| |
| |||||||
Log-Analyse und Auswertung: TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.04.2011, 23:17
| #1 |
 |  TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Liebe Experten, auch mein Rechner wurde am 25.04. von dem Trojaner infiziert. Es erschien die Meldung "WTR Loader funktioniert nicht mehr" und Antivir hat TR/Kazy.mekl.1 gefunden. Diverse Verzeichnisse sind nicht mehr anzeigbar, der Bildschirm ist schwarz bis auf vereinzelte noch vorhandene Verknüpfungen. Die Anwendungen aus der Schnellstartleiste sind ebenfalls verschwunden. Ich bin sowohl Neuling in Bezug auf Viren als auch in Bezug auf die Kommunikation in den Foren. Aus anderen Beiträgen des Forums konnte ich entnehmen, dass man den Fullscan von Malwarebytes und danach das OTL Programm laufen lassen soll. Gestern ließ ich zuerst den Quickscan laufen (dabei wurden 2 bösartige Programme gefunden, die ich entfernt habe), danach noch den Fullscan, wie von Euch gewünscht. Auch dabei wurde nochmal ein Programm gefunden, welches ich entfernt habe. Zu beiden Läufen hatte ich Log-Files abgespeichert, die ich heute posten wollte. Aber leider sind sie heute auf meinem Rechner nicht mehr auffindbar, da möglicherweise in nun versteckten Verzeichnissen. Daher habe ich heute nochmals einen Fullscan laufen lassen und das Logfile nun gepostet: *********************** Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6447 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 26.04.2011 19:05:48 mbam-log-2011-04-26 (19-05-48).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 294241 Time elapsed: 1 hour(s), 2 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) *********************** Weiterhin habe ich OTL heruntergeladen und den Scan laufen lassen. Hier die beiden erzeugten Logfiles: OTL.txt *********************** OTL logfile created on: 26.04.2011 19:14:39 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*** Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,79 Gb Total Space | 34,78 Gb Free Space | 24,19% Space Free | Partition Type: NTFS Drive D: | 140,29 Gb Total Space | 87,71 Gb Free Space | 62,52% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\OTL.exe (OldTimer Tools) PRC - C:\Programme\!rs-Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\!rs-Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\!rs-Programme\MSI\ArcSoft TotalMedia\TMMonitor.exe (ArcSoft, Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) PRC - C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () PRC - C:\Acer\Mobility Center\MobilityService.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) PRC - C:\Acer\ALaunch\ALaunchSvc.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) PRC - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) PRC - C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - c:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.) PRC - C:\Programme\Microsoft Office\Office\WINWORD.EXE () ========== Modules (SafeList) ========== MOD - C:\Users\***\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TeamViewer6) -- C:\Programme\!rs-Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.) SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe () SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe () SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (InCDsrv) -- C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG) DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG) DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\!rs-Programme\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [Acer Tour Reminder] File not found O4 - HKLM..\Run: [ALaunch] File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\!rs-Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\!rs-Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\!rs-Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\!rs-Programme\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\!rs-Programme\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\!rs-Programme\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Programme\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9b1a0591-f262-11de-918f-bf9e0f52b464}\Shell - "" = AutoRun O33 - MountPoints2\{9b1a0591-f262-11de-918f-bf9e0f52b464}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.25 23:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.04.25 22:59:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.04.25 22:58:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.25 22:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.25 22:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.25 22:58:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.14 23:05:39 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 23:05:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 23:05:35 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.14 23:05:35 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 23:05:35 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 23:05:34 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.14 23:05:34 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.14 23:05:34 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 23:05:34 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 23:05:34 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.14 23:05:34 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.14 23:05:34 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.14 23:05:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.14 23:05:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.14 23:05:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.14 23:05:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.14 23:05:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.14 23:05:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.14 23:05:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.14 23:05:30 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 23:05:29 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 23:05:22 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 23:05:20 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 23:05:18 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.14 23:05:18 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2008.03.20 15:55:31 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2008.03.20 15:53:20 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.03.20 15:53:20 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2008.02.19 04:43:23 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll ========== Files - Modified Within 30 Days ========== [2011.04.26 19:09:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 19:09:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.26 17:59:24 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.26 17:14:23 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.26 17:14:23 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.26 17:14:23 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.26 17:14:23 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.26 17:09:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.04.26 17:09:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.26 17:09:28 | 3217,489,920 | -HS- | M] () -- C:\hiberfil.sys [2011.04.26 00:57:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.24 13:20:12 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk [2011.04.24 13:18:33 | 000,028,029 | -H-- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2011.04.15 17:51:35 | 000,298,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2011.04.25 22:58:57 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.21 21:34:08 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.09.01 23:30:21 | 000,044,544 | ---- | C] () -- C:\Windows\System32\SH30W16.DLL [2010.08.02 21:34:31 | 000,000,340 | ---- | C] () -- C:\Windows\mbjr.ini [2010.08.02 21:34:30 | 000,094,720 | ---- | C] () -- C:\Windows\System32\SH30W32.DLL [2010.02.14 00:43:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.23 19:21:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.01.23 19:21:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.01.08 19:49:45 | 000,000,203 | ---- | C] () -- C:\Windows\bienemaja.ini [2009.12.27 00:42:11 | 000,000,140 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2009.08.14 10:34:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.04 22:23:04 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2008.07.13 20:50:41 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.05.11 13:56:11 | 000,028,029 | -H-- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.05.11 13:04:41 | 000,044,544 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.11 12:11:14 | 000,028,029 | -H-- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.03.21 00:29:07 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini [2008.03.21 00:29:00 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.03.20 15:55:31 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.02.19 07:22:40 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2008.02.19 04:43:25 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.02.19 04:43:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.02.18 22:08:44 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.02.18 22:08:02 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2008.02.18 21:15:19 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.02.18 21:15:19 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat [2008.01.21 09:15:58 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,131,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.03.29 13:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,298,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,600,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1997.01.17 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL [1997.01.17 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA < End of report > *********************** Extras.txt *********************** OTL Extras logfile created on: 26.04.2011 19:14:39 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\*** Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 41,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,79 Gb Total Space | 34,78 Gb Free Space | 24,19% Space Free | Partition Type: NTFS Drive D: | 140,29 Gb Total Space | 87,71 Gb Free Space | 62,52% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /n () htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\Winword.exe" /x () inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\!rs-Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\!rs-Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06493455-BDD8-41B5-8F28-113B89428196}" = protocol=6 | dir=in | app=c:\program files\!rs-programme\teamviewer\version6\teamviewer.exe | "{14BE2069-2545-46B7-BD8E-906980E16C65}" = protocol=6 | dir=in | app=c:\program files\!rs-programme\teamviewer\version6\teamviewer_service.exe | "{16B9F64E-63AC-450C-A152-A5EE878F07F7}" = protocol=17 | dir=in | app=c:\program files\!rs-programme\msi\arcsoft totalmedia\totalmedia.exe | "{3EF5B46E-00A2-4DA7-ADB0-6694F54E5EEA}" = protocol=6 | dir=in | app=c:\program files\!rs-programme\msi\arcsoft totalmedia\totalmedia.exe | "{541A7907-7004-478D-8D85-3B5C7033473F}" = protocol=17 | dir=in | app=c:\program files\!rs-programme\teamviewer\version6\teamviewer.exe | "{5A10953A-95D0-422F-A9A8-4A9CB0306CBA}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | "{75CF5C5F-580E-4DDD-81E5-733DDC4644FE}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | "{8D18C1A2-4F82-460A-BDFE-50A7CA528BDE}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | "{A06721DB-957C-4198-A647-77AA8CE81DC3}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | "{C0672A3A-6E25-4C4E-AAFE-5E7716D5E62A}" = protocol=17 | dir=in | app=c:\program files\!rs-programme\teamviewer\version6\teamviewer_service.exe | "{C4C7E364-DA35-4EE0-8844-841F7B63100F}" = dir=in | app=c:\program files\!rs-programme\phone\skype.exe | "{CC124CF2-CCFD-48D7-82A8-847A9C099C60}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{D4953FF7-271A-465A-9E51-AA038CB9C7A5}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | "{D88C549A-43A4-4369-8748-1ED39C37C2A3}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{F5D5FAAD-ACBD-413F-9142-4F7D637A8166}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "TCP Query User{005BF163-D154-4DCC-A873-0E3F8F79AAD7}C:\program files\!rs-programme\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\!rs-programme\sopcast\sopcast.exe | "TCP Query User{31BB0279-962D-4672-93FA-B88CB7348638}C:\program files\!rs-programme\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\!rs-programme\sopcast\adv\sopadver.exe | "TCP Query User{6E6D30BE-9C4A-4F8B-844E-B36A1BB6214D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{3357A28E-2D71-42F7-810F-A27C0284AD00}C:\program files\!rs-programme\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\!rs-programme\sopcast\sopcast.exe | "UDP Query User{E6049194-AAEF-4F2A-BEBF-B75DA02C6ED6}C:\program files\!rs-programme\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\!rs-programme\sopcast\adv\sopadver.exe | "UDP Query User{FAEA23E6-02C9-4133-87AB-64F6667DF11E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900 "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{512FA709-D3E8-4094-A1B5-39A2A08A8400}" = Microsoft Outlook Web Access S/MIME (2007) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B4E6CB9-E54D-47F7-A414-E2D5740E1031}" = Nero 7 Essentials "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management "{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5 "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Biene Maja - Das große Gewitter" = Biene Maja - Das große Gewitter "Blinde Kuh KlickiBunti" = Blinde Kuh KlickiBunti "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) "EH_TrennMann" = Erste Hilfe Trennung, Scheidung, Unterhalt für Männer "ElsterFormular 11.2.0.4074" = ElsterFormular "Excel" = Microsoft Excel 97 "GridVista" = Acer GridVista "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7 "InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5 "LManager" = Launch Manager "Luka und der verborgene Schatz" = Luka und der verborgene Schatz "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "mbjr32" = Mathe Blaster 4-6 Jahre "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "PhotoStitch" = Canon Utilities PhotoStitch "Piraten" = Piraten "PrintParade Studio" = PrintParade Studio "ProInst" = Intel PROSet Wireless "QuickTime" = QuickTime "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureDC" = Canon Utilities RemoteCapture DC "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "Santa Claus in Trouble" = Santa Claus in Trouble "SopCast" = SopCast 3.2.9 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamViewer 6" = TeamViewer 6 "VLC media player" = VLC media player 1.1.4 "Word8.0" = Microsoft Word 97 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.04.2011 12:37:09 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 14.04.2011 12:37:25 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 14.04.2011 18:03:18 | Computer Name = *** | Source = Windows Search Service | ID = 3024 Description = Error - 15.04.2011 11:51:58 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 15.04.2011 11:51:56 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 15.04.2011 12:59:34 | Computer Name = *** | Source = Application Hang | ID = 1002 Description = Programm Skype.exe, Version 5.0.0.156 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: e4 Anfangszeit: 01cbfb857cbc79e0 Zeitpunkt der Beendigung: 0 Error - 15.04.2011 17:07:14 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 15.04.2011 17:07:30 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 16.04.2011 11:21:45 | Computer Name = *** | Source = WinMgmt | ID = 10 Description = Error - 16.04.2011 11:21:58 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ System Events ] Error - 25.04.2011 16:38:33 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 25.04.2011 17:18:25 | Computer Name = *** | Source = Microsoft-Windows-Eventlog | ID = 22 Description = Error - 25.04.2011 17:18:37 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 25.04.2011 18:46:45 | Computer Name = *** | Source = Microsoft-Windows-Eventlog | ID = 22 Description = Error - 25.04.2011 18:46:56 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 25.04.2011 18:50:26 | Computer Name = *** | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.178.20 für die Netzwerkkarte mit der Netzwerkadresse 001DE0846211 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 26.04.2011 11:09:33 | Computer Name = *** | Source = Microsoft-Windows-Eventlog | ID = 22 Description = Error - 26.04.2011 11:09:45 | Computer Name = *** | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.0.106 für die Netzwerkkarte mit der Netzwerkadresse 001DE0846211 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 26.04.2011 11:09:47 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 26.04.2011 11:36:02 | Computer Name = *** | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. < End of report > *********************** Nun setze ich meine ganzen Hoffnungen in Euch und bitte um Eure Analysen und weitere Anweisungen. Vielen Dank schon im Voraus! |
|
28.04.2011, 16:07
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr"Zitat:
__________________ |
|
29.04.2011, 15:01
| #3 |
| | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Hallo Arne,
__________________danke für Deine erste Reaktion. Leider kann ich den allerersten Log zum Quickscan beim besten Willen nirgends mehr finden. Er wird auch nicht in mbam bei Logs gelistet. Ich habe nur einen Screnshot, den ich für mich gemacht hatte. Ich hänge zwei Gif-Dateien an (Screenshot der gefundenen Schädlinge sowie des Logs - beides zum allerersten Quickscan am 25.04.11). Den nach dem Quickscan ersten durchgeführten Fullscan habe ich über mbam gefunden und poste ihn jetzt hier. *************************** Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6443 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 26.04.2011 00:39:28 mbam-log-2011-04-26 (00-39-28).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 293388 Time elapsed: 1 hour(s), 5 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Reinhard\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\1U4J2WZZ\info[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. *************************** Mehr habe ich nicht. Kannst Du mir damit bitte weiterhelfen? Danke und Grüße, Reinhard |
|
29.04.2011, 20:33
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9b1a0591-f262-11de-918f-bf9e0f52b464}\Shell - "" = AutoRun
O33 - MountPoints2\{9b1a0591-f262-11de-918f-bf9e0f52b464}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.04.2011, 21:11
| #5 |
| | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Guten Abend Arne, habe OTL-Fix wie von Dir beschrieben ausgeführt. Nach OK ist Rechner zuerst neu gestartet. Nach erneutem Aufruf von OTL ging sofort das Log-File auf. Here you are: **************** All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b1a0591-f262-11de-918f-bf9e0f52b464}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b1a0591-f262-11de-918f-bf9e0f52b464}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b1a0591-f262-11de-918f-bf9e0f52b464}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b1a0591-f262-11de-918f-bf9e0f52b464}\ not found. File E:\LaunchU3.exe -a not found. ADS C:\ProgramData\TEMP:C95B63DA deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Reinhard ->Temp folder emptied: 306 bytes ->Temporary Internet Files folder emptied: 214608548 bytes ->Flash cache emptied: 29440 bytes User: rstarke ->Temp folder emptied: 2006 bytes ->Temporary Internet Files folder emptied: 1360358 bytes ->Flash cache emptied: 1503 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 46960992 bytes RecycleBin emptied: 1753645 bytes Total Files Cleaned = 252,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04292011_215830 Files\Folders moved on Reboot... Registry entries deleted on Reboot... **************** Erbitte weitere Anweisungen. Danke und Grüße, Reinhard P.S. Kann ich die Logfiles auch irgendwie so schön als separate Textbox posten, wie Du z.B. die Codelines? |
|
30.04.2011, 01:27
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" |
|
30.04.2011, 09:01
| #7 |
| | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Hallo Arne, vielen Dank für die Informationen. Habe TDSSKiller ausgeführt. Nach 17 sek. war er beendet, 269 Objekte prozessiert, keine Infections gefunden. Hier der Report: ************* 2011/04/30 09:39:08.0283 4752 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/30 09:39:09.0297 4752 ================================================================================ 2011/04/30 09:39:09.0297 4752 SystemInfo: 2011/04/30 09:39:09.0297 4752 2011/04/30 09:39:09.0297 4752 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/30 09:39:09.0297 4752 Product type: Workstation 2011/04/30 09:39:09.0297 4752 ComputerName: RSTARKE-PC 2011/04/30 09:39:09.0297 4752 UserName: rstarke 2011/04/30 09:39:09.0297 4752 Windows directory: C:\Windows 2011/04/30 09:39:09.0297 4752 System windows directory: C:\Windows 2011/04/30 09:39:09.0297 4752 Processor architecture: Intel x86 2011/04/30 09:39:09.0297 4752 Number of processors: 2 2011/04/30 09:39:09.0297 4752 Page size: 0x1000 2011/04/30 09:39:09.0297 4752 Boot type: Normal boot 2011/04/30 09:39:09.0297 4752 ================================================================================ 2011/04/30 09:39:09.0687 4752 Initialize success 2011/04/30 09:39:20.0404 1304 ================================================================================ 2011/04/30 09:39:20.0404 1304 Scan started 2011/04/30 09:39:20.0404 1304 Mode: Manual; 2011/04/30 09:39:20.0404 1304 ================================================================================ 2011/04/30 09:39:21.0496 1304 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/30 09:39:21.0574 1304 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/04/30 09:39:21.0637 1304 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/04/30 09:39:21.0684 1304 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/04/30 09:39:21.0730 1304 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/04/30 09:39:21.0918 1304 AF15BDA (3cd15ebaa1d68bc18ce14a26683bc1ec) C:\Windows\system32\DRIVERS\AF15BDA.sys 2011/04/30 09:39:22.0042 1304 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 2011/04/30 09:39:22.0136 1304 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/30 09:39:22.0261 1304 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/04/30 09:39:22.0370 1304 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/30 09:39:22.0464 1304 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/04/30 09:39:22.0542 1304 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/04/30 09:39:22.0573 1304 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/04/30 09:39:22.0635 1304 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/04/30 09:39:22.0682 1304 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/04/30 09:39:22.0838 1304 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/04/30 09:39:23.0010 1304 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/04/30 09:39:23.0088 1304 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/30 09:39:23.0150 1304 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/04/30 09:39:23.0244 1304 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/04/30 09:39:23.0384 1304 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/30 09:39:23.0446 1304 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/30 09:39:23.0602 1304 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/04/30 09:39:23.0774 1304 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/30 09:39:23.0836 1304 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/04/30 09:39:23.0930 1304 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/30 09:39:24.0086 1304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/30 09:39:24.0117 1304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/30 09:39:24.0180 1304 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/30 09:39:24.0226 1304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/30 09:39:24.0258 1304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/30 09:39:24.0289 1304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/30 09:39:24.0367 1304 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/04/30 09:39:24.0445 1304 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/30 09:39:24.0585 1304 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/04/30 09:39:24.0726 1304 BthPort (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys 2011/04/30 09:39:24.0928 1304 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/04/30 09:39:25.0006 1304 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys 2011/04/30 09:39:25.0053 1304 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys 2011/04/30 09:39:25.0162 1304 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/04/30 09:39:25.0209 1304 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/30 09:39:25.0334 1304 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/30 09:39:25.0381 1304 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 2011/04/30 09:39:25.0428 1304 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/30 09:39:25.0584 1304 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/30 09:39:25.0662 1304 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/04/30 09:39:25.0708 1304 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/30 09:39:25.0740 1304 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/04/30 09:39:25.0786 1304 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/04/30 09:39:25.0864 1304 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/30 09:39:25.0942 1304 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/30 09:39:25.0989 1304 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 2011/04/30 09:39:26.0052 1304 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/30 09:39:26.0130 1304 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/30 09:39:26.0192 1304 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/30 09:39:26.0286 1304 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/30 09:39:26.0379 1304 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/04/30 09:39:26.0473 1304 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/04/30 09:39:26.0566 1304 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/30 09:39:26.0644 1304 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/30 09:39:26.0707 1304 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/30 09:39:26.0800 1304 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/30 09:39:26.0847 1304 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/30 09:39:26.0894 1304 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/30 09:39:26.0956 1304 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/30 09:39:27.0003 1304 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/30 09:39:27.0034 1304 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/30 09:39:27.0097 1304 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/30 09:39:27.0144 1304 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/30 09:39:27.0190 1304 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/30 09:39:27.0222 1304 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 2011/04/30 09:39:27.0284 1304 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/30 09:39:27.0331 1304 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/04/30 09:39:27.0393 1304 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/04/30 09:39:27.0471 1304 HSF_DPV (347385d69c15e3d045aa1cb46e4cb86d) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/04/30 09:39:27.0534 1304 HSXHWAZL (919337d853703267da203e79a0ac1f2b) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/04/30 09:39:27.0580 1304 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/04/30 09:39:27.0627 1304 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/04/30 09:39:27.0658 1304 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/30 09:39:27.0721 1304 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys 2011/04/30 09:39:27.0768 1304 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/04/30 09:39:27.0814 1304 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/30 09:39:27.0861 1304 InCDfs (7bfc3eda22190c0fe8c2ca19e5379da5) C:\Windows\system32\drivers\InCDFs.sys 2011/04/30 09:39:27.0892 1304 InCDPass (fc4dbf18a4eb0d2fe3171471a3d0f9a8) C:\Windows\system32\drivers\InCDPass.sys 2011/04/30 09:39:27.0924 1304 InCDrec (f8e7c551def07fdc12ca5cc7ae5d975b) C:\Windows\system32\drivers\InCDrec.sys 2011/04/30 09:39:27.0939 1304 incdrm (31a5a3809249a326eb0ef58d563a9654) C:\Windows\system32\drivers\InCDRm.sys 2011/04/30 09:39:28.0048 1304 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys 2011/04/30 09:39:28.0173 1304 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/30 09:39:28.0282 1304 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/30 09:39:28.0314 1304 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/30 09:39:28.0360 1304 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/30 09:39:28.0407 1304 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/30 09:39:28.0454 1304 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/30 09:39:28.0470 1304 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/30 09:39:28.0516 1304 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/04/30 09:39:28.0563 1304 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/30 09:39:28.0594 1304 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/30 09:39:28.0641 1304 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/30 09:39:28.0672 1304 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/30 09:39:28.0719 1304 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/30 09:39:28.0782 1304 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/30 09:39:28.0860 1304 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/30 09:39:28.0906 1304 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/30 09:39:28.0938 1304 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/30 09:39:29.0000 1304 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/30 09:39:29.0031 1304 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/30 09:39:29.0078 1304 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/04/30 09:39:29.0109 1304 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/04/30 09:39:29.0172 1304 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/04/30 09:39:29.0203 1304 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/30 09:39:29.0250 1304 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/30 09:39:29.0281 1304 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/30 09:39:29.0312 1304 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/30 09:39:29.0343 1304 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/30 09:39:29.0406 1304 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/04/30 09:39:29.0452 1304 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/30 09:39:29.0499 1304 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/30 09:39:29.0546 1304 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/30 09:39:29.0593 1304 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/30 09:39:29.0702 1304 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/30 09:39:29.0905 1304 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/30 09:39:30.0092 1304 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/04/30 09:39:30.0108 1304 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/04/30 09:39:30.0170 1304 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/30 09:39:30.0201 1304 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/30 09:39:30.0248 1304 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/30 09:39:30.0295 1304 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/30 09:39:30.0326 1304 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/30 09:39:30.0373 1304 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/30 09:39:30.0404 1304 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/30 09:39:30.0435 1304 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/30 09:39:30.0466 1304 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/30 09:39:30.0513 1304 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/30 09:39:30.0576 1304 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/04/30 09:39:30.0622 1304 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/30 09:39:30.0654 1304 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/30 09:39:30.0716 1304 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/30 09:39:30.0747 1304 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/30 09:39:30.0778 1304 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/30 09:39:30.0825 1304 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/30 09:39:30.0950 1304 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/04/30 09:39:31.0106 1304 NETw4v32 (38d720e0c8b0ecb9a019980265679798) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/04/30 09:39:31.0293 1304 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/04/30 09:39:31.0402 1304 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/30 09:39:31.0465 1304 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys 2011/04/30 09:39:31.0496 1304 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys 2011/04/30 09:39:31.0558 1304 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/30 09:39:31.0605 1304 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/30 09:39:31.0683 1304 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/30 09:39:31.0746 1304 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 2011/04/30 09:39:31.0777 1304 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/30 09:39:31.0792 1304 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/30 09:39:32.0026 1304 nvlddmkm (fd0ee4fa45ff58f6c9932b4265a83ba4) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/30 09:39:32.0214 1304 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/04/30 09:39:32.0260 1304 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/04/30 09:39:32.0292 1304 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/04/30 09:39:32.0385 1304 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/30 09:39:32.0416 1304 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/30 09:39:32.0463 1304 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/30 09:39:32.0494 1304 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/30 09:39:32.0572 1304 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 2011/04/30 09:39:32.0619 1304 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/30 09:39:32.0650 1304 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/04/30 09:39:32.0713 1304 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/30 09:39:32.0806 1304 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/30 09:39:32.0931 1304 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/30 09:39:32.0962 1304 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/04/30 09:39:33.0025 1304 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/30 09:39:33.0056 1304 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys 2011/04/30 09:39:33.0072 1304 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys 2011/04/30 09:39:33.0103 1304 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys 2011/04/30 09:39:33.0165 1304 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/04/30 09:39:33.0243 1304 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/30 09:39:33.0290 1304 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/30 09:39:33.0306 1304 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/30 09:39:33.0352 1304 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/30 09:39:33.0399 1304 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/30 09:39:33.0430 1304 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/30 09:39:33.0477 1304 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/30 09:39:33.0508 1304 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/30 09:39:33.0555 1304 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/04/30 09:39:33.0571 1304 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/30 09:39:33.0618 1304 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/30 09:39:33.0696 1304 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/04/30 09:39:33.0742 1304 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/04/30 09:39:33.0758 1304 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/04/30 09:39:33.0820 1304 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/04/30 09:39:33.0867 1304 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/30 09:39:33.0914 1304 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/30 09:39:34.0054 1304 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 2011/04/30 09:39:34.0101 1304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/30 09:39:34.0132 1304 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/30 09:39:34.0164 1304 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/30 09:39:34.0195 1304 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/30 09:39:34.0242 1304 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/04/30 09:39:34.0273 1304 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/30 09:39:34.0304 1304 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/04/30 09:39:34.0335 1304 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/30 09:39:34.0382 1304 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/04/30 09:39:34.0413 1304 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/04/30 09:39:34.0460 1304 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/04/30 09:39:34.0507 1304 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/30 09:39:34.0616 1304 SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys 2011/04/30 09:39:34.0694 1304 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/30 09:39:34.0741 1304 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/04/30 09:39:34.0788 1304 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/30 09:39:34.0834 1304 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/30 09:39:34.0881 1304 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/30 09:39:34.0944 1304 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/30 09:39:34.0975 1304 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/30 09:39:35.0146 1304 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/30 09:39:35.0162 1304 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/30 09:39:35.0209 1304 SynTP (c5f25d490d0915732508fd421bf76d93) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/30 09:39:35.0302 1304 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/04/30 09:39:35.0365 1304 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/30 09:39:35.0412 1304 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/30 09:39:35.0443 1304 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/30 09:39:35.0458 1304 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/30 09:39:35.0521 1304 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/30 09:39:35.0583 1304 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/30 09:39:35.0630 1304 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/30 09:39:35.0661 1304 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/30 09:39:35.0708 1304 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/30 09:39:35.0724 1304 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/04/30 09:39:35.0786 1304 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/30 09:39:35.0833 1304 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/30 09:39:35.0848 1304 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/04/30 09:39:35.0880 1304 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/30 09:39:35.0895 1304 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/30 09:39:35.0926 1304 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/30 09:39:35.0989 1304 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 2011/04/30 09:39:36.0036 1304 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/30 09:39:36.0067 1304 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/30 09:39:36.0129 1304 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/30 09:39:36.0176 1304 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/30 09:39:36.0192 1304 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/30 09:39:36.0238 1304 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 2011/04/30 09:39:36.0270 1304 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys 2011/04/30 09:39:36.0332 1304 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 2011/04/30 09:39:36.0394 1304 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/30 09:39:36.0457 1304 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/30 09:39:36.0504 1304 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/30 09:39:36.0535 1304 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/30 09:39:36.0550 1304 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/04/30 09:39:36.0582 1304 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/04/30 09:39:36.0597 1304 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/04/30 09:39:36.0644 1304 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/30 09:39:36.0691 1304 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/30 09:39:36.0753 1304 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/30 09:39:36.0784 1304 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/04/30 09:39:36.0831 1304 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/30 09:39:36.0862 1304 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/30 09:39:36.0878 1304 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/30 09:39:36.0909 1304 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/04/30 09:39:36.0972 1304 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/30 09:39:37.0065 1304 winachsf (3344b5c3209e538291398ff12f895155) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/04/30 09:39:37.0112 1304 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys 2011/04/30 09:39:37.0190 1304 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/30 09:39:37.0284 1304 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/30 09:39:37.0330 1304 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/30 09:39:37.0408 1304 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/30 09:39:37.0455 1304 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys 2011/04/30 09:39:37.0580 1304 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (5867ce254625645345c833510d24f124) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 2011/04/30 09:39:37.0642 1304 ================================================================================ 2011/04/30 09:39:37.0642 1304 Scan finished 2011/04/30 09:39:37.0642 1304 ================================================================================ ************* Danach noch Unhide ausgeführt. Verzeichnisse scheinen wieder da zu sein. Desktopverknüpfungen fehlen noch. Ist das so korrekt? Erbitte weitere Anweisungen. Danke, viele Grüße und bei all Deinem Einsatz auch ein schönes Wochenende! Reinhard |
|
30.04.2011, 20:30
| #8 |
| | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Kurze Zusatzinfo: Nach dem Neustart sind nun auch die Desktopverknüpfungen und die Anwendungen der Schnellstartleiste wieder alle vorhanden. Bildschirmhintergrund ist allerdings noch schwarz, was weniger tragisch ist. Bitte meldet Euch mit weiteren Anweisungen. Danke und Grüße, Reinhard |
|
01.05.2011, 14:16
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2011, 21:03
| #10 |
| | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Hallo Arne, folgendes ausgeführt: Ccleaner laufen lassen (danach war mein Desktophintergrund wieder da) Cofi laufen lassen. Wie ich dem Log entnehmen kann, hatte ích wohl Windows Defender nicht deaktiviert. Wusste nichts darüber. Sorry, hoffe es hat trotzdem geklappt. Hier der Log: ******************* Combofix Logfile: Code:
ATTFilter ComboFix 11-04-30.06 - rstarke 01.05.2011 21:33:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1772 [GMT 2:00]
ausgeführt von:: c:\users\Reinhard\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Reinhard\AppData\Roaming\.#
c:\users\Reinhard\AppData\Roaming\Yahoo!
c:\users\Reinhard\ccsetup306.exe
c:\users\Reinhard\mbam-setup.exe
c:\users\Reinhard\OTL.exe
c:\users\Reinhard\tdsskiller.exe
c:\users\Reinhard\unhide.exe
c:\users\rstarke\AppData\Roaming\.#
c:\users\rstarke\AppData\Roaming\Yahoo!
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-01 bis 2011-05-01 ))))))))))))))))))))))))))))))
.
.
2011-05-01 19:07 . 2011-05-01 19:08 -------- d-----w- c:\program files\CCleaner
2011-04-29 19:58 . 2011-04-29 19:58 -------- d-----w- C:\_OTL
2011-04-29 13:40 . 2011-04-29 13:40 0 ----a-w- c:\users\Reinhard\ms4030.tmp
2011-04-29 13:40 . 2011-04-29 13:40 0 ----a-w- c:\users\Reinhard\~WRD2165.tmp
2011-04-29 13:33 . 2011-04-29 13:33 0 ----a-w- c:\users\Reinhard\ms3356.tmp
2011-04-29 13:33 . 2011-04-29 13:33 0 ----a-w- c:\users\Reinhard\~WRD1998.tmp
2011-04-29 13:13 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1789539-11B5-4D4D-A01E-A13A7356D7CF}\mpengine.dll
2011-04-27 17:28 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 17:28 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 17:28 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-25 21:47 . 2011-04-25 21:47 -------- d-----w- c:\programdata\WindowsSearch
2011-04-25 21:20 . 2011-04-25 21:20 -------- d-----w- c:\users\Reinhard\AppData\Roaming\Malwarebytes
2011-04-25 21:09 . 2011-04-26 17:10 3301888 ------w- c:\users\Reinhard\~WRL2718.tmp
2011-04-25 20:59 . 2011-04-25 20:59 -------- d-----w- c:\users\rstarke\AppData\Roaming\Malwarebytes
2011-04-25 20:58 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 20:58 . 2011-04-25 20:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-25 20:58 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 22:13 . 2009-12-26 21:20 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-03 15:40 . 2011-04-27 17:28 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 17:28 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 17:28 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 17:28 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-24 17:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-24 17:50 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-24 17:50 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 16:11 . 2009-12-26 21:27 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PC Suite Tray"="c:\program files\!rs-Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-30 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-30 81920]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\!rs-Programme\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-3-20 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-18 535336]
TMMonitor.lnk - c:\program files\!rs-Programme\MSI\ArcSoft TotalMedia\TMMonitor.exe [2009-2-4 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-24 41456]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 TeamViewer6;TeamViewer 6;c:\program files\!rs-Programme\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-01 21:42
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-01 21:44:21
ComboFix-quarantined-files.txt 2011-05-01 19:44
.
Vor Suchlauf: 16 Verzeichnis(se), 39.460.368.384 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 39.439.622.144 Bytes frei
.
- - End Of File - - 28246C5C2729A47D80ADA041DD4FCE3E
******************* Neustart durchgeführt, weil Internetfavoriten weg sind. Nach Neustart sind Internetfavoriten zurück, aber mein Bildschirmhintergrund ist wieder weg (schwarz), der nach CCleaner da war. Soll das alles so sein? Vielen Dank schon einmal für die Hilfe bisher. Wie geht es weiter? Viele Grüße, Reinhard Geändert von rookie2011 (01.05.2011 um 21:18 Uhr) |
|
02.05.2011, 11:25
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\users\Reinhard\ms4030.tmp
c:\users\Reinhard\~WRD2165.tmp
c:\users\Reinhard\ms3356.tmp
c:\users\Reinhard\~WRD1998.tmp
c:\users\Reinhard\~WRL2718.tmp
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2011, 18:49
| #12 |
| | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Hallo Arne, alles wie beschrieben ausgeführt (diesmal mit deaktiviertem Defender). Direkt nach cofi war mein Desktophintergrund wieder da, nach Neustart wieder weg :-( Hier der Log: *************** Combofix Logfile: Code:
ATTFilter ComboFix 11-04-30.06 - rstarke 02.05.2011 18:17:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1897 [GMT 2:00]
ausgeführt von:: c:\users\Reinhard\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Reinhard\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Reinhard\~WRD1998.tmp"
"c:\users\Reinhard\~WRD2165.tmp"
"c:\users\Reinhard\~WRL2718.tmp"
"c:\users\Reinhard\ms3356.tmp"
"c:\users\Reinhard\ms4030.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Reinhard\~WRD1998.tmp
c:\users\Reinhard\~WRD2165.tmp
c:\users\Reinhard\~WRL2718.tmp
c:\users\Reinhard\ms3356.tmp
c:\users\Reinhard\ms4030.tmp
c:\users\rstarke\AppData\Roaming\Yahoo!
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-02 bis 2011-05-02 ))))))))))))))))))))))))))))))
.
.
2011-05-02 16:23 . 2011-05-02 16:23 -------- d-----w- c:\users\rstarke\AppData\Local\temp
2011-05-02 16:23 . 2011-05-02 16:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-01 19:30 . 2011-05-01 19:44 -------- d-----w- C:\cofi
2011-05-01 19:07 . 2011-05-01 19:08 -------- d-----w- c:\program files\CCleaner
2011-04-29 19:58 . 2011-04-29 19:58 -------- d-----w- C:\_OTL
2011-04-29 13:13 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1789539-11B5-4D4D-A01E-A13A7356D7CF}\mpengine.dll
2011-04-27 17:28 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 17:28 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 17:28 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-25 21:47 . 2011-04-25 21:47 -------- d-----w- c:\programdata\WindowsSearch
2011-04-25 21:20 . 2011-04-25 21:20 -------- d-----w- c:\users\Reinhard\AppData\Roaming\Malwarebytes
2011-04-25 20:59 . 2011-04-25 20:59 -------- d-----w- c:\users\rstarke\AppData\Roaming\Malwarebytes
2011-04-25 20:58 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 20:58 . 2011-04-25 20:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-25 20:58 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-18 22:13 . 2009-12-26 21:20 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-03 15:40 . 2011-04-27 17:28 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 17:28 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 17:28 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 17:28 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-24 17:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-24 17:50 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-24 17:50 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-02 16:11 . 2009-12-26 21:27 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"PC Suite Tray"="c:\program files\!rs-Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-30 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-30 81920]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"Skytel"="Skytel.exe" [2008-01-24 1826816]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\!rs-Programme\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-3-20 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-18 535336]
TMMonitor.lnk - c:\program files\!rs-Programme\MSI\ArcSoft TotalMedia\TMMonitor.exe [2009-2-4 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-24 41456]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
S2 TeamViewer6;TeamViewer 6;c:\program files\!rs-Programme\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-02 18:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-02 18:24:32
ComboFix-quarantined-files.txt 2011-05-02 16:24
ComboFix2.txt 2011-05-01 19:44
.
Vor Suchlauf: 18 Verzeichnis(se), 39.338.962.944 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 39.310.426.112 Bytes frei
.
- - End Of File - - AB347C959C6911BEDE7DD8885B570ECC
*************** Was sind die nächsten Schritte? Danke und viele Grüße, Reinhard |
|
02.05.2011, 20:08
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2011, 23:17
| #14 |
| | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Hallo Arne, GMER ist im ersten Anlauf abgerochen, im zweiten durchgelaufen. Hier der Log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15572 - hxxp://www.gmer.net
Rootkit scan 2011-05-03 00:12:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: 41r0c2wf.exe; Driver: C:\Users\rstarke\AppData\Local\Temp\pxliqfow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E40C360, 0x35BB38, 0xE8000020]
C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0xA3D37000]
.clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0xA3D38000, 0x1000, 0x00000000]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[3452] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 75B9B37C 4 Bytes [F0, 1F, 00, 10]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73A37817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73A8A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73A3BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73A2F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73A375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73A2E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73A68395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73A3DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73A2FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73A2FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73A271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73ABCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73A5C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73A2D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73A26853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73A2687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73A32AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[3452] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd1bd39
Reg HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001e4cd1bd39 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Jetzt mache ich mit OSAM weiter... |
|
03.05.2011, 00:26
| #15 |
| | TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" Das mit OSAM hat etwas gedauert, weilich keinen Entpacker hatte. Habe 7-Zip runtergeladen, dann entpackt und gestartet. Hier die Log-Datei: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 01:05:15 on 03.05.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FINDFAST.CPL" - "Microsoft Corporation" - C:\Windows\system32\FINDFAST.CPL "iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl "QuickTime.cpl" - "Apple Computer, Inc." - C:\Windows\system32\QuickTime.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\!RS-PR~1\Nokia\NOKIAP~1\CONNEC~1.CPL "PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\rstarke\AppData\Local\Temp\catchme.sys (File not found) "InCD File System" (InCDfs) - "Nero AG" - C:\Windows\System32\drivers\InCDFs.sys "InCD Reader" (incdrm) - "Nero AG" - C:\Windows\System32\drivers\InCDRm.sys "InCDPass" (InCDPass) - "Nero AG" - C:\Windows\System32\drivers\InCDPass.sys "InCDrec" (InCDrec) - "Nero AG" - C:\Windows\system32\drivers\InCDrec.sys "int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys "PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys "PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\Windows\System32\DRIVERS\SymIM.sys (File not found) "SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys (File not found) "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {0215258f-f0a8-49de-bf1b-0ff02eda8807} "DB2XMLPlugProt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\!rs-Programme\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\!rs-Programme\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {CAE3251E-9B15-4810-B268-852AD9792A59} "InCDShellExt Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\InCD\InCDshx.dll {B3D9AEDE-B2C3-406d-A254-6BE07767B08B} "InCDUdfPerm Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\InCD\InCDUP.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\!rs-Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\!rs-Programme\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? - (File not found | COM-object registry key not found) <binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\!rs-Programme\Toolbars\Internet Explorer\skypeieplugin.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\rstarke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Acer VCM.lnk" - "Acer Inc." - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe (Shortcut exists | File exists) "TMMonitor.lnk" - "ArcSoft, Inc." - C:\Program Files\!rs-Programme\MSI\ArcSoft TotalMedia\TMMonitor.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "PC Suite Tray" - "Nokia" - "C:\Program Files\!rs-Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "eAudio" - "CyberLink" - "C:\Acer\Empowering Technology\eAudio\eAudio.exe" "eDataSecurity Loader" - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "InCD" - "Nero AG" - C:\Program Files\Nero\Nero 7\InCD\InCD.exe "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\!rs-Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" "SecurDisc" - "Nero AG" - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe "WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "ALaunch Service" (ALaunchService) - ? - C:\Acer\ALaunch\ALaunchSvc.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe "eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe "eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe "eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe "ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe "eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe "eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe "InCD Helper" (InCDsrv) - "Nero AG" - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "Raw Socket Service" (RS_Service) - "Acer Inc." - C:\Program Files\Acer\Acer VCM\RS_Service.exe "ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe "TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\!rs-Programme\TeamViewer\Version6\TeamViewer_Service.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Dann habe ich MBRCheck runtergeladen, auf Desktop gespeichert und gestartet. Dabei kommt es zu einem Fehler undich weiss nicht, wie ich weiter machen soll. Habe MBRCheck_Abbruch.gif angehängt. Bitte lass mich wissen, wie ich nun weitermachen soll. Die bei der OSAM-Anleitung beschriebenen Schritte, dass man nach Anleitung eines Kompetenzler Einträge deaktivieren soll, sind auch noch offen. Mir war die Reihenfolge nicht klar, ob das nun noch vor dem MBRCheck geschehen sollte oder nicht. Danke und Grüße, Reinhard |
|
| Themen zu TR/Kazy.mekl.1 und Meldung "WTR Loader funktioniert nicht mehr" |
| alternate, antivir, autorun, avgntflt.sys, avira, bho, bildschirm, canon, desktop, diner dash, error, excel, fehler, flash player, format, frage, funktioniert nicht mehr, helper, home, iexplore.exe, install.exe, launch, location, logfile, nvlddmkm.sys, oldtimer, plug-in, popup, programm, realtek, rundll, saver, sched.exe, shell32.dll, skype.exe, software, start menu, studio, tr/kazy.mekl.1, trojaner, viren, vista, wtr loader |
Linear-Darstellung
