TR/Kazy.mekml.1

A22 · 18.04.2011, 13:46

Hello!

Ich brauche eure Hilfe!!

Antivir zeigt mir ständig, dass ein Trojaner gefunden wurde

"TR/Kazy.mekml.1".

Darauf folgen Meldungen, dass meine Festplatte beschädigt sei (Kritischer Fehler). Der PC fährt dann nach einer Zeit herunter.
Auf meine Dateien kann ich nicht zugreifen, der Hintergrundbildschirm ist schwarz.

OTL-Dateien poste ich gleich!

Ich bedanke mich sehr im Voraus!!

A22 · 18.04.2011, 14:05

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 4/18/2011 2:39:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 21.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.15 Gb Total Space | 50.70 Gb Free Space | 34.45% Space Free | Partition Type: NTFS
Drive D: | 135.84 Gb Total Space | 135.75 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
PRC - C:\Program Files\Giraffic\GirafficWatchdog.exe (Giraffic)
PRC - C:\Program Files\Giraffic\Giraffic.exe (Giraffic)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe ()
PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McAfee SiteAdvisor Service) --  File not found
SRV - (Giraffic) -- C:\Program Files\Giraffic\GirafficWatchdog.exe (Giraffic)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2653012
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: support@free-hideip.com:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {1469C7BC-C5B7-4E79-B3B0-FD76B0685D7F}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
FF - prefs.js..network.proxy.ftp: "128.10.19.53"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "128.10.19.53"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "128.10.19.53"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.socks: "128.10.19.53"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "128.10.19.53"
FF - prefs.js..network.proxy.ssl_port: 3127
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/11 10:14:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/11 10:14:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 08:11:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 16:39:03 | 000,000,000 | ---D | M]
 
[2010/06/20 00:03:58 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/04/18 12:31:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1wcky341.default\extensions
[2011/04/18 13:12:40 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1wcky341.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/18 13:12:39 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1wcky341.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/04/18 13:12:39 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1wcky341.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/04/18 13:12:40 | 000,000,000 | -H-D | M] (Free Hide IP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1wcky341.default\extensions\support@free-hideip.com
[2011/03/08 21:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/04/11 10:14:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/04/11 10:14:16 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/04/18 13:12:43 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\***\APPDATA\LOCAL\{1469C7BC-C5B7-4E79-B3B0-FD76B0685D7F}
[2010/12/09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/03/25 08:11:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/25 08:11:06 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/25 08:11:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/25 08:11:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/25 08:11:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/06/20 00:06:19 | 000,408,517 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 14124 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eraser]  File not found
O4 - HKLM..\Run: [fsn] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeNotifier.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Bhogiqivoqul] C:\Users\***\AppData\Local\igilukelikuf.dll (Creative Technology Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Jkutuluyet] C:\Users\***\AppData\Local\KBDa07.dll (FileZilla Project)
O4 - HKCU..\Run: [PFmPbJoHGuT] C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{99f81b3d-aa22-11df-b4c0-002454828e22}\Shell - "" = AutoRun
O33 - MountPoints2\{99f81b3d-aa22-11df-b4c0-002454828e22}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/18 11:59:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{1469C7BC-C5B7-4E79-B3B0-FD76B0685D7F}
[2011/04/18 11:57:41 | 000,569,344 | -H-- | C] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011/04/16 14:42:34 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Shwayze
[2011/04/14 20:21:29 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\kwrpla2d
[2011/04/14 06:11:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/13 23:46:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/04/13 23:46:00 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/04/13 23:45:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dnscacheugc.exe
[2011/04/13 23:45:58 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2011/04/13 23:45:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2011/04/13 23:45:48 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/04/13 23:45:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/04/13 23:45:48 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/04/13 23:45:48 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/04/13 23:45:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/04/13 23:45:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/04/13 23:45:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/04/13 23:45:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/04/13 23:45:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/04/13 23:45:47 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/04/13 23:45:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/04/13 23:45:33 | 002,331,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/04/13 23:45:32 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\FXSCOVER.exe
[2011/04/13 23:45:31 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/04/13 23:45:27 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2011/04/13 23:45:26 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2011/04/13 00:06:53 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\DDMSettings
[2011/04/11 22:33:23 | 001,583,826 | -H-- | C] (Macromedia, Inc.) -- C:\Users\***\Desktop\VIVA-RADIO.exe
[2011/04/05 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2011/04/04 00:36:01 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2011/04/04 00:35:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011/04/01 16:19:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Cisco
[2011/04/01 16:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011/04/01 16:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/04/01 16:18:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Cisco
[2011/03/26 10:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2010/06/22 10:35:23 | 000,138,304 | ---- | C] (Phoenix Technologies) -- C:\Program Files\Common Files\osdinst.dll
[2009/07/14 01:24:44 | 000,370,176 | -H-- | C] (Creative Technology Ltd.) -- C:\Users\***\AppData\Local\igilukelikuf.dll
[2009/07/14 01:24:44 | 000,097,280 | -H-- | C] (FileZilla Project) -- C:\Users\***\AppData\Local\KBDa07.dll
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/18 14:41:05 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 14:41:05 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/18 14:26:59 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 14:26:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/18 14:26:03 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/18 14:11:31 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/04/18 14:11:31 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/18 14:11:31 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/04/18 14:11:31 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/18 14:04:36 | 000,000,120 | -H-- | M] () -- C:\Users\***\AppData\Local\Ykixedokezezocoh.dat
[2011/04/18 14:00:05 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/18 12:35:10 | 000,099,282 | -H-- | M] () -- C:\Users\***\Desktop\bookmarks-2011-04-18.json
[2011/04/18 11:59:15 | 000,000,000 | -H-- | M] () -- C:\Users\***\AppData\Local\Dwarupehukuhoxaj.bin
[2011/04/18 11:57:41 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011/04/18 11:51:43 | 079,749,756 | -H-- | M] () -- C:\Users\***\Desktop\kcmotmteod2ei.rar
[2011/04/14 12:36:19 | 000,521,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/03/31 07:10:16 | 000,000,955 | -H-- | M] () -- C:\Users\***\Desktop\Winamp.lnk
[2011/03/26 21:23:22 | 000,719,968 | -H-- | M] () -- C:\Users\***\Documents\MY_DATA_032611_1.p2g
[2011/03/26 16:39:04 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/26 10:27:51 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/03/26 10:24:45 | 020,586,196 | -H-- | M] () -- C:\Users\***\Documents\vlc-1.1.8-win32.exe
[2011/03/21 18:12:59 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Program Files\Common Files\*.tmp files -> C:\Program Files\Common Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/18 12:35:04 | 000,099,282 | -H-- | C] () -- C:\Users\***\Desktop\bookmarks-2011-04-18.json
[2011/04/18 11:59:15 | 000,000,120 | -H-- | C] () -- C:\Users\***\AppData\Local\Ykixedokezezocoh.dat
[2011/04/18 11:59:15 | 000,000,000 | -H-- | C] () -- C:\Users\***\AppData\Local\Dwarupehukuhoxaj.bin
[2011/03/31 07:10:16 | 000,000,955 | -H-- | C] () -- C:\Users\***\Desktop\Winamp.lnk
[2011/03/26 20:53:36 | 000,719,968 | -H-- | C] () -- C:\Users\***\Documents\MY_DATA_032611_1.p2g
[2011/03/26 10:27:51 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/03/26 10:23:27 | 020,586,196 | -H-- | C] () -- C:\Users\***\Documents\vlc-1.1.8-win32.exe
[2010/12/11 22:54:50 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2010/12/03 01:44:31 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/08/23 00:27:53 | 000,056,943 | -H-- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010/08/15 17:43:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 20:58:46 | 000,001,024 | -H-- | C] () -- C:\windows\System32\grcauth2.dll
[2010/07/21 20:58:46 | 000,001,024 | -H-- | C] () -- C:\windows\System32\grcauth1.dll
[2010/07/21 20:58:46 | 000,000,100 | -H-- | C] () -- C:\windows\System32\prsgrc.dll
[2010/07/21 20:56:51 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll
[2010/07/21 20:56:51 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll
[2010/06/30 00:57:21 | 000,004,608 | -H-- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 11:54:43 | 000,284,160 | ---- | C] () -- C:\windows\unin0407.exe
[2010/06/22 10:35:23 | 001,097,038 | ---- | C] () -- C:\Program Files\Common Files\ptlosd.cab
[2010/06/22 10:35:14 | 000,076,800 | ---- | C] () -- C:\windows\System32\spekekit_bak.dll
[2010/06/20 11:52:53 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2010/06/20 11:52:53 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2010/06/20 11:52:53 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2010/06/20 11:52:53 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2010/06/20 11:52:53 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2010/06/20 11:52:53 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2010/06/20 11:52:53 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2010/06/20 11:52:53 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2010/06/20 11:52:53 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2010/06/20 11:52:53 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2010/06/20 11:52:52 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2010/06/20 11:52:52 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2010/06/20 11:52:52 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2010/06/20 11:52:52 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2010/06/20 11:52:52 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2010/06/20 11:52:52 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2010/06/20 11:52:52 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2010/06/20 11:52:52 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2010/06/20 11:52:52 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2010/06/20 11:50:34 | 000,000,025 | ---- | C] () -- C:\windows\CDE SX400DEFGIPS.ini
[2010/06/20 00:10:46 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2010/06/20 00:03:49 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/06/15 00:09:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/03/23 14:26:48 | 000,201,512 | ---- | C] () -- C:\windows\System32\vpnapi.dll
[2010/03/06 00:12:46 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/03/06 00:12:46 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/03/06 00:12:46 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/03/06 00:12:46 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/03/05 07:06:50 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/03/05 06:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/03/05 06:29:42 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 06:33:53 | 000,521,752 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2006/10/08 19:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini
 
========== LOP Check ==========
 
[2010/08/17 19:16:50 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011/04/18 11:39:32 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010/06/22 19:37:50 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2011/04/18 13:12:42 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter
[2011/04/18 13:12:42 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\FreeHideIP
[2011/04/18 13:12:42 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\GamesCafe
[2010/11/06 12:50:06 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Lingo4u
[2011/04/18 13:12:42 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011/04/18 13:12:39 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2010/09/29 22:24:09 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2010/07/27 13:00:10 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Sony
[2010/06/30 13:00:30 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\UDC Profiles
[2010/06/24 00:16:29 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2010/12/03 01:44:28 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Zylom
[2011/04/08 09:26:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:A26AC9FC

< End of report >

--- --- ---

[/PHP]

A22 · 18.04.2011, 14:25

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 4/18/2011 2:39:51 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 21.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.15 Gb Total Space | 50.70 Gb Free Space | 34.45% Space Free | Partition Type: NTFS
Drive D: | 135.84 Gb Total Space | 135.75 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05AB8EF0-F783-11DF-83AC-001279CD8240}" = Google Earth Plug-in
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{14F84065-1316-42C6-B619-1FE1880050E0}" = Xirrus Wi-Fi Inspector
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A546C16-7231-424C-907B-0BE17EA6F633}" = MAGIX Xtreme Grafik Designer 5 Download-Version
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PRO_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PRO_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PRO_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CDC4FC15-480C-49C1-85DA-1CFBBFC6CD08}" = DVBT
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6BF9670-C9E9-461A-9B14-B5ADAC3176CF}" = Cisco AnyConnect VPN Client
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CUEcards 2000" = CUEcards 2000
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"Free FLV Converter_is1" = Free FLV Converter V 6.7.7
"Giraffic" = Giraffic Video Accelerator
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{115C3431-11CA-4917-B498-4CA1FF2AD06D}" = DVBT Driver
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.27091
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Xtreme Foto & Grafik Designer 5 Download-Version D" = MAGIX Xtreme Foto & Grafik Designer 5 Download-Version 5.0.405.1305 (D)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PRO" = Microsoft Office Professional 2007
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Update Service" = Update Service
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.8
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

cosinus · 18.04.2011, 14:26

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

A22 · 18.04.2011, 14:52

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6389

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.04.2011 15:51:12
mbam-log-2011-04-18 (15-51-12).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 157888
Laufzeit: 14 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
c:\programdata\pfmpbjohgut.exe (Trojan.Agent) -> 4544 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\Users\***\AppData\Local\KBDa07.dll (Trojan.Hiloti) -> Delete on reboot.
c:\Users\***\AppData\Local\igilukelikuf.dll (Trojan.Agent.U) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jkutuluyet (Trojan.Hiloti) -> Value: Jkutuluyet -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PFmPbJoHGuT (Trojan.Agent) -> Value: PFmPbJoHGuT -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bhogiqivoqul (Trojan.Agent.U) -> Value: Bhogiqivoqul -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\KBDa07.dll (Trojan.Hiloti) -> Delete on reboot.
c:\programdata\pfmpbjohgut.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\33414920.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\mweasnxroc.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\err.log1175108 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\tmp66DD.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\Adobe\plugs\kb1176777.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\igilukelikuf.dll (Trojan.Agent.U) -> Delete on reboot.

cosinus · 18.04.2011, 14:54

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

A22 · 18.04.2011, 15:18

Vielen Dank für deine schnelle Antwort! =)

Antivir zeigt nun zumindest keine Meldung mehr von "TR/Kazy.mekml.1", nachdem ich die infizierten Dateien mit Quickscan gelöscht habe.
Der Desktophintergrund ist nach wie vor schwarz und Zugriff auf Dateien habe ich noch immer nicht.

Ich führe gerade den vollständigen Scan aus.

Neue Logdatei kommt gleich, falls der nicht wieder herunterfährt

A22 · 18.04.2011, 16:18

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6389

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.04.2011 17:16:57
mbam-log-2011-04-18 (17-16-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 294509
Laufzeit: 1 Stunde(n), 17 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jkutuluyet (Trojan.Agent.U) -> Value: Jkutuluyet -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bhogiqivoqul (Trojan.Agent.U) -> Value: Bhogiqivoqul -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 18.04.2011, 16:27

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
PRC - C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:A26AC9FC
[2010/08/23 00:27:53 | 000,056,943 | -H-- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010/06/15 00:09:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/04/18 14:04:36 | 000,000,120 | -H-- | M] () -- C:\Users\***\AppData\Local\Ykixedokezezocoh.dat
[2011/04/18 11:59:15 | 000,000,000 | -H-- | M] () -- C:\Users\***\AppData\Local\Dwarupehukuhoxaj.bin
[2011/04/18 11:57:41 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011/04/18 11:59:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\{1469C7BC-C5B7-4E79-B3B0-FD76B0685D7F}
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{99f81b3d-aa22-11df-b4c0-002454828e22}\Shell - "" = AutoRun
O33 - MountPoints2\{99f81b3d-aa22-11df-b4c0-002454828e22}\Shell\AutoRun\command - "" = G:\Autorun.exe
O4 - HKCU..\Run: [Jkutuluyet] C:\Users\***\AppData\Local\KBDa07.dll (FileZilla Project)
O4 - HKCU..\Run: [PFmPbJoHGuT] C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
O4 - HKCU..\Run: [Bhogiqivoqul] C:\Users\***\AppData\Local\igilukelikuf.dll (Creative Technology Ltd.)
FF - prefs.js..network.proxy.ftp: "128.10.19.53"
FF - prefs.js..network.proxy.ftp_port: 3127
FF - prefs.js..network.proxy.gopher: "128.10.19.53"
FF - prefs.js..network.proxy.gopher_port: 3127
FF - prefs.js..network.proxy.http: "128.10.19.53"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.socks: "128.10.19.53"
FF - prefs.js..network.proxy.socks_port: 3127
FF - prefs.js..network.proxy.ssl: "128.10.19.53"
FF - prefs.js..network.proxy.ssl_port: 3127
FF - prefs.js..network.proxy.type: 0
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (McAfee SiteAdvisor Service) --  File not found
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

A22 · 18.04.2011, 16:42

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99f81b3d-aa22-11df-b4c0-002454828e22}\ not found.
File G:\Autorun.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Jkutuluyet not found.
File C:\Users\***\AppData\Local\KBDa07.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PFmPbJoHGuT not found.
File C:\ProgramData\PFmPbJoHGuT.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Bhogiqivoqul not found.
File C:\Users\***\AppData\Local\igilukelikuf.dll not found.
Prefs.js: "128.10.19.53" removed from network.proxy.ftp
Prefs.js: 3127 removed from network.proxy.ftp_port
Prefs.js: "128.10.19.53" removed from network.proxy.gopher
Prefs.js: 3127 removed from network.proxy.gopher_port
Prefs.js: "128.10.19.53" removed from network.proxy.http
Prefs.js: 3127 removed from network.proxy.http_port
Prefs.js: "128.10.19.53" removed from network.proxy.socks
Prefs.js: 3127 removed from network.proxy.socks_port
Prefs.js: "128.10.19.53" removed from network.proxy.ssl
Prefs.js: 3127 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Error: Unable to stop service Rezip!
Service Rezip deleted successfully!
C:\Windows\System32\Rezip.exe moved successfully.
Service McAfee SiteAdvisor Service stopped successfully!
Service McAfee SiteAdvisor Service deleted successfully!
File File not found not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: ***
->Temp folder emptied: 616334296 bytes
->Temporary Internet Files folder emptied: 119243993 bytes
->Java cache emptied: 10036 bytes
->FireFox cache emptied: 72207600 bytes
->Flash cache emptied: 129653 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31042833 bytes
RecycleBin emptied: 40501012 bytes

Total Files Cleaned = 839.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04182011_173511

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 18.04.2011, 16:45

Zitat:

File C:\Users\***\AppData\Local\KBDa07.dll not found.

hast du die Sternchen VOR dem ausführen des Scripts in den richtigen Namen editiert?

A22 · 18.04.2011, 16:48

Ja habe ich!

Bildschirm kann ich wieder umstellen, Dateien sind wieder sichtbar.

Ist jetzt alles wieder sauber?

cosinus · 18.04.2011, 16:51

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

A22 · 18.04.2011, 17:25

2011/04/18 18:05:21.0950 4696 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 18:05:23.0978 4696 ================================================================================
2011/04/18 18:05:23.0978 4696 SystemInfo:
2011/04/18 18:05:23.0978 4696
2011/04/18 18:05:23.0978 4696 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/18 18:05:23.0978 4696 Product type: Workstation
2011/04/18 18:05:23.0978 4696 ComputerName: ***-PC
2011/04/18 18:05:23.0978 4696 UserName: ***
2011/04/18 18:05:23.0978 4696 Windows directory: C:\windows
2011/04/18 18:05:23.0978 4696 System windows directory: C:\windows
2011/04/18 18:05:23.0978 4696 Processor architecture: Intel x86
2011/04/18 18:05:23.0978 4696 Number of processors: 4
2011/04/18 18:05:23.0978 4696 Page size: 0x1000
2011/04/18 18:05:23.0978 4696 Boot type: Normal boot
2011/04/18 18:05:23.0978 4696 ================================================================================
2011/04/18 18:06:05.0754 4696 Initialize success
2011/04/18 18:06:28.0265 5144 ================================================================================
2011/04/18 18:06:28.0265 5144 Scan started
2011/04/18 18:06:28.0265 5144 Mode: Manual;
2011/04/18 18:06:28.0265 5144 ================================================================================
2011/04/18 18:06:39.0341 5144 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/04/18 18:06:41.0681 5144 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/04/18 18:06:43.0819 5144 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/04/18 18:06:46.0330 5144 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/04/18 18:06:49.0481 5144 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/04/18 18:06:52.0149 5144 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/04/18 18:06:54.0739 5144 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/04/18 18:06:56.0673 5144 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/04/18 18:06:59.0668 5144 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/04/18 18:07:02.0383 5144 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/04/18 18:07:04.0613 5144 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/04/18 18:07:07.0733 5144 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/04/18 18:07:10.0027 5144 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/04/18 18:07:12.0725 5144 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/04/18 18:07:15.0315 5144 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/04/18 18:07:17.0639 5144 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/04/18 18:07:19.0168 5144 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/04/18 18:07:22.0413 5144 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/04/18 18:07:25.0720 5144 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/04/18 18:07:26.0719 5144 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/04/18 18:07:28.0653 5144 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/04/18 18:07:30.0463 5144 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/04/18 18:07:34.0612 5144 athr (ee32c0a39b6d3d0834c4d46d8c45e1d0) C:\windows\system32\DRIVERS\athr.sys
2011/04/18 18:07:38.0715 5144 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys
2011/04/18 18:07:41.0445 5144 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\windows\system32\DRIVERS\avipbb.sys
2011/04/18 18:07:44.0924 5144 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/04/18 18:07:48.0668 5144 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/04/18 18:07:51.0585 5144 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/04/18 18:07:53.0816 5144 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/04/18 18:07:55.0282 5144 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/04/18 18:07:58.0028 5144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/04/18 18:07:59.0276 5144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/04/18 18:08:02.0006 5144 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/04/18 18:08:03.0113 5144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/04/18 18:08:06.0062 5144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/04/18 18:08:07.0247 5144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/04/18 18:08:09.0853 5144 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/04/18 18:08:10.0820 5144 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/04/18 18:08:11.0803 5144 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/04/18 18:08:14.0838 5144 BTHPORT (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/04/18 18:08:16.0850 5144 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/04/18 18:08:18.0800 5144 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/04/18 18:08:20.0734 5144 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/04/18 18:08:22.0310 5144 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/04/18 18:08:23.0184 5144 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/04/18 18:08:26.0759 5144 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/04/18 18:08:27.0445 5144 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/04/18 18:08:30.0643 5144 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/04/18 18:08:31.0002 5144 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/04/18 18:08:32.0905 5144 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/04/18 18:08:36.0041 5144 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/04/18 18:08:42.0421 5144 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys
2011/04/18 18:08:44.0402 5144 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\windows\system32\Drivers\CVPNDRVA.sys
2011/04/18 18:08:47.0304 5144 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/04/18 18:08:47.0719 5144 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/04/18 18:08:48.0331 5144 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/04/18 18:08:49.0844 5144 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\windows\system32\DRIVERS\dne2000.sys
2011/04/18 18:08:50.0062 5144 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/04/18 18:08:50.0484 5144 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/04/18 18:08:51.0438 5144 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/04/18 18:08:51.0953 5144 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/04/18 18:08:52.0546 5144 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/04/18 18:08:52.0655 5144 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/04/18 18:08:55.0712 5144 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/04/18 18:08:57.0038 5144 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/04/18 18:08:57.0070 5144 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/04/18 18:08:59.0020 5144 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/04/18 18:09:04.0152 5144 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/04/18 18:09:07.0430 5144 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/04/18 18:09:09.0684 5144 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/04/18 18:09:10.0745 5144 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
2011/04/18 18:09:13.0865 5144 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/04/18 18:09:15.0550 5144 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/04/18 18:09:15.0784 5144 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/04/18 18:09:15.0862 5144 ggflt (007aea2e06e7cef7372e40c277163959) C:\windows\system32\DRIVERS\ggflt.sys
2011/04/18 18:09:18.0982 5144 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\windows\system32\DRIVERS\ggsemc.sys
2011/04/18 18:09:19.0762 5144 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/04/18 18:09:22.0975 5144 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/04/18 18:09:23.0194 5144 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 18:09:25.0502 5144 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/04/18 18:09:27.0952 5144 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/04/18 18:09:30.0136 5144 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/04/18 18:09:30.0307 5144 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/04/18 18:09:30.0401 5144 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/04/18 18:09:30.0541 5144 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/04/18 18:09:30.0604 5144 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/04/18 18:09:30.0682 5144 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/04/18 18:09:32.0850 5144 iaStor (edf5ecc965faaa533d35e02f47b9132e) C:\windows\system32\DRIVERS\iaStor.sys
2011/04/18 18:09:34.0488 5144 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/04/18 18:09:42.0257 5144 igfx (ad626f6964f4d364d226c39e06872dd3) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/04/18 18:09:42.0849 5144 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/04/18 18:09:45.0502 5144 Impcd (4a31216a5e97d46ee06069d9e06428fa) C:\windows\system32\DRIVERS\Impcd.sys
2011/04/18 18:09:49.0843 5144 IntcAzAudAddService (96282fbce4534c9bf147cffe9e1fa8db) C:\windows\system32\drivers\RTKVHDA.sys
2011/04/18 18:09:51.0828 5144 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/04/18 18:09:54.0107 5144 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/04/18 18:09:55.0336 5144 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 18:09:57.0200 5144 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/04/18 18:09:58.0024 5144 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/04/18 18:10:00.0528 5144 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/04/18 18:10:01.0395 5144 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/04/18 18:10:03.0333 5144 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/04/18 18:10:05.0899 5144 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/04/18 18:10:07.0944 5144 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/04/18 18:10:10.0433 5144 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/04/18 18:10:15.0728 5144 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/04/18 18:10:26.0452 5144 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/04/18 18:10:28.0963 5144 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/04/18 18:10:31.0614 5144 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/04/18 18:10:36.0992 5144 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/04/18 18:10:41.0140 5144 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/04/18 18:10:44.0753 5144 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/04/18 18:10:50.0854 5144 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/04/18 18:10:54.0139 5144 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/04/18 18:10:58.0421 5144 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/04/18 18:11:01.0408 5144 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/04/18 18:11:05.0043 5144 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/04/18 18:11:07.0168 5144 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/04/18 18:11:09.0031 5144 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/04/18 18:11:10.0804 5144 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/04/18 18:11:12.0366 5144 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/04/18 18:11:15.0973 5144 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/04/18 18:11:20.0364 5144 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 18:11:24.0527 5144 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 18:11:27.0972 5144 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 18:11:31.0363 5144 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/04/18 18:11:34.0395 5144 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/04/18 18:11:37.0064 5144 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/04/18 18:11:39.0315 5144 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/04/18 18:11:42.0799 5144 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/04/18 18:11:45.0031 5144 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/04/18 18:11:47.0498 5144 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/04/18 18:11:50.0500 5144 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/04/18 18:11:52.0347 5144 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/04/18 18:11:56.0445 5144 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/04/18 18:11:58.0892 5144 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/04/18 18:12:00.0714 5144 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/04/18 18:12:02.0581 5144 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/04/18 18:12:07.0452 5144 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/04/18 18:12:12.0890 5144 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/04/18 18:12:21.0202 5144 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/04/18 18:12:28.0825 5144 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/04/18 18:12:31.0595 5144 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/04/18 18:12:33.0673 5144 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/04/18 18:12:35.0329 5144 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/04/18 18:12:37.0722 5144 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/04/18 18:12:39.0575 5144 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/04/18 18:12:41.0547 5144 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/04/18 18:12:43.0062 5144 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/04/18 18:12:45.0999 5144 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/04/18 18:12:50.0171 5144 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/04/18 18:12:58.0327 5144 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/04/18 18:13:02.0613 5144 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\windows\system32\drivers\nvhda32v.sys
2011/04/18 18:13:17.0252 5144 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/04/18 18:13:23.0066 5144 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/04/18 18:13:26.0506 5144 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/04/18 18:13:29.0574 5144 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/04/18 18:13:31.0389 5144 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/04/18 18:13:34.0867 5144 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/04/18 18:13:37.0062 5144 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/04/18 18:13:39.0963 5144 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/04/18 18:13:42.0275 5144 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/04/18 18:13:44.0378 5144 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/04/18 18:13:45.0945 5144 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/04/18 18:13:47.0928 5144 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/04/18 18:13:50.0593 5144 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/04/18 18:13:54.0396 5144 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/04/18 18:13:56.0261 5144 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/04/18 18:13:58.0175 5144 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/04/18 18:14:00.0815 5144 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/04/18 18:14:04.0519 5144 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/04/18 18:14:06.0603 5144 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/04/18 18:14:08.0468 5144 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/04/18 18:14:10.0940 5144 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/04/18 18:14:12.0758 5144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 18:14:15.0051 5144 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/04/18 18:14:18.0067 5144 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/04/18 18:14:21.0682 5144 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/04/18 18:14:24.0638 5144 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/04/18 18:14:26.0647 5144 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 18:14:28.0948 5144 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/04/18 18:14:31.0519 5144 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/04/18 18:14:34.0128 5144 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/04/18 18:14:37.0746 5144 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/04/18 18:14:39.0233 5144 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
2011/04/18 18:14:42.0035 5144 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/04/18 18:14:44.0786 5144 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/04/18 18:14:47.0884 5144 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\windows\system32\DRIVERS\s0017bus.sys
2011/04/18 18:14:51.0532 5144 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\windows\system32\DRIVERS\s0017mdfl.sys
2011/04/18 18:14:53.0535 5144 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\windows\system32\DRIVERS\s0017mdm.sys
2011/04/18 18:14:56.0422 5144 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\windows\system32\DRIVERS\s0017mgmt.sys
2011/04/18 18:14:58.0913 5144 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\windows\system32\DRIVERS\s0017nd5.sys
2011/04/18 18:15:01.0419 5144 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\windows\system32\DRIVERS\s0017obex.sys
2011/04/18 18:15:04.0615 5144 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\windows\system32\DRIVERS\s0017unic.sys
2011/04/18 18:15:07.0043 5144 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
2011/04/18 18:15:09.0065 5144 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/04/18 18:15:12.0478 5144 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/04/18 18:15:15.0889 5144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/04/18 18:15:20.0455 5144 seehcri (e5b56569a9f79b70314fede6c953641e) C:\windows\system32\DRIVERS\seehcri.sys
2011/04/18 18:15:23.0783 5144 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/04/18 18:15:26.0013 5144 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/04/18 18:15:29.0631 5144 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/04/18 18:15:33.0982 5144 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/04/18 18:15:38.0544 5144 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/04/18 18:15:40.0745 5144 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/04/18 18:15:43.0804 5144 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/04/18 18:15:49.0118 5144 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/04/18 18:15:52.0442 5144 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/04/18 18:15:56.0970 5144 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/04/18 18:16:02.0127 5144 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/04/18 18:16:03.0552 5144 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/04/18 18:16:09.0869 5144 sptd (cdddec541bc3c96f91ecb48759673505) C:\windows\system32\Drivers\sptd.sys
2011/04/18 18:16:09.0869 5144 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/18 18:16:10.0104 5144 sptd - detected Locked file (1)
2011/04/18 18:16:11.0857 5144 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys
2011/04/18 18:16:14.0513 5144 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys
2011/04/18 18:16:17.0096 5144 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys
2011/04/18 18:16:17.0693 5144 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
2011/04/18 18:16:20.0429 5144 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/04/18 18:16:24.0598 5144 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/04/18 18:16:28.0030 5144 SynTP (069e5728e565bd401347cb94732c4733) C:\windows\system32\DRIVERS\SynTP.sys
2011/04/18 18:16:31.0338 5144 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/04/18 18:16:36.0557 5144 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/04/18 18:16:38.0401 5144 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/04/18 18:16:42.0004 5144 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/04/18 18:16:45.0598 5144 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/04/18 18:16:58.0558 5144 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/04/18 18:16:59.0836 5144 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/04/18 18:17:01.0903 5144 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 18:17:04.0498 5144 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/04/18 18:17:05.0919 5144 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/04/18 18:17:09.0206 5144 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys
2011/04/18 18:17:11.0133 5144 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/04/18 18:17:14.0748 5144 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/04/18 18:17:17.0191 5144 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/04/18 18:17:18.0845 5144 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/04/18 18:17:21.0668 5144 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/04/18 18:17:23.0692 5144 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/04/18 18:17:25.0742 5144 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/04/18 18:17:27.0719 5144 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/04/18 18:17:30.0701 5144 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/04/18 18:17:35.0618 5144 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/04/18 18:17:37.0456 5144 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 18:17:39.0754 5144 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/04/18 18:17:41.0794 5144 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/04/18 18:17:43.0875 5144 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/04/18 18:17:46.0728 5144 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/04/18 18:17:49.0836 5144 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/04/18 18:17:52.0150 5144 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/04/18 18:17:54.0576 5144 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/04/18 18:17:56.0460 5144 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/04/18 18:17:58.0703 5144 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/04/18 18:18:00.0501 5144 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/04/18 18:18:02.0233 5144 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/04/18 18:18:04.0060 5144 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/04/18 18:18:05.0535 5144 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\windows\system32\DRIVERS\vpnva.sys
2011/04/18 18:18:07.0623 5144 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/04/18 18:18:09.0398 5144 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/04/18 18:18:11.0100 5144 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/04/18 18:18:12.0496 5144 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/04/18 18:18:13.0591 5144 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/04/18 18:18:14.0715 5144 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/18 18:18:15.0235 5144 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/18 18:18:17.0322 5144 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/04/18 18:18:19.0014 5144 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/04/18 18:18:23.0073 5144 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/04/18 18:18:24.0562 5144 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/04/18 18:18:27.0425 5144 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/04/18 18:18:28.0744 5144 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/04/18 18:18:30.0675 5144 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/04/18 18:18:31.0571 5144 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/04/18 18:18:33.0219 5144 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 18:18:35.0340 5144 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys
2011/04/18 18:19:06.0670 5144 ================================================================================
2011/04/18 18:19:06.0670 5144 Scan finished
2011/04/18 18:19:06.0670 5144 ================================================================================
2011/04/18 18:19:06.0695 5916 Detected object count: 1
2011/04/18 18:20:45.0625 5916 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/04/18 18:20:46.0888 5916 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/04/18 18:20:49.0003 5916 C:\windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/04/18 18:20:49.0003 5916 Locked file(sptd) - User select action: Delete

cosinus · 18.04.2011, 17:27

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

18.04.2011, 14:26	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Kazy.mekml.1 Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

TR/Kazy.mekml.1

Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

TR/Kazy.mekml.1

Ähnliche Themen: TR/Kazy.mekml.1

18.04.2011, 16:48	#12
A22	TR/Kazy.mekml.1 Ja habe ich! Bildschirm kann ich wieder umstellen, Dateien sind wieder sichtbar. Ist jetzt alles wieder sauber?