| |
| |||||||
Log-Analyse und Auswertung: WTR Loader funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.04.2011, 08:37
| #1 |
 |  WTR Loader funktioniert nicht Hallo liebe Forum-Leser, gestern hat sich ein Virus auf meinen Laptop eingeschlichen. Mein Antivirenscanner hat mir sofort eine Meldung geschickt und danach ging alles recht schnell. Der Desktop-Bildschirm wurde schwarz, meine ganzen Dateien sind vom Desktop verschwunden und er hat mir die Nachtricht angezeigt, dass zuviel RAM verbraucht wird. Daraufhin habe ich den Laptop heruntergefahren und wieder neu gestartet. Das Problem war natürlich immer noch da. Jetzt habe ich im Internet versucht herauszufinden, was ich machen kann und bin durch Zufall auf dieses Forum gestoßen. Eine andere Posterin hatte dasselbe Problem und ihr wurde empfohlen, Malewarebytes herunterzuladen und einen Vollscan durchzufuhren. Das habe ich dann auch gemacht und bis jetzt hat der Scanner 10 infizierte Objekte gefunden. Meine Frage ist jetzt, wie kann ich weiter vorgehen, nachdem der Vollscan sbgeschlossen wurde. Ich wäre über jeden Tipp sehr dankbar  LG Verena |
|
26.04.2011, 09:25
| #2 |
| | WTR Loader funktioniert nicht So der Vollscan ist nun beendet und hier das Ergebnis:
__________________Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6446 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 26.04.2011 10:22:48 mbam-log-2011-04-26 (10-22-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 242799 Laufzeit: 1 Stunde(n), 6 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 2 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 7 Infizierte Speicherprozesse: c:\programdata\lntuynxqpryn.exe (Trojan.FakeAlert) -> 2652 -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lnTUynXQPRYn (Trojan.FakeAlert) -> Value: lnTUynXQPRYn -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\lntuynxqpryn.exe (Trojan.FakeAlert) -> No action taken. c:\program files\daemon tools searchbar\Uninst.exe (Adware.WhenU) -> No action taken. c:\program files\daemon tools searchbar\whse.exe (Adware.WhenU) -> No action taken. c:\program files\mozilla firefox\extensions\{a89aed22-9133-424c-88e7-c8235c5ff302}\components\memedia_ff.dll (Adware.AdVantage) -> No action taken. c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> No action taken. c:\programdata\23519008.exe (Trojan.FakeAlert) -> No action taken. c:\Users\Veri\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\U1PG51OO\calc[1].exe (Trojan.FakeAlert) -> No action taken. |
|
26.04.2011, 09:36
| #3 |
| | WTR Loader funktioniert nicht Daraufhin habe ich gerade ein Systemscan mit OTL durchgeführt.
__________________Hier das Ergebnis:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.04.2011 10:30:07 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Veri\Desktop\Youtube Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.014,00 Mb Total Physical Memory | 265,00 Mb Available Physical Memory | 26,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 47,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,06 Gb Total Space | 4,28 Gb Free Space | 10,97% Space Free | Partition Type: NTFS Drive D: | 108,52 Gb Total Space | 108,43 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive F: | 970,13 Mb Total Space | 931,73 Mb Free Space | 96,04% Space Free | Partition Type: FAT Computer Name: VERIS | User Name: Veri | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Veri\Desktop\Youtube\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\lnTUynXQPRYn.exe (WinTrust) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe () PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Veri\Desktop\Youtube\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (NeroCd2k) -- C:\Windows\System32\drivers\NeroCD2k.sys (ahead software gmbh im stoeckmaedle 6 76307 karlsbad, germany Fax: ++49-7248-911-888 e-mail: info@nero.com) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?ct=1056757711" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 12:42:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 12:42:03 | 000,000,000 | ---D | M] [2010.12.29 19:11:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Veri\AppData\Roaming\mozilla\Extensions [2010.12.29 19:11:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Veri\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.04.25 11:53:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Veri\AppData\Roaming\mozilla\Firefox\Profiles\ogk0j4cf.default\extensions [2009.09.03 17:26:59 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Veri\AppData\Roaming\mozilla\Firefox\Profiles\ogk0j4cf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.31 21:31:26 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\Veri\AppData\Roaming\mozilla\Firefox\Profiles\ogk0j4cf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.08.10 22:21:01 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Veri\AppData\Roaming\mozilla\Firefox\Profiles\ogk0j4cf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2009.04.01 13:49:16 | 000,000,000 | -H-D | M] (Softonic Deutsch Toolbar) -- C:\Users\Veri\AppData\Roaming\mozilla\Firefox\Profiles\ogk0j4cf.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.08.10 21:35:46 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Veri\AppData\Roaming\mozilla\Firefox\Profiles\ogk0j4cf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.25 11:53:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Veri\AppData\Roaming\mozilla\Firefox\Profiles\ogk0j4cf.default\extensions\staged-xpis [2010.09.01 20:33:20 | 000,000,000 | -H-D | M] (YouTube to MP3) -- C:\Users\Veri\AppData\Roaming\mozilla\Firefox\Profiles\ogk0j4cf.default\extensions\youtube2mp3@mondayx.de [2010.08.10 22:23:40 | 000,000,873 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\conduit.xml [2011.04.19 14:31:39 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-1.xml [2008.07.18 13:41:52 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-10.xml [2008.09.29 15:58:41 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-11.xml [2008.09.29 18:12:43 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-12.xml [2008.11.16 21:20:54 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-13.xml [2008.12.21 16:33:23 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-14.xml [2009.02.15 20:50:37 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-15.xml [2009.03.06 14:07:30 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-16.xml [2009.03.30 18:34:08 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-17.xml [2009.04.24 09:27:39 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-18.xml [2009.04.30 08:50:05 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-19.xml [2007.11.02 18:40:22 | 000,000,949 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-2.xml [2009.06.13 10:09:14 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-20.xml [2009.07.23 12:26:46 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-21.xml [2009.08.07 13:57:40 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-22.xml [2009.09.16 12:27:56 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-23.xml [2009.10.28 19:51:35 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-24.xml [2009.12.18 17:47:28 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-25.xml [2010.01.25 22:08:35 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-26.xml [2010.02.19 21:05:22 | 000,000,961 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-27.xml [2010.03.29 18:57:28 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-28.xml [2010.03.31 11:18:47 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-29.xml [2007.11.28 22:48:40 | 000,000,949 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-3.xml [2010.04.03 14:48:32 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-30.xml [2010.06.24 20:35:21 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-31.xml [2010.06.28 15:28:04 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-32.xml [2010.07.22 21:09:49 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-33.xml [2010.07.25 11:09:49 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-34.xml [2010.08.10 22:35:48 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-35.xml [2010.09.16 19:17:56 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-36.xml [2010.10.21 09:23:29 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-37.xml [2010.10.29 16:12:38 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-38.xml [2010.12.10 22:58:09 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-39.xml [2007.12.01 17:40:21 | 000,000,949 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-4.xml [2011.03.02 15:24:04 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-40.xml [2011.03.07 10:27:55 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-41.xml [2011.03.24 12:42:30 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-42.xml [2008.02.11 20:41:54 | 000,000,949 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-5.xml [2008.02.27 23:56:03 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-6.xml [2008.03.27 16:33:18 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-7.xml [2008.04.23 06:14:52 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-8.xml [2008.07.03 10:19:03 | 000,000,950 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin-9.xml [2008.03.31 09:52:00 | 000,000,168 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin.gif [2008.03.31 09:52:00 | 000,000,618 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin.src [2009.07.13 17:12:02 | 000,000,944 | -H-- | M] () -- C:\Users\Veri\AppData\Roaming\Mozilla\Firefox\Profiles\ogk0j4cf.default\searchplugins\icqplugin.xml [2010.01.11 18:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2007.10.11 14:59:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.07.20 19:31:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2007.10.11 15:27:55 | 000,000,000 | ---D | M] (AdVantage) -- C:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302} [2009.04.01 13:48:45 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2009.04.01 13:48:47 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com [2008.09.11 16:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2010.03.29 18:57:05 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.29 18:57:05 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.29 18:57:05 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.29 18:57:05 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.29 18:57:05 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - File not found O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSof0.dll (Conduit Ltd.) O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe () O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKCU..\Run: [lnTUynXQPRYn] C:\ProgramData\lnTUynXQPRYn.exe (WinTrust) O4 - HKCU..\Run: [TOSCDSPD] File not found O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Veri\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Veri\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Veri\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{38dd7299-1963-11df-97e4-0016d4f45af1}\Shell - "" = AutoRun O33 - MountPoints2\{38dd7299-1963-11df-97e4-0016d4f45af1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{38dd72af-1963-11df-97e4-0016d4f45af1}\Shell - "" = AutoRun O33 - MountPoints2\{38dd72af-1963-11df-97e4-0016d4f45af1}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6e43cecb-77fd-11dc-be0e-0016d4f45af1}\Shell - "" = AutoRun O33 - MountPoints2\{6e43cecb-77fd-11dc-be0e-0016d4f45af1}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{6e43cecb-77fd-11dc-be0e-0016d4f45af1}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{6e43cecb-77fd-11dc-be0e-0016d4f45af1}\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.26 09:14:40 | 000,000,000 | ---D | C] -- C:\Users\Veri\AppData\Roaming\Malwarebytes [2011.04.26 09:14:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.26 09:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.26 09:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.26 09:14:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.26 09:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.04.25 23:48:09 | 000,565,248 | -H-- | C] (WinTrust) -- C:\ProgramData\lnTUynXQPRYn.exe [2011.04.14 15:03:24 | 000,000,000 | -H-D | C] -- C:\Users\Veri\Desktop\Youtube alte Lieder [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Veri\Desktop\*.tmp files -> C:\Users\Veri\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.26 10:03:01 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 10:03:01 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 09:39:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.26 09:14:19 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.26 09:03:56 | 000,487,424 | ---- | M] () -- C:\ProgramData\23519008.exe [2011.04.26 09:03:06 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.26 09:02:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.26 09:02:55 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 23:48:08 | 000,565,248 | -H-- | M] (WinTrust) -- C:\ProgramData\lnTUynXQPRYn.exe [2011.04.25 23:40:29 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.04.25 20:03:06 | 003,699,579 | -H-- | M] () -- C:\Users\Veri\Desktop\pantoffelheld Unterrichtsbeispiele.pdf [2011.04.25 11:04:27 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D19A8DDC-1619-47BF-BC80-E47F481CB542}.job [2011.04.20 23:45:47 | 000,054,784 | -H-- | M] () -- C:\Users\Veri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.06 15:44:26 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.06 15:44:26 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.06 15:44:26 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.06 15:44:26 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Veri\Desktop\*.tmp files -> C:\Users\Veri\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.26 09:14:19 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.26 09:03:56 | 000,487,424 | ---- | C] () -- C:\ProgramData\23519008.exe [2011.04.25 20:03:06 | 003,699,579 | -H-- | C] () -- C:\Users\Veri\Desktop\pantoffelheld Unterrichtsbeispiele.pdf [2010.12.07 19:39:40 | 000,004,096 | -H-- | C] () -- C:\Users\Veri\AppData\Local\keyfile3.drm [2010.03.08 21:18:07 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.04.01 13:48:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2008.09.26 15:18:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.08.12 10:47:45 | 000,017,486 | -H-- | C] () -- C:\Users\Veri\AppData\Roaming\mdb.bin [2008.08.12 10:11:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll [2008.02.11 20:05:49 | 000,000,432 | -H-- | C] () -- C:\Windows\BRWMARK.INI [2008.02.11 20:05:49 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT [2008.02.11 20:05:22 | 000,000,158 | -H-- | C] () -- C:\Windows\Brownie.ini [2008.02.11 20:05:22 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2008.02.11 20:05:22 | 000,000,000 | -H-- | C] () -- C:\Windows\brmx2001.ini [2008.02.11 20:05:21 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini [2008.02.11 20:05:18 | 000,008,975 | ---- | C] () -- C:\Windows\HL-2030.INI [2007.11.07 00:11:04 | 000,054,784 | -H-- | C] () -- C:\Users\Veri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.11 15:07:40 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.10.11 14:59:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.08.24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2007.03.14 10:34:13 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.03.13 12:52:13 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2007.03.13 12:31:43 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2007.03.13 12:31:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2007.03.13 12:31:43 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2007.03.13 12:31:43 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2007.03.13 12:25:15 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2007.03.13 12:25:15 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2007.03.13 12:18:04 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll [2006.11.24 08:48:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2006.11.02 17:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,474,936 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.03.09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005.11.23 15:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll [2004.01.14 08:46:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\tifmicon.dll [2001.06.11 16:58:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\NeroCheck.exe < End of report > |
|
26.04.2011, 09:37
| #4 |
| | WTR Loader funktioniert nicht Und der zweite Report:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.04.2011 10:30:07 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Veri\Desktop\Youtube
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 265,00 Mb Available Physical Memory | 26,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 4,28 Gb Free Space | 10,97% Space Free | Partition Type: NTFS
Drive D: | 108,52 Gb Total Space | 108,43 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 970,13 Mb Total Space | 931,73 Mb Free Space | 96,04% Space Free | Partition Type: FAT
Computer Name: VERIS | User Name: Veri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0761ABC5-228E-44FF-AA36-EC7590BF57BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B635F72-9E0D-4B38-84F0-EEE4759F15C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3CAF5258-CB92-460C-B058-E93BC5BE9B45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62E440E7-EB60-473B-843A-D8384C4B35AD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6D811D26-7D9E-4079-875A-67257DB23626}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71E14954-36FF-4266-ACD2-70BE994DF05D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E6ADB49-9460-4589-9138-FE642D4BC7EF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A2A0F914-B90F-46B3-A3A7-8C7C99E3A936}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D62AEEE7-E918-43FC-A84B-884DEDCF1E95}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E915499C-A6EC-43E3-B01B-8D7D1D0A46B1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EC0FA71E-39C5-48A8-9CDB-EFCC2C4F60C7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F0A8E003-7188-445F-87AF-2D8F7983D122}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FA5E83D4-88D0-4B4E-B9BF-F3AF151DA54E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{071BF0B0-A8D7-4FCB-AF5E-7F9F0DBA80F0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{22DA5C85-B9CF-4EB7-BA1A-D528DB686465}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4FD721C9-88E1-4E03-B13D-F3116F2A9E9A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{60707A51-E400-4949-A32C-CB090D2B0A7F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{66291D08-A801-4D63-B96D-39D3D23C44E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72E516E2-974F-41D3-8410-5A2DC90D7FB6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A8A01F1C-7B53-4F1A-BFE4-26F95DD701B7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D8B55485-CC8B-4A5A-9A45-AFD224A81C8D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E99E290C-DF53-4F25-B0E2-B687773AFD9B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{00F1427D-36B6-4306-B2AC-662D0CBBA613}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{642C2378-3086-445C-BEB5-75B520002261}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{817881AD-B451-4EB4-AD65-B04F78914DC0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EF3F9413-5DF3-42E0-8166-4579708936C1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{F604BD1C-56D8-4BF2-BAD7-4259BCC94A53}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5FE8A121-50F3-4846-A689-089731DABE0E}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{8E73A9B5-49D5-418D-A09C-AFC66CEDCF75}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{D509AB99-8135-4FD6-95CD-0D022F3E86A6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{EA8890EA-5077-4D2A-B055-08D333B16BDE}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FDC737ED-85A8-404A-85AF-5579FD677A48}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = TIPCI
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0AED91F6-7353-4852-AA6A-BBA38A9C0B6F}" = DSL Connection Manager
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{249D2CE1-65CA-4D7E-96DD-52FB1932515B}" = Brother HL-2030
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{441C8911-CEC0-19E6-6CAC-694553E06A28}" = myphotobook.de
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ifolor-Designer" = ifolor Designer
"InstallShield_{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.12.2010 09:51:42 | Computer Name = Veris | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: ce0 Anfangszeit: 01cba753c6860dfc Zeitpunkt der Beendigung:
76
Error - 29.12.2010 13:11:22 | Computer Name = Veris | Source = TomTomHOMEService | ID = 10000
Description =
Error - 29.12.2010 13:15:18 | Computer Name = Veris | Source = TomTomHOMEService | ID = 10000
Description =
Error - 29.12.2010 18:06:48 | Computer Name = Veris | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: d84 Anfangszeit: 01cba79589c6847c Zeitpunkt der Beendigung:
20
Error - 31.12.2010 11:17:34 | Computer Name = Veris | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 8a4 Anfangszeit: 01cba8e630c86ec1 Zeitpunkt der Beendigung:
32
Error - 02.01.2011 05:45:20 | Computer Name = Veris | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6000.6353, Zeitstempel
0x4aa91b5d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xe0c, Anwendungsstartzeit
01cbaa6006f43dee.
Error - 02.01.2011 09:27:12 | Computer Name = Veris | Source = Application Hang | ID = 1002
Description = Programm nero.exe, Version 5.5.2.8 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 818 Anfangszeit: 01cbaa80a5f9536e Zeitpunkt der Beendigung:
14
Error - 06.01.2011 08:41:34 | Computer Name = Veris | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6000.16771, Zeitstempel
0x4907deda, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x000620e3, Prozess-ID 0x758, Anwendungsstartzeit
01cbad9abe679578.
Error - 14.01.2011 18:12:57 | Computer Name = Veris | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.9.9.0, Zeitstempel 0x49d25eb7,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000374, Fehleroffset 0x000af1c9, Prozess-ID 0xd4c, Anwendungsstartzeit 01cbb437e411f6d8.
Error - 14.01.2011 18:13:51 | Computer Name = Veris | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung vlc.exe, Version 0.9.9.0, Zeitstempel 0x49d25eb7,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000374, Fehleroffset 0x000af1c9, Prozess-ID 0xc6c, Anwendungsstartzeit 01cbb43838e0a088.
[ System Events ]
Error - 04.04.2011 11:52:56 | Computer Name = Veris | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 10.04.2011 17:34:56 | Computer Name = Veris | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 14.04.2011 08:44:05 | Computer Name = Veris | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner
Fehler ist im Speicher-Manager aufgetreten.
Error - 25.04.2011 18:14:17 | Computer Name = Veris | Source = DCOM | ID = 10010
Description =
Error - 26.04.2011 03:08:22 | Computer Name = Veris | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.
Error - 26.04.2011 03:08:22 | Computer Name = Veris | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "C:" aus.
Error - 26.04.2011 03:08:53 | Computer Name = Veris | Source = Service Control Manager | ID = 7022
Description =
Error - 26.04.2011 03:15:25 | Computer Name = Veris | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.
Error - 26.04.2011 03:15:25 | Computer Name = Veris | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.
Error - 26.04.2011 03:17:25 | Computer Name = Veris | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie chkdsk auf Volume "Vista" aus.
< End of report >
|
|
26.04.2011, 09:58
| #5 |
| | WTR Loader funktioniert nicht Ich habe jetzt auch den nächsten Schritt durchgeführt: OTL-Fix All processes killed ========== OTL ========== File C:\Dokumente und Einstellungen\Admin\Desktop\Windows Recovery.lnk not found. File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17751860r not found. File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17751860 not found. File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\17751860 not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Veri ->Temp folder emptied: 463293260 bytes ->Temporary Internet Files folder emptied: 125066381 bytes ->Java cache emptied: 8811256 bytes ->FireFox cache emptied: 75370611 bytes ->Google Chrome cache emptied: 33976292 bytes ->Flash cache emptied: 2019403 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 218302282 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1073718 bytes Total Files Cleaned = 885,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04262011_103839 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
26.04.2011, 09:59
| #6 |
| | WTR Loader funktioniert nicht Hab jetzt auch den nächsten Schritt durchgeführt: OTL-Fix All processes killed ========== OTL ========== File C:\Dokumente und Einstellungen\Admin\Desktop\Windows Recovery.lnk not found. File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17751860r not found. File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17751860 not found. File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\17751860 not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Veri ->Temp folder emptied: 463293260 bytes ->Temporary Internet Files folder emptied: 125066381 bytes ->Java cache emptied: 8811256 bytes ->FireFox cache emptied: 75370611 bytes ->Google Chrome cache emptied: 33976292 bytes ->Flash cache emptied: 2019403 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 218302282 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1073718 bytes Total Files Cleaned = 885,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04262011_103839 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
26.04.2011, 10:03
| #7 |
| | WTR Loader funktioniert nicht Was kann ich jetzt machen? Der Bildschirm ist immer noch schwarz und die Dateien weg (außer der Papierkorb, Arbeitsplatz, etc.) |
|
26.04.2011, 10:10
| #8 |
| | WTR Loader funktioniert nicht So nachdem einigen anderen Usern als nächster Schritt folgendes geraten wurde, habe ich dies nun auch ausgeführt: Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-a...entfernen.html Hier das Ergebnis: 2011/04/26 11:06:01.0851 1392 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/26 11:06:02.0132 1392 ================================================================================ 2011/04/26 11:06:02.0132 1392 SystemInfo: 2011/04/26 11:06:02.0132 1392 2011/04/26 11:06:02.0132 1392 OS Version: 6.0.6000 ServicePack: 0.0 2011/04/26 11:06:02.0132 1392 Product type: Workstation 2011/04/26 11:06:02.0132 1392 ComputerName: VERIS 2011/04/26 11:06:02.0148 1392 UserName: Veri 2011/04/26 11:06:02.0148 1392 Windows directory: C:\Windows 2011/04/26 11:06:02.0148 1392 System windows directory: C:\Windows 2011/04/26 11:06:02.0148 1392 Processor architecture: Intel x86 2011/04/26 11:06:02.0148 1392 Number of processors: 2 2011/04/26 11:06:02.0148 1392 Page size: 0x1000 2011/04/26 11:06:02.0148 1392 Boot type: Normal boot 2011/04/26 11:06:02.0148 1392 ================================================================================ 2011/04/26 11:06:02.0709 1392 Initialize success 2011/04/26 11:06:40.0649 3848 ================================================================================ 2011/04/26 11:06:40.0649 3848 Scan started 2011/04/26 11:06:40.0649 3848 Mode: Manual; 2011/04/26 11:06:40.0649 3848 ================================================================================ 2011/04/26 11:06:43.0160 3848 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 2011/04/26 11:06:43.0472 3848 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/04/26 11:06:43.0691 3848 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/04/26 11:06:43.0737 3848 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/04/26 11:06:43.0784 3848 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/04/26 11:06:44.0299 3848 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 2011/04/26 11:06:45.0063 3848 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys 2011/04/26 11:06:45.0235 3848 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/04/26 11:06:45.0282 3848 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/26 11:06:45.0344 3848 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/04/26 11:06:45.0672 3848 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/04/26 11:06:45.0968 3848 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/04/26 11:06:46.0296 3848 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/04/26 11:06:46.0389 3848 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/04/26 11:06:46.0608 3848 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/04/26 11:06:47.0138 3848 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/04/26 11:06:47.0419 3848 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/04/26 11:06:47.0481 3848 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/26 11:06:48.0027 3848 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys 2011/04/26 11:06:48.0324 3848 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys 2011/04/26 11:06:48.0433 3848 avgio (87828ecd657f81503465ac705e845076) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys 2011/04/26 11:06:48.0511 3848 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 2011/04/26 11:06:48.0729 3848 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/26 11:06:48.0823 3848 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 2011/04/26 11:06:49.0291 3848 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/26 11:06:49.0478 3848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/26 11:06:49.0509 3848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/26 11:06:49.0572 3848 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/26 11:06:49.0603 3848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/26 11:06:49.0681 3848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/26 11:06:49.0868 3848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/26 11:06:50.0118 3848 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/26 11:06:50.0165 3848 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/26 11:06:50.0211 3848 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/26 11:06:50.0352 3848 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/04/26 11:06:50.0445 3848 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 2011/04/26 11:06:50.0804 3848 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/26 11:06:51.0069 3848 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/04/26 11:06:51.0225 3848 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/26 11:06:51.0381 3848 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/04/26 11:06:51.0803 3848 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/04/26 11:06:52.0068 3848 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 2011/04/26 11:06:52.0193 3848 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 2011/04/26 11:06:52.0364 3848 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 2011/04/26 11:06:52.0473 3848 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/26 11:06:52.0676 3848 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/26 11:06:53.0144 3848 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 2011/04/26 11:06:53.0612 3848 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/04/26 11:06:53.0862 3848 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 2011/04/26 11:06:53.0940 3848 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/26 11:06:54.0455 3848 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 2011/04/26 11:06:54.0813 3848 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 2011/04/26 11:06:55.0172 3848 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/26 11:06:55.0500 3848 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 2011/04/26 11:06:55.0765 3848 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/26 11:06:55.0874 3848 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/26 11:06:56.0295 3848 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/26 11:06:56.0795 3848 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/26 11:06:57.0013 3848 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/26 11:06:57.0278 3848 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/26 11:06:57.0419 3848 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/26 11:06:57.0481 3848 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/04/26 11:06:57.0653 3848 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 2011/04/26 11:06:58.0339 3848 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/04/26 11:06:58.0495 3848 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/26 11:06:58.0635 3848 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/04/26 11:06:58.0869 3848 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/04/26 11:06:59.0072 3848 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/04/26 11:06:59.0197 3848 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/26 11:06:59.0322 3848 IntcAzAudAddService (721b1a0434647418f98d034bebd4b4db) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/26 11:06:59.0478 3848 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys 2011/04/26 11:06:59.0540 3848 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/26 11:06:59.0587 3848 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/26 11:06:59.0727 3848 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/26 11:06:59.0774 3848 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/26 11:06:59.0821 3848 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 2011/04/26 11:06:59.0868 3848 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/04/26 11:06:59.0977 3848 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/26 11:07:00.0024 3848 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/26 11:07:00.0071 3848 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/26 11:07:00.0195 3848 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/26 11:07:00.0242 3848 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/04/26 11:07:00.0398 3848 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys 2011/04/26 11:07:00.0445 3848 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys 2011/04/26 11:07:00.0523 3848 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/26 11:07:00.0679 3848 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/26 11:07:00.0741 3848 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys 2011/04/26 11:07:00.0788 3848 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/26 11:07:00.0819 3848 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/26 11:07:00.0944 3848 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/26 11:07:00.0975 3848 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 2011/04/26 11:07:01.0022 3848 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/04/26 11:07:01.0163 3848 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 2011/04/26 11:07:01.0225 3848 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/26 11:07:01.0272 3848 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/26 11:07:01.0397 3848 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/26 11:07:01.0459 3848 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 2011/04/26 11:07:01.0490 3848 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/04/26 11:07:01.0631 3848 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/26 11:07:01.0677 3848 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/26 11:07:01.0740 3848 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 2011/04/26 11:07:01.0865 3848 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/26 11:07:01.0943 3848 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/26 11:07:02.0021 3848 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/26 11:07:02.0114 3848 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/04/26 11:07:02.0145 3848 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/04/26 11:07:02.0192 3848 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 2011/04/26 11:07:02.0301 3848 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys 2011/04/26 11:07:02.0395 3848 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/26 11:07:02.0426 3848 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/26 11:07:02.0457 3848 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 2011/04/26 11:07:02.0551 3848 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 2011/04/26 11:07:02.0629 3848 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/26 11:07:02.0660 3848 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 2011/04/26 11:07:02.0691 3848 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 2011/04/26 11:07:02.0832 3848 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/26 11:07:02.0972 3848 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 2011/04/26 11:07:03.0097 3848 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/26 11:07:03.0175 3848 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/26 11:07:03.0206 3848 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/26 11:07:03.0237 3848 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 2011/04/26 11:07:03.0331 3848 NeroCd2k (58b29812b8d23501d15d85dd72eacb34) C:\Windows\system32\drivers\NeroCd2k.sys 2011/04/26 11:07:03.0425 3848 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/26 11:07:03.0456 3848 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/26 11:07:03.0643 3848 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/04/26 11:07:03.0783 3848 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/26 11:07:03.0815 3848 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 2011/04/26 11:07:03.0846 3848 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/26 11:07:03.0986 3848 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 2011/04/26 11:07:04.0142 3848 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/26 11:07:04.0173 3848 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 2011/04/26 11:07:04.0345 3848 nvlddmkm (e70d10238e1c7463728d56920d1eb186) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/26 11:07:04.0657 3848 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/04/26 11:07:04.0704 3848 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/04/26 11:07:04.0735 3848 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/04/26 11:07:04.0938 3848 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/26 11:07:05.0031 3848 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/26 11:07:05.0187 3848 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 2011/04/26 11:07:05.0250 3848 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/26 11:07:05.0297 3848 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys 2011/04/26 11:07:05.0328 3848 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2011/04/26 11:07:05.0468 3848 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/04/26 11:07:05.0546 3848 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/26 11:07:05.0765 3848 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/26 11:07:05.0811 3848 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/04/26 11:07:05.0889 3848 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/26 11:07:06.0030 3848 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/04/26 11:07:06.0248 3848 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/26 11:07:06.0295 3848 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/26 11:07:06.0326 3848 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/26 11:07:06.0373 3848 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/26 11:07:06.0498 3848 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/26 11:07:06.0545 3848 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/26 11:07:06.0591 3848 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/26 11:07:06.0638 3848 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/04/26 11:07:06.0763 3848 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/26 11:07:06.0810 3848 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 2011/04/26 11:07:07.0122 3848 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/26 11:07:07.0574 3848 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/04/26 11:07:07.0746 3848 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/26 11:07:07.0839 3848 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys 2011/04/26 11:07:07.0871 3848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/26 11:07:08.0011 3848 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/26 11:07:08.0042 3848 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/26 11:07:08.0105 3848 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 2011/04/26 11:07:08.0261 3848 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/04/26 11:07:08.0292 3848 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/26 11:07:08.0323 3848 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/04/26 11:07:08.0370 3848 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/26 11:07:08.0510 3848 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/04/26 11:07:08.0588 3848 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/04/26 11:07:08.0619 3848 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/04/26 11:07:08.0760 3848 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 2011/04/26 11:07:08.0807 3848 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 2011/04/26 11:07:08.0900 3848 sptd (d390675b8ce45e5fb359338e5e649329) C:\Windows\system32\Drivers\sptd.sys 2011/04/26 11:07:08.0900 3848 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329 2011/04/26 11:07:08.0916 3848 sptd - detected Locked file (1) 2011/04/26 11:07:09.0041 3848 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 2011/04/26 11:07:09.0087 3848 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/26 11:07:09.0134 3848 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/26 11:07:09.0259 3848 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/26 11:07:09.0353 3848 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/26 11:07:09.0384 3848 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/26 11:07:09.0462 3848 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/26 11:07:09.0540 3848 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/26 11:07:09.0587 3848 SynTP (a93e77225d7b32d270fbb6acc3df119b) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/26 11:07:09.0758 3848 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys 2011/04/26 11:07:09.0930 3848 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/26 11:07:10.0070 3848 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/26 11:07:10.0133 3848 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys 2011/04/26 11:07:10.0164 3848 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 2011/04/26 11:07:10.0335 3848 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 2011/04/26 11:07:10.0382 3848 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/26 11:07:10.0460 3848 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/26 11:07:10.0585 3848 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys 2011/04/26 11:07:10.0835 3848 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys 2011/04/26 11:07:10.0944 3848 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/26 11:07:11.0069 3848 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/26 11:07:11.0115 3848 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/26 11:07:11.0162 3848 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 2011/04/26 11:07:11.0209 3848 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/04/26 11:07:11.0349 3848 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/26 11:07:11.0412 3848 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/26 11:07:11.0443 3848 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/04/26 11:07:11.0599 3848 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/26 11:07:11.0630 3848 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/26 11:07:11.0677 3848 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/26 11:07:11.0739 3848 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/26 11:07:11.0880 3848 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/26 11:07:11.0942 3848 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/26 11:07:11.0973 3848 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/26 11:07:12.0114 3848 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/26 11:07:12.0145 3848 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/26 11:07:12.0192 3848 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/26 11:07:12.0363 3848 usbuhci (7747b902f6b7d0096f9c2bf55d3247f1) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/26 11:07:12.0488 3848 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/26 11:07:12.0551 3848 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/26 11:07:12.0597 3848 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 2011/04/26 11:07:12.0738 3848 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/04/26 11:07:12.0769 3848 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/04/26 11:07:12.0816 3848 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/04/26 11:07:12.0847 3848 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys 2011/04/26 11:07:12.0972 3848 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 2011/04/26 11:07:13.0034 3848 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 2011/04/26 11:07:13.0081 3848 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/04/26 11:07:13.0143 3848 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/26 11:07:13.0268 3848 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/26 11:07:13.0299 3848 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/26 11:07:13.0362 3848 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/04/26 11:07:13.0596 3848 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/26 11:07:13.0830 3848 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/04/26 11:07:13.0923 3848 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/26 11:07:13.0970 3848 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/26 11:07:14.0126 3848 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/26 11:07:14.0204 3848 ================================================================================ 2011/04/26 11:07:14.0204 3848 Scan finished 2011/04/26 11:07:14.0204 3848 ================================================================================ 2011/04/26 11:07:14.0220 1444 Detected object count: 1 2011/04/26 11:07:27.0995 1444 Locked file(sptd) - User select action: Skip |
|
26.04.2011, 10:23
| #9 |
| | WTR Loader funktioniert nicht Jetzt sind alle Dateien wieder da  Jetzt werde ich den letzten Schritt durchführen (laut cosinus): Dann bitte jetzt CF ausführen: ComboFix |
|
26.04.2011, 10:31
| #10 |
| | WTR Loader funktioniert nicht Nachdem ich den SystemCleaner durchgeführt habe, muss ich dann noch irgendetwas beachten, bzw. durchführen? |
|
26.04.2011, 12:06
| #11 |
| | WTR Loader funktioniert nicht Hiiiiiiiiiiiiilfe!!!! Jetzt hatte ich den PC kurz heruntergefahren und als ich ihn wieder hochgefahren habe ist dasselbe Problem wieder aufgetreten  ((Wieder alle Dateien weg... Bitte helft mir! |
|
27.04.2011, 09:14
| #12 |
| | WTR Loader funktioniert nicht Problem gelöst Ich hab jetzt auch direkt ein neues Antivirus-Programm |
|
| Themen zu WTR Loader funktioniert nicht |
| andere, angezeigt, dasselbe, dateien, desktop verschwunden, frage, funktioniert, funktioniert nicht, infizierte, interne, internet, laptop, malewarebytes, meldung, natürlich, neu, problem, ram, recht, scan, scanner, schwarz, verena, verschwunden, versucht, virus, wtr loader, zuviel |
Linear-Darstellung
