\mike\AppData\Local\Temp\kxtdypow.sys
0x76ED0000 \Windows\System32\ntdll.dll
0x48020000 \Windows\System32\smss.exe
0x77110000 \Windows\System32\apisetschema.dll
0x000C0000 \Windows\System32\autochk.exe
0x77060000 \Windows\System32\advapi32.dll
0x77040000 \Windows\System32\sechost.dll
0x77030000 \Windows\System32\nsi.dll
0x77020000 \Windows\System32\lpk.dll
0x76E40000 \Windows\System32\oleaut32.dll
0x76DE0000 \Windows\System32\difxapi.dll
0x76DC0000 \Windows\System32\imm32.dll
0x76D60000 \Windows\System32\shlwapi.dll
0x76B60000 \Windows\System32\iertutil.dll
0x769C0000 \Windows\System32\setupapi.dll
0x76940000 \Windows\System32\comdlg32.dll
0x76890000 \Windows\System32\rpcrt4.dll
0x77010000 \Windows\System32\normaliz.dll
0x75C40000 \Windows\System32\shell32.dll
0x75BB0000 \Windows\System32\clbcatq.dll
0x75B70000 \Windows\System32\ws2_32.dll
0x75AA0000 \Windows\System32\user32.dll
0x75960000 \Windows\System32\urlmon.dll
0x75800000 \Windows\System32\ole32.dll
0x75760000 \Windows\System32\usp10.dll
0x75730000 \Windows\System32\imagehlp.dll
0x75720000 \Windows\System32\psapi.dll
0x75620000 \Windows\System32\wininet.dll
0x755D0000 \Windows\System32\gdi32.dll
0x754F0000 \Windows\System32\kernel32.dll
0x754A0000 \Windows\System32\Wldap32.dll
0x753F0000 \Windows\System32\msvcrt.dll
0x75320000 \Windows\System32\msctf.dll
0x75290000 \Windows\System32\comctl32.dll
0x75260000 \Windows\System32\cfgmgr32.dll
0x75210000 \Windows\System32\KernelBase.dll
0x751F0000 \Windows\System32\devobj.dll
0x751C0000 \Windows\System32\wintrust.dll
0x750A0000 \Windows\System32\crypt32.dll
0x75090000 \Windows\System32\msasn1.dll
Processes (total 57):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
396 csrss.exe
464 C:\Windows\System32\wininit.exe
476 csrss.exe
512 C:\Windows\System32\services.exe
528 C:\Windows\System32\lsass.exe
536 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\svchost.exe
748 C:\Windows\System32\nvvsvc.exe
788 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
880 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\winlogon.exe
1384 C:\Windows\System32\spoolsv.exe
1424 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1516 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\nvvsvc.exe
1748 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1824 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
1856 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
1888 C:\Program Files\Hotspot Shield\bin\hsswd.exe
1972 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
240 C:\Windows\System32\conhost.exe
416 C:\Windows\System32\svchost.exe
932 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1456 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2336 C:\Windows\System32\svchost.exe
2508 C:\Windows\System32\svchost.exe
2628 C:\Windows\System32\taskhost.exe
2732 C:\Windows\System32\dwm.exe
2776 C:\Windows\explorer.exe
3156 C:\Program Files\Launch Manager\LManager.exe
3204 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3232 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3252 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3300 C:\Program Files\DAEMON Tools Lite\DTLite.exe
4024 C:\Windows\System32\SearchIndexer.exe
3004 C:\Program Files\Windows Media Player\wmpnetwk.exe
1636 C:\Windows\System32\svchost.exe
4264 dllhost.exe
4468 C:\Program Files\Hotspot Shield\bin\openvpntray.exe
4920 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
4948 C:\Windows\System32\svchost.exe
712 C:\Users\mike\Downloads\3yibmmgo.exe
1588 C:\Program Files\Mozilla Firefox\firefox.exe
3472 C:\Windows\System32\audiodg.exe
5808 C:\Windows\System32\SearchProtocolHost.exe
4904 C:\Windows\System32\SearchFilterHost.exe
2604 C:\Windows\explorer.exe
1648 C:\Users\mike\Downloads\MBRCheck.exe
2912 C:\Windows\System32\conhost.exe
3656 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`35100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`007e0000 (NTFS)
PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01
PhysicalDrive1 Model Number: WDC WD1600BEVE-00UYT0, Rev:
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
149 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
|
|
15.04.2011, 13:52
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Defragmenter: Daten verschwunden.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2011, 14:06
| #13 |
| | System Defragmenter: Daten verschwunden. ok, alles getan wie gesagt, was habe ich gerade überhaupt gelöscht? |
|
15.04.2011, 14:20
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System Defragmenter: Daten verschwunden. Dubiose Treiber/Dienste  Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu System Defragmenter: Daten verschwunden. |
| adobe, antivir, autorun, avg, avgntflt.sys, avira, bho, dateien verschwunden, daten verschwunden, defender, explorer, firefox, flash player, format, ftp, google, helper, home, hotspot, hotspot shield, install.exe, langs, launch, location, logfile, mozilla, nexus, nicht gefunden, nvlddmkm.sys, oldtimer, otl.exe, plug-in, rarsfx0, registry, rundll, saver, sched.exe, searchplugins, security, shell32.dll, software, start menu, studio, system, taskhost.exe, teamspeak, temp, trojan.agent.u, viren, webcheck |
Linear-Darstellung
