| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: tr/kazy.mekml.1 wirklich weg?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.04.2011, 17:03
| #1 |
| |  tr/kazy.mekml.1 wirklich weg? Hallo, erstmal großes Lob an das Forum, ist jetzt das zweite Mal, dass ich mir mit den Hinweisen hier selber in Sachen Trojaner helfen konnte. Blöderweise hab ich mir auch diesen tr/kazy.mekml.1 eingefangen. Malwarebytes hat 3 Dateien entfernt und unhide.exe hat meine versteckten Dateien wieder sichtbar gemacht. Hier mal das Malware log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6412 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 21.04.2011 17:11:06 mbam-log-2011-04-21 (17-11-06).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 172986 Laufzeit: 15 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 2660 -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Ich hab aber noch ein ungutes Gefühl. Zwar findet Malwarebytes nach einem kompletten Scan nichts mehr, aber bin ich den Trojaner jetzt wirklich los? Überlege schon, ob komplette Neuinstallation des Systems besser wäre... Danke schon mal! |
|
21.04.2011, 19:28
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | tr/kazy.mekml.1 wirklich weg? Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
21.04.2011, 22:07
| #3 |
| | tr/kazy.mekml.1 wirklich weg? Ok, hier der Malware-Log nach dem Komplettscan (ältere logs gibts nicht):
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6414
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
21.04.2011 22:58:38
mbam-log-2011-04-21 (22-58-38).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 467239
Laufzeit: 2 Stunde(n), 5 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
21.04.2011, 22:22
| #4 |
| | tr/kazy.mekml.1 wirklich weg? Und OTL:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 23:09:20 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Hauke\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 192,73 Gb Free Space | 68,01% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 5,21 Gb Free Space | 35,54% Space Free | Partition Type: NTFS
Computer Name: HAUKE-PC | User Name: Hauke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A311581-712D-40C1-A4F2-32FE693E9A6A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7A3BAD9F-D07D-4F2A-A780-7D306C5DDFDB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A35FCB91-0AEA-454A-BE4E-8FF03E25862F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31122836-372E-4CC5-9D9C-3F6D4BAC7929}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3700E1D0-74F6-4390-A936-E2D4E7C16434}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{4E2F1756-682A-4E0F-BBC7-56F5CCA9463C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5322D995-A0DC-468F-B778-6DE85ACEEAA1}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{5348518E-EA1C-4280-BE55-899E9541BC24}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{58F8EB1E-19F5-4F20-B2B8-F463B8D50BA1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5C711B42-89C9-447F-BBD0-FD691CD4BEA0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5CBECF5D-3CA4-4564-99F0-2D2815D67E35}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{81D47F6D-5F48-473A-AB9D-9F5B343E0F65}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{98EDE754-B284-43E6-A592-9F46D6657878}" = dir=in | app=c:\programme (x86)\skype\phone\skype.exe |
"{A16D907F-2E11-4F43-9A26-3E032906186F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{A8677778-7117-4CB6-B551-087629EE825E}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{C3146BB5-8DE7-4483-9844-760599D3BC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C855B5F9-DAB6-41D1-9109-AAF2E68D4BAD}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{D52E6528-D4C4-4FEB-AADB-03179234AD2A}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{D7FF5C5F-D306-4CFA-BA4B-9CBD438DBE88}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F9CD7967-39FE-4494-AA6A-AC0517746796}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{11C39C10-BA29-42BD-B9B4-62F5A12135CC}C:\programme (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\programme (x86)\mozilla firefox\firefox.exe |
"TCP Query User{88D4895E-D8A5-4777-B583-89041E9DFE44}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{8F01FD57-A183-4610-940F-D5BA6000E855}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{F9E34EDE-25EE-4F57-B149-F86FBA01B555}C:\programme (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\programme (x86)\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Windows-Treiberpaket - Nokia Modem (02/24/2009 4.0)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Windows-Treiberpaket - Nokia Modem (02/23/2009 7.01.0.2)
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1f77d410-e11e-4ae7-a00f-873b46e592d5}" = Nero 9 Lite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{401E5DAC-CE0A-4646-9AE3-652B7A19C70E}" = EViews 5
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"GSview 4.9" = GSview 4.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2009b" = MATLAB R2009b
"MiKTeX 2.8" = MiKTeX 2.8
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"MSC" = McAfee SecurityCenter
"myphotobook" = myphotobook 3.65
"Nokia PC Suite" = Nokia PC Suite
"PDF Blender" = PDF Blender
"PunkBusterSvc" = PunkBuster Services
"R for Windows 2.10.1_is1" = R for Windows 2.10.1
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.01.2011 12:10:45 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
Error - 31.01.2011 17:03:52 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.02.2011 11:17:52 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.02.2011 13:55:30 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.02.2011 03:42:23 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.02.2011 14:07:53 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.02.2011 04:12:15 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.02.2011 13:10:35 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.02.2011 16:19:53 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2011 05:13:32 | Computer Name = Hauke-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 11.10.2010 11:09:48 | Computer Name = Hauke-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3983
seconds with 1680 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21.04.2011 11:13:36 | Computer Name = Hauke-PC | Source = DCOM | ID = 10005
Description =
Error - 21.04.2011 11:14:15 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.04.2011 11:14:15 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.04.2011 11:14:15 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 21.04.2011 11:14:15 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 21.04.2011 11:14:15 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.04.2011 11:15:37 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 21.04.2011 16:12:28 | Computer Name = Hauke-PC | Source = DCOM | ID = 10005
Description =
Error - 21.04.2011 16:12:29 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 21.04.2011 16:12:29 | Computer Name = Hauke-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.04.2011 23:09:20 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Hauke\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 192,73 Gb Free Space | 68,01% Space Free | Partition Type: NTFS Drive E: | 14,65 Gb Total Space | 5,21 Gb Free Space | 35,54% Space Free | Partition Type: NTFS Computer Name: HAUKE-PC | User Name: Hauke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hauke\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks) PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\brss01a.exe (brother Industries Ltd) PRC - C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\Hauke\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe () SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe () SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE () SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Brother XP spl Service) -- C:\Windows\SysWOW64\brsvc01a.exe (brother Industries Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys () DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys () DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys () DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys () DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys () DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys () DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys () DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS () DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys () DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys () DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys () DRV:64bit: - (OA009Vid) -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys () DRV:64bit: - (OA009Ufd) -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys () DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys () DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys () DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys () DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys () DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys () DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys () DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys () DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys () DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys () DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys () DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys () DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys () DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys () DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wolfram|Alpha" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.03.09 19:22:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Programme (x86)\Mozilla Firefox\components [2011.03.22 21:33:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Programme (x86)\Mozilla Firefox\plugins [2011.04.21 22:15:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010.01.06 14:05:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.01.22 15:40:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2009.12.11 20:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Extensions [2009.12.11 20:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.15 15:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\au4d7nqc.default\extensions [2010.10.14 12:17:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\au4d7nqc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.15 23:09:47 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\au4d7nqc.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010.02.09 21:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Sunbird\Profiles\j4taif5b.default\extensions [2010.08.07 15:53:28 | 000,002,275 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\Firefox\Profiles\au4d7nqc.default\searchplugins\wolframalpha.xml File not found (No name found) -- [2010.10.18 12:55:22 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\HAUKE\APPDATA\ROAMING\5006 O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll () O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe () O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe () O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe () O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKCU..\Run: [dplaaint] File not found O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [Resgui] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll () O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img29.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img29.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 23:07:54 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Hauke\Desktop\OTL.exe [2011.04.21 22:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.04.21 22:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.04.21 22:12:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.16 10:44:26 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.04.16 10:44:17 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011.04.16 10:44:17 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011.04.16 10:44:06 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011.04.16 10:44:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011.04.16 10:43:57 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.04.16 10:43:55 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.04.16 10:43:51 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2011.04.16 10:43:50 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.04.16 10:43:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.04.16 10:43:49 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2011.04.16 10:43:49 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.04.16 10:43:49 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll [2011.04.16 10:43:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Hauke\AppData\Roaming\*.tmp files -> C:\Users\Hauke\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 23:12:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 23:12:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 23:07:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Hauke\Desktop\OTL.exe [2011.04.21 22:15:42 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.04.21 18:16:34 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{365E1431-7F5C-48B8-8ABD-04F685CC2C81}.job [2011.04.21 17:38:16 | 000,002,719 | ---- | M] () -- C:\Users\Hauke\Desktop\Microsoft Office Outlook 2007.lnk [2011.04.21 17:15:03 | 000,026,033 | ---- | M] () -- C:\Windows\SysNative\Config.MPF [2011.04.21 17:12:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 17:12:14 | 4253,405,184 | -HS- | M] () -- C:\hiberfil.sys [2011.04.18 21:47:51 | 001,477,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.18 21:47:51 | 000,640,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.18 21:47:51 | 000,607,226 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.18 21:47:51 | 000,130,854 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.18 21:47:51 | 000,108,304 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.17 17:29:57 | 000,388,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.09 10:29:04 | 000,006,080 | ---- | M] () -- C:\Users\Hauke\AppData\Local\d3d9caps.dat [2011.04.07 22:38:44 | 000,053,760 | ---- | M] () -- C:\Users\Hauke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.04 19:45:31 | 000,636,324 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\NMM-MetaData.db [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Hauke\AppData\Roaming\*.tmp files -> C:\Users\Hauke\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 22:13:30 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2011.04.21 22:13:30 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.04.16 10:44:40 | 000,461,312 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys [2011.04.16 10:44:40 | 000,176,128 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys [2011.04.16 10:44:40 | 000,144,896 | ---- | C] () -- C:\Windows\SysNative\drivers\srvnet.sys [2011.04.16 10:44:31 | 001,075,600 | ---- | C] () -- C:\Windows\SysNative\winload.efi [2011.04.16 10:44:31 | 001,062,800 | ---- | C] () -- C:\Windows\SysNative\winload.exe [2011.04.16 10:44:31 | 000,990,096 | ---- | C] () -- C:\Windows\SysNative\winresume.efi [2011.04.16 10:44:31 | 000,979,344 | ---- | C] () -- C:\Windows\SysNative\winresume.exe [2011.04.16 10:44:30 | 000,020,880 | ---- | C] () -- C:\Windows\SysNative\kdusb.dll [2011.04.16 10:44:30 | 000,018,832 | ---- | C] () -- C:\Windows\SysNative\kd1394.dll [2011.04.16 10:44:30 | 000,018,320 | ---- | C] () -- C:\Windows\SysNative\kdcom.dll [2011.04.16 10:44:27 | 000,753,152 | ---- | C] () -- C:\Windows\SysNative\jscript.dll [2011.04.16 10:44:27 | 000,603,648 | ---- | C] () -- C:\Windows\SysNative\vbscript.dll [2011.04.16 10:44:24 | 000,273,920 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb10.sys [2011.04.16 10:44:24 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb.sys [2011.04.16 10:44:24 | 000,105,472 | ---- | C] () -- C:\Windows\SysNative\drivers\mrxsmb20.sys [2011.04.16 10:44:24 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\drivers\bowser.sys [2011.04.16 10:44:21 | 000,975,872 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll [2011.04.16 10:44:18 | 001,360,384 | ---- | C] () -- C:\Windows\SysNative\mfc42u.dll [2011.04.16 10:44:17 | 001,398,784 | ---- | C] () -- C:\Windows\SysNative\mfc42.dll [2011.04.16 10:44:15 | 002,760,704 | ---- | C] () -- C:\Windows\SysNative\win32k.sys [2011.04.16 10:44:06 | 000,367,616 | ---- | C] () -- C:\Windows\SysNative\atmfd.dll [2011.04.16 10:44:05 | 000,048,128 | ---- | C] () -- C:\Windows\SysNative\atmlib.dll [2011.04.16 10:44:00 | 005,697,536 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll [2011.04.16 10:43:57 | 001,426,944 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll [2011.04.16 10:43:56 | 000,758,784 | ---- | C] () -- C:\Windows\SysNative\mshtmled.dll [2011.04.16 10:43:53 | 007,015,424 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll [2011.04.16 10:43:53 | 001,032,704 | ---- | C] () -- C:\Windows\SysNative\wininet.dll [2011.04.16 10:43:52 | 001,129,984 | ---- | C] () -- C:\Windows\SysNative\mstime.dll [2011.04.16 10:43:52 | 000,485,376 | ---- | C] () -- C:\Windows\SysNative\html.iec [2011.04.16 10:43:52 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\ieaksie.dll [2011.04.16 10:43:51 | 000,590,848 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll [2011.04.16 10:43:51 | 000,480,256 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll [2011.04.16 10:43:51 | 000,249,856 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll [2011.04.16 10:43:50 | 000,375,296 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll [2011.04.16 10:43:50 | 000,208,896 | ---- | C] () -- C:\Windows\SysNative\occache.dll [2011.04.16 10:43:49 | 000,086,528 | ---- | C] () -- C:\Windows\SysNative\ieencode.dll [2011.04.16 10:43:49 | 000,032,256 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll [2011.04.16 10:43:48 | 001,383,424 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb [2011.04.16 10:43:47 | 000,422,400 | ---- | C] () -- C:\Windows\SysNative\ieapfltr.dll [2011.04.16 10:43:43 | 000,221,184 | ---- | C] () -- C:\Windows\SysNative\dnsapi.dll [2011.04.16 10:43:43 | 000,117,760 | ---- | C] () -- C:\Windows\SysNative\dnsrslvr.dll [2011.04.16 10:43:43 | 000,028,672 | ---- | C] () -- C:\Windows\SysNative\dnscacheugc.exe [2010.10.30 15:26:02 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll [2010.10.30 15:26:02 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll [2010.10.18 14:23:50 | 000,000,347 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\urhtps.dat [2010.09.22 20:58:30 | 000,214,720 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.09.22 20:58:23 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.09.22 20:58:22 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.08.31 15:57:47 | 000,000,047 | R--- | C] () -- C:\Windows\ghdc.dat [2010.03.09 19:56:48 | 000,636,324 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\NMM-MetaData.db [2010.03.06 20:43:49 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.03.04 16:53:32 | 000,000,744 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\filterclsid.dat [2010.03.02 21:57:08 | 001,457,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.03.02 21:55:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.03.02 21:42:42 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.01.12 20:11:31 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini [2010.01.12 20:11:30 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.01.12 20:11:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.01.12 20:05:05 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll [2010.01.12 19:56:23 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini [2009.12.11 13:43:34 | 000,131,072 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\DataSafeDotNet.exe [2009.12.02 12:51:15 | 000,006,080 | ---- | C] () -- C:\Users\Hauke\AppData\Local\d3d9caps.dat [2009.09.15 20:24:09 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.13 18:42:46 | 000,053,760 | ---- | C] () -- C:\Users\Hauke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.27 05:43:54 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.08.27 05:43:52 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.08.27 05:43:52 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.08.27 05:43:52 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.08.27 04:08:59 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin [2009.04.30 12:52:55 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.04.30 12:52:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin < End of report > |
|
21.04.2011, 22:34
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tr/kazy.mekml.1 wirklich weg? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.04.2011, 05:44
| #6 |
| | tr/kazy.mekml.1 wirklich weg? Hi, ich poste mal alle logs in chronologischer Reihenfolge: Ältere logs sind glaub ich durch CCleaner gelöscht worden. Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6412
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
21.04.2011 17:11:06
mbam-log-2011-04-21 (17-11-06).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172986
Laufzeit: 15 Minute(n), 13 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 2660 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6412
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
21.04.2011 18:26:10
mbam-log-2011-04-21 (18-26-10).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172815
Laufzeit: 5 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6414
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
21.04.2011 20:32:59
mbam-log-2011-04-21 (20-32-59).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 172996
Laufzeit: 4 Minute(n), 39 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6414
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
21.04.2011 20:45:07
mbam-log-2011-04-21 (20-45-07).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 7912
Laufzeit: 6 Minute(n), 9 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Users\Hauke\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\PFW3N86G\contacts[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6414
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
21.04.2011 22:58:38
mbam-log-2011-04-21 (22-58-38).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 467239
Laufzeit: 2 Stunde(n), 5 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und schützen AntiVir und Malwarebytes ausreichend vor solchen Trojanern in Zukunft? |
|
22.04.2011, 12:19
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tr/kazy.mekml.1 wirklich weg? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O4 - HKCU..\Run: [dplaaint] File not found
O4 - HKCU..\Run: [Resgui] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2011, 12:41
| #8 |
| | tr/kazy.mekml.1 wirklich weg? hab ich gemacht. Rechner wurde neu gestartet und dann kam dieses log file: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File E:\AUTORUN.INF not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dplaaint not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Resgui not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Hauke
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 888247 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7055581 bytes
->Flash cache emptied: 0 bytes
User: Public
User: TEMP
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4096 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 608764048 bytes
Total Files Cleaned = 588,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04222011_133459
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
File\Folder C:\Windows\temp\mcafee_aV8b2hH3EN62uxJ not found!
File\Folder C:\Windows\temp\mcafee_jzgYWwUJ03GsGCc not found!
File\Folder C:\Windows\temp\mcafee_lXjITglK4NCYnpr not found!
File\Folder C:\Windows\temp\mcmsc_diK8svJPGF1dIc1 not found!
File\Folder C:\Windows\temp\mcmsc_IIjR8hHH1d928OA not found!
File\Folder C:\Windows\temp\mcmsc_lcbessBH7DFKzTd not found!
File\Folder C:\Windows\temp\mcmsc_wAsQK9NP12JX4kw not found!
File\Folder C:\Windows\temp\sqlite_1JP4WjdH05dWGkx not found!
File\Folder C:\Windows\temp\sqlite_1vIidSBnUd5FTO4 not found!
File\Folder C:\Windows\temp\sqlite_cQ06762HN53bt59 not found!
File\Folder C:\Windows\temp\sqlite_rvEtnoLD6IdDUQk not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y6TJNE1R\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPGBSSSX\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0E41BM7\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2FMFHHJ3\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
22.04.2011, 13:33
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tr/kazy.mekml.1 wirklich weg? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.04.2011, 15:03
| #10 |
| | tr/kazy.mekml.1 wirklich weg? unhide.exe hatte ich schon ausgeführt, danach waren alle icons etc. wieder aufgetaucht. Hier das geforderte log: Code:
ATTFilter 2011/04/22 15:59:22.0914 4688 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/22 15:59:24.0172 4688 ================================================================================
2011/04/22 15:59:24.0172 4688 SystemInfo:
2011/04/22 15:59:24.0172 4688
2011/04/22 15:59:24.0172 4688 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/22 15:59:24.0172 4688 Product type: Workstation
2011/04/22 15:59:24.0172 4688 ComputerName: HAUKE-PC
2011/04/22 15:59:24.0173 4688 UserName: Hauke
2011/04/22 15:59:24.0174 4688 Windows directory: C:\Windows
2011/04/22 15:59:24.0174 4688 System windows directory: C:\Windows
2011/04/22 15:59:24.0174 4688 Running under WOW64
2011/04/22 15:59:24.0174 4688 Processor architecture: Intel x64
2011/04/22 15:59:24.0174 4688 Number of processors: 2
2011/04/22 15:59:24.0174 4688 Page size: 0x1000
2011/04/22 15:59:24.0174 4688 Boot type: Normal boot
2011/04/22 15:59:24.0174 4688 ================================================================================
2011/04/22 15:59:24.0746 4688 Initialize success
2011/04/22 15:59:27.0202 5232 ================================================================================
2011/04/22 15:59:27.0202 5232 Scan started
2011/04/22 15:59:27.0203 5232 Mode: Manual;
2011/04/22 15:59:27.0203 5232 ================================================================================
2011/04/22 15:59:28.0101 5232 ACPI (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
2011/04/22 15:59:28.0187 5232 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/04/22 15:59:28.0453 5232 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/04/22 15:59:28.0552 5232 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/04/22 15:59:28.0652 5232 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/04/22 15:59:28.0888 5232 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2011/04/22 15:59:29.0040 5232 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/04/22 15:59:29.0211 5232 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/04/22 15:59:29.0383 5232 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/04/22 15:59:29.0517 5232 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/04/22 15:59:29.0636 5232 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/04/22 15:59:29.0829 5232 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/04/22 15:59:29.0965 5232 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/04/22 15:59:30.0144 5232 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/04/22 15:59:30.0253 5232 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/22 15:59:30.0463 5232 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
2011/04/22 15:59:30.0693 5232 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/22 15:59:30.0866 5232 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
2011/04/22 15:59:31.0143 5232 BCM43XX (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/04/22 15:59:31.0291 5232 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/04/22 15:59:31.0796 5232 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/22 15:59:31.0936 5232 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/22 15:59:32.0122 5232 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/04/22 15:59:32.0312 5232 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/04/22 15:59:32.0461 5232 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/04/22 15:59:32.0536 5232 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/22 15:59:32.0689 5232 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/04/22 15:59:32.0825 5232 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/04/22 15:59:33.0011 5232 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/22 15:59:33.0129 5232 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/22 15:59:33.0288 5232 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/04/22 15:59:33.0422 5232 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
2011/04/22 15:59:33.0661 5232 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/22 15:59:33.0759 5232 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/04/22 15:59:33.0845 5232 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/22 15:59:33.0988 5232 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/22 15:59:34.0124 5232 CtClsFlt (fc1f55ba03832fbb0daf965f746c47bb) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/04/22 15:59:34.0303 5232 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2011/04/22 15:59:34.0541 5232 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/04/22 15:59:34.0931 5232 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
2011/04/22 15:59:35.0214 5232 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/22 15:59:35.0361 5232 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/04/22 15:59:35.0521 5232 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/04/22 15:59:35.0702 5232 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/04/22 15:59:35.0856 5232 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/04/22 15:59:36.0050 5232 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
2011/04/22 15:59:36.0155 5232 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/04/22 15:59:36.0248 5232 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/04/22 15:59:36.0331 5232 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/22 15:59:36.0520 5232 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/04/22 15:59:36.0598 5232 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/04/22 15:59:36.0678 5232 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/22 15:59:36.0765 5232 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/04/22 15:59:36.0974 5232 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/22 15:59:37.0340 5232 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/22 15:59:37.0531 5232 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/22 15:59:37.0605 5232 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/04/22 15:59:37.0697 5232 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/04/22 15:59:37.0852 5232 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/22 15:59:37.0952 5232 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/04/22 15:59:38.0063 5232 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
2011/04/22 15:59:38.0297 5232 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/04/22 15:59:38.0436 5232 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/22 15:59:38.0659 5232 iaStor (0b6c9c8f2e00e8b61c8379e62a9f921b) C:\Windows\system32\drivers\iastor.sys
2011/04/22 15:59:38.0756 5232 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/04/22 15:59:39.0341 5232 igfx (f7ab8285bbecfaa5ed4050ccb89e073d) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/04/22 15:59:39.0937 5232 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/04/22 15:59:40.0128 5232 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/04/22 15:59:40.0273 5232 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/22 15:59:40.0329 5232 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/22 15:59:40.0559 5232 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/22 15:59:40.0669 5232 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/22 15:59:40.0778 5232 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/04/22 15:59:40.0941 5232 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/04/22 15:59:41.0057 5232 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/22 15:59:41.0165 5232 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/04/22 15:59:41.0309 5232 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/04/22 15:59:41.0413 5232 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/22 15:59:41.0539 5232 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/22 15:59:41.0885 5232 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/22 15:59:42.0109 5232 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/04/22 15:59:42.0223 5232 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/22 15:59:42.0353 5232 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/22 15:59:42.0430 5232 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/22 15:59:42.0610 5232 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/22 15:59:42.0735 5232 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/04/22 15:59:43.0010 5232 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/04/22 15:59:43.0117 5232 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/04/22 15:59:43.0254 5232 mfeavfk (088620da20b98578bfc4b97043f24042) C:\Windows\system32\drivers\mfeavfk.sys
2011/04/22 15:59:43.0436 5232 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
2011/04/22 15:59:43.0544 5232 mfehidk (239e677e3e9047550c18b30c26c3ba3e) C:\Windows\system32\drivers\mfehidk.sys
2011/04/22 15:59:43.0724 5232 mferkdk (bb6bdc9029ca71d652eadc40ff78f7cb) C:\Windows\system32\drivers\mferkdk.sys
2011/04/22 15:59:43.0823 5232 mfesmfk (1f56e31db436287581cbe9a5c4c70e0e) C:\Windows\system32\drivers\mfesmfk.sys
2011/04/22 15:59:43.0951 5232 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/04/22 15:59:44.0179 5232 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/22 15:59:44.0346 5232 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/22 15:59:44.0436 5232 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/22 15:59:44.0614 5232 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/22 15:59:44.0726 5232 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
2011/04/22 15:59:44.0826 5232 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/04/22 15:59:45.0003 5232 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/22 15:59:45.0108 5232 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/22 15:59:45.0306 5232 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/04/22 15:59:45.0439 5232 mrxsmb (d2fc7c6c263a759c3f0ccf5c26831b50) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/22 15:59:45.0544 5232 mrxsmb10 (b48b14105724e7f3925d89cbaa8fc7a5) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/22 15:59:45.0692 5232 mrxsmb20 (effa581e7c5afba1163aafbfa09db475) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/22 15:59:45.0812 5232 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2011/04/22 15:59:45.0893 5232 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/04/22 15:59:46.0117 5232 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/04/22 15:59:46.0229 5232 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/04/22 15:59:46.0415 5232 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/22 15:59:46.0673 5232 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/22 15:59:46.0729 5232 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/04/22 15:59:46.0813 5232 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/04/22 15:59:46.0918 5232 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/22 15:59:47.0073 5232 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/04/22 15:59:47.0158 5232 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/04/22 15:59:47.0290 5232 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/22 15:59:47.0494 5232 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
2011/04/22 15:59:47.0608 5232 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/22 15:59:47.0702 5232 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/22 15:59:47.0786 5232 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/22 15:59:47.0939 5232 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/04/22 15:59:48.0034 5232 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/22 15:59:48.0123 5232 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/22 15:59:48.0348 5232 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/04/22 15:59:48.0481 5232 nmwcdcx64 (02c1198276c0d4f39e54eb5148af1e2a) C:\Windows\system32\drivers\ccdcmbox64.sys
2011/04/22 15:59:48.0717 5232 nmwcdx64 (d8f00fcc82451bdaa3db93bb62ae6ac3) C:\Windows\system32\drivers\ccdcmbx64.sys
2011/04/22 15:59:48.0902 5232 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/04/22 15:59:48.0972 5232 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/22 15:59:49.0096 5232 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/04/22 15:59:49.0315 5232 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/04/22 15:59:49.0419 5232 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/04/22 15:59:49.0525 5232 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/04/22 15:59:49.0741 5232 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/04/22 15:59:49.0892 5232 OA009Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA009Ufd.sys
2011/04/22 15:59:49.0962 5232 OA009Vid (d460884eb05b90d06b35a1dbc31928df) C:\Windows\system32\DRIVERS\OA009Vid.sys
2011/04/22 15:59:50.0237 5232 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/04/22 15:59:50.0366 5232 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/04/22 15:59:50.0427 5232 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/04/22 15:59:50.0562 5232 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/04/22 15:59:50.0659 5232 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/04/22 15:59:50.0955 5232 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/04/22 15:59:51.0052 5232 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/04/22 15:59:51.0272 5232 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/04/22 15:59:51.0588 5232 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/22 15:59:51.0682 5232 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/04/22 15:59:51.0790 5232 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/22 15:59:51.0995 5232 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/04/22 15:59:52.0202 5232 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/04/22 15:59:52.0443 5232 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/04/22 15:59:52.0557 5232 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/22 15:59:52.0788 5232 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/22 15:59:53.0080 5232 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/22 15:59:53.0371 5232 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/22 15:59:53.0501 5232 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/22 15:59:53.0591 5232 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/22 15:59:53.0783 5232 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/22 15:59:53.0872 5232 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/22 15:59:53.0966 5232 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/04/22 15:59:54.0039 5232 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/22 15:59:54.0133 5232 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/04/22 15:59:54.0360 5232 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/22 15:59:54.0558 5232 RTSTOR (39e74e264338934dbf11f8db79a3e116) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/04/22 15:59:54.0739 5232 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/22 15:59:54.0884 5232 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/22 15:59:54.0981 5232 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/04/22 15:59:55.0175 5232 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/04/22 15:59:55.0272 5232 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/04/22 15:59:55.0585 5232 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/04/22 15:59:55.0670 5232 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/22 15:59:55.0751 5232 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/22 15:59:55.0826 5232 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/04/22 15:59:56.0049 5232 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/04/22 15:59:56.0159 5232 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/04/22 15:59:56.0267 5232 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/04/22 15:59:56.0386 5232 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/04/22 15:59:56.0602 5232 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
2011/04/22 15:59:56.0750 5232 srv2 (72e529d52f87341918b90635d3a01517) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/22 15:59:56.0904 5232 srvnet (1ee5fd978582764f0f280cf44efe3e9a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/22 15:59:56.0996 5232 sscdbus (b165001ba2cb1e56c70084ceec53d7ab) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/04/22 15:59:57.0116 5232 sscdmdfl (f431653836c02870f93254bf5c9ca23e) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/04/22 15:59:57.0330 5232 sscdmdm (b57f56218759d08ca3bce765a18d398b) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/04/22 15:59:57.0616 5232 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/04/22 15:59:57.0838 5232 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/22 15:59:57.0937 5232 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/04/22 15:59:58.0029 5232 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/04/22 15:59:58.0115 5232 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/04/22 15:59:58.0353 5232 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
2011/04/22 15:59:58.0609 5232 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/22 15:59:58.0773 5232 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/22 15:59:58.0872 5232 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/04/22 15:59:58.0956 5232 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/04/22 15:59:59.0047 5232 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/22 15:59:59.0214 5232 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/22 15:59:59.0351 5232 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/22 15:59:59.0471 5232 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/22 15:59:59.0616 5232 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/22 15:59:59.0731 5232 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/04/22 15:59:59.0890 5232 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/22 16:00:00.0054 5232 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/22 16:00:00.0184 5232 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/04/22 16:00:00.0369 5232 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/04/22 16:00:00.0492 5232 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/04/22 16:00:00.0616 5232 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/22 16:00:00.0776 5232 upperdev (9856c38ab8faacca4dd99dac7b42f838) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
2011/04/22 16:00:00.0944 5232 usbccgp (a587d8c773bab0567bbaf36df6d6f2f1) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/22 16:00:01.0055 5232 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/04/22 16:00:01.0218 5232 usbehci (2890153576c9e190dc8d9b49314d08cd) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/22 16:00:01.0305 5232 usbhub (a2b05905445fc5bf90faf6cf11143798) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/22 16:00:01.0425 5232 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/04/22 16:00:01.0533 5232 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/22 16:00:01.0695 5232 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/22 16:00:01.0836 5232 usbser (5a8d98330f21e69d19459ed65847111d) C:\Windows\system32\drivers\usbser.sys
2011/04/22 16:00:01.0923 5232 UsbserFilt (89123dc822ac7a708bd4c9e196a37610) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
2011/04/22 16:00:02.0110 5232 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/22 16:00:02.0218 5232 usbuhci (8eb2eba8af6da7c0a7b1e82834f5adba) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/22 16:00:02.0376 5232 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/22 16:00:02.0512 5232 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/22 16:00:02.0601 5232 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/04/22 16:00:02.0679 5232 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/04/22 16:00:02.0831 5232 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/04/22 16:00:02.0968 5232 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/04/22 16:00:03.0081 5232 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/04/22 16:00:03.0211 5232 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/04/22 16:00:03.0355 5232 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/04/22 16:00:03.0481 5232 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/22 16:00:03.0539 5232 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/22 16:00:03.0689 5232 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/04/22 16:00:03.0794 5232 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/22 16:00:04.0126 5232 WmiAcpi (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/22 16:00:04.0285 5232 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/22 16:00:04.0453 5232 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/22 16:00:04.0596 5232 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/22 16:00:04.0802 5232 yukonx64 (b681cadb266b151061e7baa82b0d77b7) C:\Windows\system32\DRIVERS\yk60x64.sys
2011/04/22 16:00:04.0984 5232 ================================================================================
2011/04/22 16:00:04.0984 5232 Scan finished
2011/04/22 16:00:04.0984 5232 ================================================================================
|
|
22.04.2011, 21:41
| #11 | |
| | tr/kazy.mekml.1 wirklich weg? erstmal. Kannst du denn was zu meiner Frage sagen?Zitat:
|
|
23.04.2011, 15:22
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | tr/kazy.mekml.1 wirklich weg? Wenn du unbedingt neu installieren willst, dann mach das. idR ist eine Neuinstallation sicherer/gründlicher.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu tr/kazy.mekml.1 wirklich weg? |
| anti-malware, besser, dateien, entfernt, explorer, forum, großes, gutes, log, malwarebytes, microsoft, minute, neuinstallation, nichts, process, sache, sachen, service, sichtbar, software, trojan.fakealert, trojaner, version, versteckte, wirklich |
Linear-Darstellung
